From f628ef98ae2030504a05408c1d25b18a1bf61308 Mon Sep 17 00:00:00 2001 From: mreeve-snl Date: Fri, 10 Nov 2023 17:03:17 -0500 Subject: [PATCH 01/29] Adding updates to troubleshooting to address the latest issues. --- docs/markdown/reference/troubleshooting.md | 65 +++++++++++++++++++++- 1 file changed, 64 insertions(+), 1 deletion(-) diff --git a/docs/markdown/reference/troubleshooting.md b/docs/markdown/reference/troubleshooting.md index e3cbf4fe..fa571117 100644 --- a/docs/markdown/reference/troubleshooting.md +++ b/docs/markdown/reference/troubleshooting.md @@ -89,7 +89,53 @@ By default the `ForwardedEvents` maximum log size is around 20MB so events will ### Events not forwarding from Domain Controllers Please be aware that Logging Made Easy does not currently support logging Domain Controllers, and the log volumes may be significant from servers with this role. If you wish to proceed forwarding logs from your Domain Controllers please be aware you do this at your own risk! Monitoring such servers has not been tested and may have unintended side effects. -### deploy.sh stalls on: wating for elasticsearch to connect + + + +### Space issues during install: +If there are size contstraints on your system and your system doesn't meet our expected requirements, you could run into issues like this [ISSUE](https://github.com/cisagov/LME/issues/19). + +You can try this: [DISK-SPACE-20.04](https://askubuntu.com/questions/1269493/ubuntu-server-20-04-1-lts-not-all-disk-space-was-allocated-during-installation) +``` +root@util:# vgdisplay +root@util:# lvextend -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv +root@util:~# resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv +``` + +### Containers restarting/not running: +Usually if you have issues with containers restarting there is probably something wrong with your host or the container itself. Lik in the above sample, a wrong password could be prevent the Elastic Stack from operating properly. You can check the container logs like so: +``` +#TO list the name of the container +sudo docker ps --format "{{.Names}}" + +#Using the above name you found, check its logs here. +sudo docker logs -f [CONTAINER_NAME] +``` +Hopefully that is enough to determine the issue, but below we have some common issues you could encounter: + +#### Directory Permission issues +If you encounter errors like [this](https://github.com/cisagov/LME/issues/15) in the container logs, probably your host ownership or permissions for mounted files, don't match what the container expects them to be. In this case the `/usr/share/elasticsearch/backups` which is mapped from `/opt/lme/backups` on the host. +You can see this in the [docker-compose-stack.yml](https://github.com/cisagov/LME/blob/main/Chapter%203%20Files/docker-compose-stack.yml) file: +``` +╰─$ cat Chapter\ 3\ Files/docker-compose-stack.yml | grep -i volume -A 5 + volumes: + - type: volume + source: esdata + target: /usr/share/elasticsearch/data + - type: bind + source: /opt/lme/backups + target: /usr/share/elasticsearch/backups +``` + +To fix this you can change the permissions to what the conatiner expects: +``` +sudo chown -R 1000:1000 /opt/lme/backups +``` +The user id in the container is 1000, so by setting the proper owner we fix the directory permission issue. +We know this by investigating the backing docker container image for elasticsearch [LINK](https://github.com/elastic/elasticsearch/blob/61d59b31a27448e3d7d28907717b1b8c23f52f3e/distribution/docker/src/docker/Dockerfile#L185) [GITHUB](https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile) + + +#### deploy.sh stalls on: wating for elasticsearch to connect This was a bug that was fixed in the current iteration of deploy.sh. This occurs if the `elastic` user password was already set in a previous deployment of LME. The easiest fix for this is to delete your old LME volumes as that will clear out any old settings that would be preventing install. ``` #DONT RUN THIS IF YOU HAVE DATA YOU WANT TO PRESERVE!! @@ -112,6 +158,23 @@ elasticsearch-reset-password -v -u elastic -i --url https://localhost:9200 ``` If the elasticsearch-reset-password is not available in your version of elasticsearch, you may be able to try recreating the container with a newer version of LME and running the same above steps. We have not tested this last suggestion, so attempting this last step won't be supported, but is worth a try if none of the above works. +### Elasticsearch fails to boot on Linux server +Sometimes environmental differences can make the installation process get screwed up [ISSUE](https://github.com/cisagov/LME/issues/21). If you have the luxury, you could perform a full reinstall: + +If you are unable to access https://, this is most likely because the elasticsearch service fails to run on the Linux server. To perform a full reinstall: +``` +cd /opt/lme/Chapter\ 3\ Files/ +sudo ./deploy.sh uninstall +#delete everything: +rm -r /opt/lme +#Reclone the LME repository into /opt/lme/: +git clone git@github.com:cisagov/LME.git /opt/lme/ +#Navigate back to Chapter 3 Files: +cd /opt/lme/Chapter\ 3\ Files/ +sudo ./deploy.sh install +#Save credentials, then continue with Chapter 3 installation +``` +Optionally you could uninstall docker entirely and reinstall it from the deploy.sh script. If you do end up removing Docker this link could be helpful: https://askubuntu.com/a/1021506. ## Chapter 4 and Beyond From e8cd89b0df86c12b889c79d9539ffd6895819d74 Mon Sep 17 00:00:00 2001 From: mreeve-snl Date: Fri, 10 Nov 2023 17:04:14 -0500 Subject: [PATCH 02/29] Added Filtering.md to documents to discuss how to filter out unnessecary logs --- docs/markdown/logging-guidance/filtering.md | 52 +++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 docs/markdown/logging-guidance/filtering.md diff --git a/docs/markdown/logging-guidance/filtering.md b/docs/markdown/logging-guidance/filtering.md new file mode 100644 index 00000000..b279947c --- /dev/null +++ b/docs/markdown/logging-guidance/filtering.md @@ -0,0 +1,52 @@ +# Filtering logs: + +There may come a time where a log is not particularly useful or an aspect of LME proves overly verbose (e.g.: [Dashboard spamming events](https://github.com/cisagov/LME/issues/22). We try our best to make everything useful by default but cannot predict every eventuality since all environments will be different. So to enable users to make the LME system more useful (and hopefully commit their own pull requests back with updates :) ), we are documenting here how you can filter out logs in the: + +1. Dashbaord +2. Host logging utility (e.g. winlogbeat) +3. Serverside (e.g. logstash) + +Have fun reading and applying these concepts + +## Dashboard: + +The below example shows a filter that can be applied to a search, and saved with a dashboard to filter out unneeded windows event log [4624](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4624) with a TargetUserName field that has a `$ `. +``` +{ + "bool": { + "filter": [ + { + "match_phrase": { + "event.code": "4624" + } + } + ], + "must_not": [ + { + "regexp": { + "winlog.event_data.TargetUserName": ".*$.*" + } + } + ] + } +} +``` + +To Add: +1. Click the `Add filter`: +2. Click `Edit as DSL` to add a regexp filter: + +More resources on this topic can be found here, and there are many more relevant examples on stackoverflow: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html + - https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#query-string-syntax + - https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html + +## Host Side: +``` +TBD Pending testing +``` + +## Server Side: +``` +TBD Pending testing +``` From 52f6df98bf6ac16019e6e82b141d5579d049f0cb Mon Sep 17 00:00:00 2001 From: Alden Hilton <106177711+adhilto@users.noreply.github.com> Date: Fri, 10 Nov 2023 15:19:09 -0800 Subject: [PATCH 03/29] Change "activate selected" to "Enable" --- docs/markdown/chapter4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/markdown/chapter4.md b/docs/markdown/chapter4.md index 1a763a5c..4853d266 100644 --- a/docs/markdown/chapter4.md +++ b/docs/markdown/chapter4.md @@ -60,7 +60,7 @@ From here, ensure that the maximum number of rows is shown so that all of the re ![Enable siem](/docs/imgs/siem5.png) -Lastly, select all of the displayed rules, expand "Bulk actions" and choose "Activate selected": +Lastly, select all of the displayed rules, expand "Bulk actions" and choose "Enable": ![Enable siem](/docs/imgs/alert-enable-menu.png) From 9ba1a3b70c5e4fabafb1aaafe827d71e6f6ad551 Mon Sep 17 00:00:00 2001 From: Alden Hilton <106177711+adhilto@users.noreply.github.com> Date: Fri, 10 Nov 2023 15:23:39 -0800 Subject: [PATCH 04/29] Changed "New - User Security" to "User Security" to reflect current dashboard name --- docs/markdown/chapter4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/markdown/chapter4.md b/docs/markdown/chapter4.md index 4853d266..13810a0f 100644 --- a/docs/markdown/chapter4.md +++ b/docs/markdown/chapter4.md @@ -29,7 +29,7 @@ sudo ./dashboard_update.sh ### 4.1.2 Check you are receiving logs -While on the Elastic home page, click on the hamburger icon on the left, then under "Analytics," find and click "Dashboard." From there, find and select "NEW - User Security." This will show a dashboard similar to Figure 2. +While on the Elastic home page, click on the hamburger icon on the left, then under "Analytics," find and click "Dashboard." From there, find and select "User Security." This will show a dashboard similar to Figure 2.

From f75fa176d03e01a42ebbf262ad6ae2c29c34a25a Mon Sep 17 00:00:00 2001 From: Alden Hilton <106177711+adhilto@users.noreply.github.com> Date: Fri, 10 Nov 2023 15:25:38 -0800 Subject: [PATCH 05/29] Updated dashboard count and location --- docs/markdown/chapter4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/markdown/chapter4.md b/docs/markdown/chapter4.md index 13810a0f..3ff281f1 100644 --- a/docs/markdown/chapter4.md +++ b/docs/markdown/chapter4.md @@ -103,7 +103,7 @@ If you have never used Kibana before, Elasticsearch has provided a number of vid Kibana comes with many useful features. In particular, make note of the following: ### 4.3.1 Dashboards -Found under both "Analytics" -> "Dashboard" and "Security" -> "Dashboard," dashboards are a great way to visualize LME data. LME comes with around many dashboards. Take some time to get familiar with the different dashboards already available. If interested in creating custom dashboards, see the link above for some starting points offered by Elasticsearch. +Found under both "Analytics" -> "Dashboard," dashboards are a great way to visualize LME data. LME comes with several dashboards. Take some time to get familiar with the different dashboards already available. If interested in creating custom dashboards, see the link above for some starting points offered by Elasticsearch. ### 4.3.2 Discover Found under "Analytics" -> "Discover," Discover allows you view raw events and craft custom filters to find events of interest. For example, to inspect all DNS queries made on a computer named "Example-1," you could insert the following query where it says "Filter your data using KQL syntax": From 5030c6b571c7fe05a9cc1cbf47e8068191388c70 Mon Sep 17 00:00:00 2001 From: Clint Baxley Date: Wed, 15 Nov 2023 07:03:23 -0500 Subject: [PATCH 06/29] Adds a script to export dashboards --- .gitignore | 4 + Chapter 4 Files/dashboards/Readme.md | 33 ++++++ Chapter 4 Files/export_dashboards.py | 165 +++++++++++++++++++++++++++ Chapter 4 Files/requirements.txt | 2 + testing/SetupTestbed.ps1 | 9 +- 5 files changed, 212 insertions(+), 1 deletion(-) create mode 100644 Chapter 4 Files/export_dashboards.py create mode 100644 Chapter 4 Files/requirements.txt diff --git a/.gitignore b/.gitignore index e9834201..476d50a7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,6 @@ *.pdf .DS_Store +/.idea/ +/.vscode/ +/Chapter 4 Files/*.dumped.ndjson +/Chapter 4 Files/exported/ diff --git a/Chapter 4 Files/dashboards/Readme.md b/Chapter 4 Files/dashboards/Readme.md index 260d8a4f..bc12cdd4 100644 --- a/Chapter 4 Files/dashboards/Readme.md +++ b/Chapter 4 Files/dashboards/Readme.md @@ -6,6 +6,37 @@ ./dashboard_update.sh ``` +## Exporting dashboards: +It is recommended that you export your dashboards before updating them, especially if you have customized them or created new ones. +To export the dashboards use the `export_dashboards.py` file in the Chapter 4 directory. +It is easiest to export them from the ubuntu machine where you have installed the ELK stack because the +default port and hostname are in the script. You will need the user and password for elastic that were printed +on your initial install. + +##### The files will be exported to `Chapter 4 Files/exported` + +#### Running on Ubuntu +Change to the `Chapter 4 Files` directory and run: +``` +./export_dashboards.py -u elastic -p YOURUNIQUEPASS +``` +The modules should already be installed on Ubuntu, but If the script complains about missing modules: +``` +pip install -r requirements.txt +``` + +#### Running on Windows +You must have python and the modules installed. (You can install python 3 from the Microsoft Store) Then make +sure you are in the `Chapter 4 Files` directory and install the requirements. +``` +pip install -r requirements.txt +``` + +You will probably have to pass the host that you connect to for kibana when running on windows. +``` +python .\export_dashboards.py -u elastic -p YOURUNIQUEPASS --host x.x.x.x +``` + ## Customizing dashboards: When customizing dashboards keep in mind to be sure the name of the file does not conflict with one on git. In future iterations of LME, updates will overwrite any dashboard file that you have customized or named the same as an original file that appears in this directory. @@ -13,3 +44,5 @@ In addition, any other dashboards you want to save in git and track in this repo 1. Creating your own local branch in this LME repo 2. Commiting any changes 3. pulling in changes from `main` to your local repo + + diff --git a/Chapter 4 Files/export_dashboards.py b/Chapter 4 Files/export_dashboards.py new file mode 100644 index 00000000..5cfe2367 --- /dev/null +++ b/Chapter 4 Files/export_dashboards.py @@ -0,0 +1,165 @@ +#!/usr/bin/env python3 +import argparse +import base64 +import json +import os +import re +import requests +from pathlib import Path +from urllib3.exceptions import InsecureRequestWarning + +# Suppress the InsecureRequestWarning (We are using a self-signed cert) +requests.packages.urllib3.disable_warnings(InsecureRequestWarning) + +ALL = 'all' + + +class Api: + def __init__(self, args): + self.ids = None + self.basic_auth = self.get_basic_auth(args.user, args.password) + self.root_url = f'https://{args.host}:{args.port}' + + def export_dashboards(self): + self.set_ids() + self.export_selected_dashboard(self.select_dashboard()) + + @staticmethod + def get_basic_auth(username, password): + return base64.b64encode(f"{username}:{password}".encode()).decode() + + def get_ids(self): + url = f'{self.root_url}/api/kibana/management/saved_objects/_find?perPage=500&page=1&fields=id&type=dashboard&sortField=updated_at&sortOrder=desc' + + try: + response = requests.get(url, headers={'Authorization': f'Basic {self.basic_auth}'}, verify=False) + + if response.status_code == 200: + data = response.json() + ids = {item['id']: item['meta']['title'] for item in data.get('saved_objects', [])} + return ids + else: + print(f"HTTP request failed with status code: {response.status_code}") + print(response.text) + return {} + except Exception as e: + print(f"An error occurred: {str(e)}") + return {} + + def set_ids(self, ids=None): + if ids is None: + ids = self.get_ids() + self.ids = ids + + def select_dashboard(self): + print("Please select a dashboard ID:") + item = 1 + choices = {} + + # Iterate through ids and display them with corresponding numbers + for this_id, title in self.ids.items(): + print(item, this_id, title) + choices[item] = this_id + item += 1 + + if item == 1: + print("I could not find any dashboards") + return + + choices[item] = ALL + print(item, "Select all dashboards") + + # Ask the user to select a number + while True: + try: + choice = int(input("Select a number: ")) + if choice in choices: + selected_id = choices[choice] + if selected_id == ALL: + return ALL # Return 'all' if the user selects all dashboards + else: + return selected_id # Return the selected dashboard ID + else: + print("Invalid choice. Please select a valid number.") + except ValueError: + print("Invalid input. Please enter a number.") + + def export_selected_dashboard(self, selected_dashboard): + if selected_dashboard == ALL: + print("You selected to export all dashboards") + self.dump_all_dashboards() + else: + print(f"You selected dashboard ID: {selected_dashboard}") + self.dump_dashboard(selected_dashboard) + + def dump_dashboard(self, selected_id): + print(f"Dumping dashboard: {selected_id}: {self.ids[selected_id]}...") + # Dumping dashboard: e5f203f0-6182-11ee-b035-d5f231e90733: User Security + + dashboard_json = self.get_dashboard_json(selected_id) + + if dashboard_json is not None: + script_dir = os.path.dirname(os.path.abspath(__file__)) + export_path = Path(script_dir) / 'exported' + os.makedirs(export_path, exist_ok=True) + + filename = re.sub(r"\W+", "_", self.ids[selected_id].lower()) + ".dumped.ndjson" + + print(f"Writing to file {filename}") + export_path = export_path / filename + + Api.write_to_file(export_path, dashboard_json) + return + + print("There was a problem dumping the dashboard") + + def dump_all_dashboards(self): + for this_id in self.ids: + self.dump_dashboard(this_id) + + def get_dashboard_json(self, selected_id): + url = f'{self.root_url}/api/saved_objects/_export' + data = { + "objects": [{"id": selected_id, "type": "dashboard"}], + "includeReferencesDeep": True + } + headers = { + "kbn-xsrf": "true", + 'Authorization': f'Basic {self.basic_auth}' + } + try: + response = requests.post(url, headers=headers, json=data, verify=False) + + if response.status_code == 200: + return response.text + else: + print(f"HTTP request failed with status code: {response.status_code}") + print(response.text) + return None + + except Exception as e: + print(f"An error occurred: {str(e)}") + return None + + @staticmethod + def write_to_file(filename, content): + with open(filename, 'w') as file: + file.write(content) + + +def main(): + # Define command-line arguments with defaults + parser = argparse.ArgumentParser(description='Retrieve IDs from Elasticsearch') + parser.add_argument('-u', '--user', required=True, help='Elasticsearch username') + parser.add_argument('-p', '--password', required=True, help='Elasticsearch password') + parser.add_argument('--host', default='localhost', help='Elasticsearch host (default: localhost)') + parser.add_argument('--port', default='443', help='Elasticsearch port (default: 443)') + args = parser.parse_args() + + api = Api(args) + + api.export_dashboards() + + +if __name__ == '__main__': + main() diff --git a/Chapter 4 Files/requirements.txt b/Chapter 4 Files/requirements.txt new file mode 100644 index 00000000..345bc273 --- /dev/null +++ b/Chapter 4 Files/requirements.txt @@ -0,0 +1,2 @@ +requests +urllib3 \ No newline at end of file diff --git a/testing/SetupTestbed.ps1 b/testing/SetupTestbed.ps1 index 5e772733..4aafb125 100644 --- a/testing/SetupTestbed.ps1 +++ b/testing/SetupTestbed.ps1 @@ -28,6 +28,12 @@ param ( )] $AutoShutdownEmail=$null, + [Alias("l")] + [Parameter( + HelpMessage="Location where the cluster will be built. Default westus" + )] + [string]$Location="westus", + [Alias("g")] [Parameter(Mandatory=$true)] [string]$ResourceGroup, @@ -59,7 +65,7 @@ $DcIP = "10.1.0.4" $LsIP = "10.1.0.5" #Default Azure Region: -$Location = "westus" +# $Location = "westus" #Domain information: $VMAdmin = "admin.ackbar" @@ -177,6 +183,7 @@ if ($NumClients -lt 1 -or $NumClients -gt 16) { ################ Write-Output "Supplied configuration:`n" +Write-Output "Location: $Location" Write-Output "Resource group: $ResourceGroup" Write-Output "Number of clients: $NumClients" Write-Output "Allowed sources (IP's): $AllowedSourcesList" From 77bd44674bddea5c6704e0bd46869fcb339ea712 Mon Sep 17 00:00:00 2001 From: Connor Aubry Date: Thu, 16 Nov 2023 13:58:13 -0800 Subject: [PATCH 07/29] Adding Compute Software Overview dashboard --- .../dashboards/computer_software_overview.ndjson | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 Chapter 4 Files/dashboards/computer_software_overview.ndjson diff --git a/Chapter 4 Files/dashboards/computer_software_overview.ndjson b/Chapter 4 Files/dashboards/computer_software_overview.ndjson new file mode 100644 index 00000000..a0c3c76f --- /dev/null +++ b/Chapter 4 Files/dashboards/computer_software_overview.ndjson @@ -0,0 +1,14 @@ +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[**Home**](#/dashboard/2ec4b730-eb6c-11e9-875d-ef4cb6c5875d) | [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) | [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) | [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:05:05.608Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-02T18:05:05.608Z","version":"WzMyNTIsNF0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":1},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":2},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.user_data.FilePath\":{\"count\":1},\"winlog.event_data.SourceImage\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:05:05.608Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-11-16T21:13:33.305Z","version":"WzEyOTc1LDExXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"vis_chc_select_host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_chc_select_host\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1588323783577\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host name\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:03:48.649Z","id":"feef3a20-8b8a-11ea-b1c6-a5bf39283f12","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-02T18:03:48.649Z","version":"WzI4MTUsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"vis_chc_host_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_chc_host_count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Hosts\",\"emptyAsNull\":false},\"schema\":\"metric\"}],\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-16T17:26:38.828Z","id":"664b28c0-8b8e-11ea-b1c6-a5bf39283f12","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-16T17:26:38.828Z","version":"WzExODIyLDExXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"vis_chc_filter_hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_chc_filter_hosts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Host name\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:03:48.649Z","id":"a96f1df0-8b8e-11ea-b1c6-a5bf39283f12","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-02T18:03:48.649Z","version":"WzI4MTcsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"title_chc_software","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"title_chc_software\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## Software\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:03:48.649Z","id":"916c04f0-8ee2-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-02T18:03:48.649Z","version":"WzI4MTgsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.code: \\\"1\\\" and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"vis_chc_least_used_processes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"colWidth\":[{\"colIndex\":0,\"width\":232.66666666666669},{\"colIndex\":2,\"width\":223.16666666666663},{\"colIndex\":1,\"width\":511.58333333333337},{\"colIndex\":3,\"width\":113.58333333333337}]}}}","version":1,"visState":"{\"title\":\"vis_chc_least_used_processes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.OriginalFileName\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Process\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.Description\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Description\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Process\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Host\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-16T20:30:01.979Z","id":"0bf66940-8ee3-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-16T20:30:01.979Z","version":"WzEyNDQ5LDExXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"1\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.code\":\"1\"}}},{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Sysmon\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"event.provider\":\"Microsoft-Windows-Sysmon\"}},\"$state\":{\"store\":\"appState\"}}]}"},"title":"Process - Select process","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Process - Select process\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1588691833657\",\"fieldName\":\"winlog.event_data.OriginalFileName\",\"parent\":\"\",\"label\":\"Process Executable\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1588856904285\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1588856886670\",\"fieldName\":\"winlog.event_data.ProcessId\",\"parent\":\"1588856904285\",\"label\":\"Process PID\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-16T16:18:00.611Z","id":"9ef86220-8ee3-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_2_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-16T16:18:00.611Z","version":"WzExMzQzLDExXQ=="} +{"attributes":{"columns":["host.name","winlog.event_data.param1","winlog.event_data.param11","winlog.event_data.param12","winlog.provider_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:1000 or event.code:1002\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_proc_crash","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:03:48.649Z","id":"f3b54a90-8f7d-11ea-adec-8b77111fa9c5","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-02T18:03:48.649Z","version":"WzI4MjAsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"vis_proc_crashes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_proc_crashes\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Date\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:03:48.649Z","id":"240b8f10-8f7e-11ea-adec-8b77111fa9c5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f3b54a90-8f7d-11ea-adec-8b77111fa9c5","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-02T18:03:48.649Z","version":"WzI4MjEsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_chc_crash_table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_chc_crash_table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.user_data.param1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Application\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"winlog.event_data.param1: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-16T21:34:52.605Z","id":"77ffb740-8f7e-11ea-adec-8b77111fa9c5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f3b54a90-8f7d-11ea-adec-8b77111fa9c5","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-16T21:34:52.605Z","version":"WzEzMjQzLDExXQ=="} +{"attributes":{"columns":["host.name","winlog.event_data.SourceImage","winlog.event_data.TargetImage"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:8 AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_chc_create_remote_thread","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:03:48.649Z","id":"9418f1b0-8f80-11ea-adec-8b77111fa9c5","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-16T21:28:49.676Z","version":"WzEzMDg4LDExXQ=="} +{"attributes":{"description":"Shows software running on hosts","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"178b2555-f944-4281-8501-9b6f6d0c44d8\"},\"panelIndex\":\"178b2555-f944-4281-8501-9b6f6d0c44d8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_178b2555-f944-4281-8501-9b6f6d0c44d8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":15,\"h\":10,\"i\":\"935703ac-d8b0-4f1b-b443-bc4eaf2d9980\"},\"panelIndex\":\"935703ac-d8b0-4f1b-b443-bc4eaf2d9980\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Select Host\",\"panelRefName\":\"panel_935703ac-d8b0-4f1b-b443-bc4eaf2d9980\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":15,\"y\":3,\"w\":7,\"h\":10,\"i\":\"1f4b6506-11ff-4993-8005-86a5f3487725\"},\"panelIndex\":\"1f4b6506-11ff-4993-8005-86a5f3487725\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Host Count\",\"panelRefName\":\"panel_1f4b6506-11ff-4993-8005-86a5f3487725\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":22,\"y\":3,\"w\":26,\"h\":10,\"i\":\"58de2df8-db1b-4349-97c3-4c84af48d300\"},\"panelIndex\":\"58de2df8-db1b-4349-97c3-4c84af48d300\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Filter Hosts\",\"panelRefName\":\"panel_58de2df8-db1b-4349-97c3-4c84af48d300\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":13,\"w\":48,\"h\":4,\"i\":\"71da6dff-3e35-4ed9-b8b3-a50857c5f8ca\"},\"panelIndex\":\"71da6dff-3e35-4ed9-b8b3-a50857c5f8ca\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_71da6dff-3e35-4ed9-b8b3-a50857c5f8ca\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":30,\"h\":15,\"i\":\"947b4399-b50d-43eb-9248-938c178091df\"},\"panelIndex\":\"947b4399-b50d-43eb-9248-938c178091df\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null},\"colWidth\":[{\"colIndex\":0,\"width\":213.66666666666669},{\"colIndex\":2,\"width\":164.16666666666663},{\"colIndex\":1,\"width\":497.58333333333337},{\"colIndex\":3,\"width\":103.58333333333337}]}}},\"title\":\"Processes\",\"panelRefName\":\"panel_947b4399-b50d-43eb-9248-938c178091df\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":17,\"w\":18,\"h\":15,\"i\":\"7b7ba97d-b9c1-4c45-a166-e029b4d85691\"},\"panelIndex\":\"7b7ba97d-b9c1-4c45-a166-e029b4d85691\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Search by Processes\",\"panelRefName\":\"panel_7b7ba97d-b9c1-4c45-a166-e029b4d85691\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":32,\"w\":24,\"h\":15,\"i\":\"d8ec6b8b-2b5b-4b58-b2b9-60ebac01817a\"},\"panelIndex\":\"d8ec6b8b-2b5b-4b58-b2b9-60ebac01817a\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Application Crashing and Hanging\",\"panelRefName\":\"panel_d8ec6b8b-2b5b-4b58-b2b9-60ebac01817a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":32,\"w\":24,\"h\":15,\"i\":\"acc7eeb8-22ea-43e9-95e1-6841b7d024a3\"},\"panelIndex\":\"acc7eeb8-22ea-43e9-95e1-6841b7d024a3\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Application Crashing and Hanging Count\",\"panelRefName\":\"panel_acc7eeb8-22ea-43e9-95e1-6841b7d024a3\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":15,\"i\":\"eb5b5b00-ab55-4996-8d89-11cd5ac1337a\"},\"panelIndex\":\"eb5b5b00-ab55-4996-8d89-11cd5ac1337a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"CreateRemoteThread events\",\"panelRefName\":\"panel_eb5b5b00-ab55-4996-8d89-11cd5ac1337a\"}]","timeRestore":false,"title":"Computer Software Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-16T21:16:29.392Z","id":"33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"178b2555-f944-4281-8501-9b6f6d0c44d8:panel_178b2555-f944-4281-8501-9b6f6d0c44d8","type":"visualization"},{"id":"feef3a20-8b8a-11ea-b1c6-a5bf39283f12","name":"935703ac-d8b0-4f1b-b443-bc4eaf2d9980:panel_935703ac-d8b0-4f1b-b443-bc4eaf2d9980","type":"visualization"},{"id":"664b28c0-8b8e-11ea-b1c6-a5bf39283f12","name":"1f4b6506-11ff-4993-8005-86a5f3487725:panel_1f4b6506-11ff-4993-8005-86a5f3487725","type":"visualization"},{"id":"a96f1df0-8b8e-11ea-b1c6-a5bf39283f12","name":"58de2df8-db1b-4349-97c3-4c84af48d300:panel_58de2df8-db1b-4349-97c3-4c84af48d300","type":"visualization"},{"id":"916c04f0-8ee2-11ea-904c-391ecaa2f2f4","name":"71da6dff-3e35-4ed9-b8b3-a50857c5f8ca:panel_71da6dff-3e35-4ed9-b8b3-a50857c5f8ca","type":"visualization"},{"id":"0bf66940-8ee3-11ea-904c-391ecaa2f2f4","name":"947b4399-b50d-43eb-9248-938c178091df:panel_947b4399-b50d-43eb-9248-938c178091df","type":"visualization"},{"id":"9ef86220-8ee3-11ea-904c-391ecaa2f2f4","name":"7b7ba97d-b9c1-4c45-a166-e029b4d85691:panel_7b7ba97d-b9c1-4c45-a166-e029b4d85691","type":"visualization"},{"id":"240b8f10-8f7e-11ea-adec-8b77111fa9c5","name":"d8ec6b8b-2b5b-4b58-b2b9-60ebac01817a:panel_d8ec6b8b-2b5b-4b58-b2b9-60ebac01817a","type":"visualization"},{"id":"77ffb740-8f7e-11ea-adec-8b77111fa9c5","name":"acc7eeb8-22ea-43e9-95e1-6841b7d024a3:panel_acc7eeb8-22ea-43e9-95e1-6841b7d024a3","type":"visualization"},{"id":"9418f1b0-8f80-11ea-adec-8b77111fa9c5","name":"eb5b5b00-ab55-4996-8d89-11cd5ac1337a:panel_eb5b5b00-ab55-4996-8d89-11cd5ac1337a","type":"search"}],"type":"dashboard","updated_at":"2023-11-16T21:16:29.392Z","version":"WzEzMDM3LDExXQ=="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":13,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file From e1b53b22fc12ade1fd96dc5e29b80abe70cf5164 Mon Sep 17 00:00:00 2001 From: "Grant (SNL)" <108766839+rgbrow1949@users.noreply.github.com> Date: Fri, 17 Nov 2023 03:25:08 +0000 Subject: [PATCH 08/29] User HR Dashboard Ready for Review and Release --- Chapter 4 Files/dashboards/user_hr.ndjson | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 Chapter 4 Files/dashboards/user_hr.ndjson diff --git a/Chapter 4 Files/dashboards/user_hr.ndjson b/Chapter 4 Files/dashboards/user_hr.ndjson new file mode 100644 index 00000000..f3ef1da1 --- /dev/null +++ b/Chapter 4 Files/dashboards/user_hr.ndjson @@ -0,0 +1,9 @@ +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":2},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"user.domain\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":2},\"winlog.event_data.TargetUserName\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-10T23:44:49.920Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-11-17T03:13:46.141Z","version":"WzIwODM5LDNd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"winlog.event_data.SubjectDomainName\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"winlog.event_data.TargetUserName\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-17T01:13:08.989Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-17T01:13:08.989Z","version":"WzE4MzQ5LDNd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - User activity title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - User activity title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## All user activity\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-10T23:44:49.920Z","id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-10T23:44:49.920Z","version":"WzU4NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - Logon title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Logon title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## Logon / Logoff events\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-10T23:44:49.920Z","id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-10T23:44:49.920Z","version":"WzU4OCwxXQ=="} +{"attributes":{"columns":["winlog.event_data.SubjectDomainName","winlog.event_data.TargetUserName","host.name","winlog.event_data.TargetLogonId"],"description":"","grid":{"columns":{"user.name":{"width":193},"winlog.event_data.SubjectDomainName":{"width":193}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"4624\\\" and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_data.LogonType\",\"value\":[\"2\",\"10\",\"11\",\"7\"],\"params\":[\"2\",\"10\",\"11\",\"7\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_data.LogonType\":\"2\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"10\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"11\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"7\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Interactive Logon search","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-10T23:44:49.920Z","id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-17T01:26:10.941Z","version":"WzE4NjM2LDNd"} +{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetDomainName","host.name","winlog.event_data.TargetLogonId"],"description":"","grid":{"columns":{"winlog.event_data.TargetDomainName":{"width":241},"winlog.event_data.TargetUserName":{"width":241}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:\\\"4634\\\" OR event.code:\\\"4647\\\" ) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-10T23:44:49.920Z","id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-17T01:31:36.365Z","version":"WzE4NzM1LDNd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HR - Interactive v Remote pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Interactive v Remote pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"label\":\"filters\",\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"segment\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_data.LogonType:2\",\"language\":\"lucene\"},\"label\":\"Interactive\"},{\"input\":{\"query\":\"winlog.event_data.LogonType:10\",\"language\":\"lucene\"},\"label\":\"RemoteInteractive\"}]}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-10T23:44:49.920Z","id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-10T23:44:49.920Z","version":"WzU5MSwxXQ=="} +{"attributes":{"description":"Overview of user activity for Human Resources\n","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":16,\"h\":12,\"i\":\"bf3efd15-6e7c-4a6e-bb30-e7b759306282\"},\"panelIndex\":\"bf3efd15-6e7c-4a6e-bb30-e7b759306282\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select domain(s) and username(s)\",\"panelRefName\":\"panel_bf3efd15-6e7c-4a6e-bb30-e7b759306282\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":0,\"w\":15,\"h\":12,\"i\":\"9401acd4-64d2-484d-a0dc-2647cc626e56\"},\"panelIndex\":\"9401acd4-64d2-484d-a0dc-2647cc626e56\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\",\"accessors\":[\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"splitAccessor\":\"fc23a029-309e-40a7-aeca-309fd8423ced\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\":{\"columns\":{\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\":{\"label\":\"Top 5 values of winlog.event_data.SubjectDomainName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectDomainName\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"fc23a029-309e-40a7-aeca-309fd8423ced\":{\"label\":\"Top 3 values of winlog.event_data.TargetUserName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5a238afa-9ffa-4568-8a43-6167c0a76b67\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"fc23a029-309e-40a7-aeca-309fd8423ced\",\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Users\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":31,\"y\":0,\"w\":17,\"h\":12,\"i\":\"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c\"},\"panelIndex\":\"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar\",\"layers\":[{\"layerId\":\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\",\"accessors\":[\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"22b4e313-2858-411e-a90b-911198fa34fe\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\":{\"columns\":{\"22b4e313-2858-411e-a90b-911198fa34fe\":{\"label\":\"Top 5 values of winlog.computer_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.computer_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"22b4e313-2858-411e-a90b-911198fa34fe\",\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Computers\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":12,\"w\":48,\"h\":4,\"i\":\"04b8ad89-b259-4d40-a6f7-40bd85498ee5\"},\"panelIndex\":\"04b8ad89-b259-4d40-a6f7-40bd85498ee5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_04b8ad89-b259-4d40-a6f7-40bd85498ee5\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":16,\"w\":24,\"h\":15,\"i\":\"bf9f9a7e-eced-42ad-9d72-193778290f71\"},\"panelIndex\":\"bf9f9a7e-eced-42ad-9d72-193778290f71\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"6bfbd839-8497-464d-a473-26c01d5ba342\",\"accessors\":[\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\",\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6bfbd839-8497-464d-a473-26c01d5ba342\":{\"columns\":{\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\":{\"label\":\"Median of day_of_week\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"day_of_week\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}},\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\":{\"label\":\"Median of hour_of_day\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"hour_of_day\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\",\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\",\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"All User Events by Day of Week, Hour of Day\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":31,\"w\":48,\"h\":4,\"i\":\"110dc89e-1139-438c-88a9-1914a7b12725\"},\"panelIndex\":\"110dc89e-1139-438c-88a9-1914a7b12725\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_110dc89e-1139-438c-88a9-1914a7b12725\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":24,\"h\":15,\"i\":\"c28b411d-3dc3-472a-acd9-05ad0a1964b7\"},\"panelIndex\":\"c28b411d-3dc3-472a-acd9-05ad0a1964b7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logon events (filter by LogonId)\",\"panelRefName\":\"panel_c28b411d-3dc3-472a-acd9-05ad0a1964b7\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":35,\"w\":24,\"h\":15,\"i\":\"c3bc3c62-3c16-482c-b377-ecc40a21bc0a\"},\"panelIndex\":\"c3bc3c62-3c16-482c-b377-ecc40a21bc0a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logoff events (correlate to logon events)\",\"panelRefName\":\"panel_c3bc3c62-3c16-482c-b377-ecc40a21bc0a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":50,\"w\":24,\"h\":15,\"i\":\"d40424ec-2e13-4d8c-a942-95652715c75f\"},\"panelIndex\":\"d40424ec-2e13-4d8c-a942-95652715c75f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"In person vs Remote logons\",\"panelRefName\":\"panel_d40424ec-2e13-4d8c-a942-95652715c75f\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":16,\"w\":24,\"h\":15,\"i\":\"cbb939c6-5de5-478a-813f-fa5aabff530a\"},\"panelIndex\":\"cbb939c6-5de5-478a-813f-fa5aabff530a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"f46d1729-4bd5-4219-9973-01913c208fef\",\"accessors\":[\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f46d1729-4bd5-4219-9973-01913c208fef\":{\"columns\":{\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"800c3857-3c9c-4fc5-a403-3fcbede05599\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\",\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Timestamps by Count\"}]","timeRestore":false,"title":"User HR ","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-17T03:21:21.837Z","id":"618bc5d0-84f8-11ee-9838-ff0db128d8b2","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"bf3efd15-6e7c-4a6e-bb30-e7b759306282:panel_bf3efd15-6e7c-4a6e-bb30-e7b759306282","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"9401acd4-64d2-484d-a0dc-2647cc626e56:indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c:indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2","type":"index-pattern"},{"id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","name":"04b8ad89-b259-4d40-a6f7-40bd85498ee5:panel_04b8ad89-b259-4d40-a6f7-40bd85498ee5","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"bf9f9a7e-eced-42ad-9d72-193778290f71:indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342","type":"index-pattern"},{"id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","name":"110dc89e-1139-438c-88a9-1914a7b12725:panel_110dc89e-1139-438c-88a9-1914a7b12725","type":"visualization"},{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"c28b411d-3dc3-472a-acd9-05ad0a1964b7:panel_c28b411d-3dc3-472a-acd9-05ad0a1964b7","type":"search"},{"id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","name":"c3bc3c62-3c16-482c-b377-ecc40a21bc0a:panel_c3bc3c62-3c16-482c-b377-ecc40a21bc0a","type":"search"},{"id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","name":"d40424ec-2e13-4d8c-a942-95652715c75f:panel_d40424ec-2e13-4d8c-a942-95652715c75f","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"cbb939c6-5de5-478a-813f-fa5aabff530a:indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef","type":"index-pattern"}],"type":"dashboard","updated_at":"2023-11-17T03:21:21.837Z","version":"WzIxMDQ5LDNd"} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":8,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file From b64df4de692d76274672b6ca45bf5e4b3d42442e Mon Sep 17 00:00:00 2001 From: Clint Baxley Date: Fri, 17 Nov 2023 06:12:27 -0500 Subject: [PATCH 09/29] Bump Elasticsearch Version --- Chapter 3 Files/docker-compose-stack.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Chapter 3 Files/docker-compose-stack.yml b/Chapter 3 Files/docker-compose-stack.yml index 0fb59abd..25d893d7 100644 --- a/Chapter 3 Files/docker-compose-stack.yml +++ b/Chapter 3 Files/docker-compose-stack.yml @@ -5,7 +5,7 @@ version: '3.9' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.7.1 + image: docker.elastic.co/elasticsearch/elasticsearch:8.11.1 environment: - node.name=es01 # - discovery.seed_hosts=es01 @@ -65,7 +65,7 @@ services: # depends_on: # elasticsearch: # condition: service_healthy - image: docker.elastic.co/kibana/kibana:8.7.1 + image: docker.elastic.co/kibana/kibana:8.11.1 environment: SERVER_NAME: kibana ELASTICSEARCH_HOSTS: https://elasticsearch:9200 @@ -101,7 +101,7 @@ services: retries: 120 logstash: - image: docker.elastic.co/logstash/logstash:8.7.1 + image: docker.elastic.co/logstash/logstash:8.11.1 environment: XPACK_MONITORING_ENABLED: "false" PIPELINE_ECS_COMPATIBILITY: v8 From d62e50adcedcb4f00041c12b9921847fbf9de5ee Mon Sep 17 00:00:00 2001 From: Clint Baxley Date: Fri, 17 Nov 2023 06:19:17 -0500 Subject: [PATCH 10/29] Bump version in readme --- docs/markdown/maintenance/upgrading.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/markdown/maintenance/upgrading.md b/docs/markdown/maintenance/upgrading.md index bdb28433..5cdc2a00 100644 --- a/docs/markdown/maintenance/upgrading.md +++ b/docs/markdown/maintenance/upgrading.md @@ -85,7 +85,7 @@ LME v1.0 make a minor change to the file structure used in the SYSVOL folder, so 3. Update the path to update.bat used in the LME-Sysmon-Task GPO (refer to [2.2.3 - Scheduled task GPO Policy](/docs/markdown/chapter2.md#223---scheduled-task-gpo-policy)). #### 1.1.4 Checklist -1. Have the ELK stack components been upgraded on the Linux server? While on the Linux server, run `sudo docker ps | grep lme`. Version 8.7.1 of Logstash, Kibana, and Elasticsearch should be running. +1. Have the ELK stack components been upgraded on the Linux server? While on the Linux server, run `sudo docker ps | grep lme`. Version 8.11.1 of Logstash, Kibana, and Elasticsearch should be running. 2. Has Winlogbeat been updated to version 8.5.0? From Event Collector, using PowerShell, navigate to the location of the Winlogbeat executable ("C:\Program Files\lme\winlogbeat-x.x.x-windows-x86_64") and run `.\winlogbeat version`. 3. Is the LME folder inside SYSVOL properly structured? Refer to the checklist listed at the end of chapter 2. 4. Are the events from all clients visible inside elastic? Refer to [4.1.2 Check you are receiving logs](/docs/markdown/chapter4.md#412-check-you-are-receiving-logs). From 92ac3de5fb576b43c9e394ef018580ee9a07d6f3 Mon Sep 17 00:00:00 2001 From: ddiabe <133152385+ddiabe@users.noreply.github.com> Date: Fri, 17 Nov 2023 13:09:15 -0500 Subject: [PATCH 11/29] adding alert dashboard (#46) Co-authored-by: Diabe <0743724407@HQ.DHS.GOV> Co-authored-by: Michael Reeves <147089975+mreeve-snl@users.noreply.github.com> --- dasboards/Alerting_dasboard.ndjson | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 dasboards/Alerting_dasboard.ndjson diff --git a/dasboards/Alerting_dasboard.ndjson b/dasboards/Alerting_dasboard.ndjson new file mode 100644 index 00000000..4bea8db4 --- /dev/null +++ b/dasboards/Alerting_dasboard.ndjson @@ -0,0 +1,19 @@ +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Security Overview](#/dashboard/9f302900-8ac7-11ea-b703-43c01853c348) | [Alerting](#/dashboard/ac1078e0-8a32-11ea-8939-89f508ff7909) | [User Explorer](#/dashboard/56d633d0-849a-11ea-b7fb-01bea49d9239) | [User Logons](#/dashboard/10c9e640-860f-11ea-a720-c7a0431f179d) | [Process Explorer](#/dashboard/f8eec760-8ee3-11ea-904c-391ecaa2f2f4) | [Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12) | [Logging Diagnostics](#/dashboard/ff455d20-9511-11ea-974f-b95a6148fe83)\",\"openLinksInNewTab\":false},\"title\":\"Dashboard Menu\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.7.1","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-05-05T01:00:03.100Z","version":"WzI5NDksMl0="} +{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","runtimeFieldMap":"{\"Column1\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { if (doc['process.pid'].size() != 0) { emit (doc['process.pid'].value.toString()) } } else if(doc['event.code'].value.equals(Integer.toString(3))) { if (doc['destination.address'].size() != 0) { emit (doc['destination.address'].value.toString()) } } } emit (\\\"No Data\\\") } } emit (\\\"Signal Closed\\\")\"}},\"Column2\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { def args = \\\"\\\"; if (doc['process.args'].size() != 0) { for(int i=0; i Date: Fri, 17 Nov 2023 13:24:46 -0500 Subject: [PATCH 12/29] Add a command to allow the execution of the winlogbeat.exe file (#38) Co-authored-by: Clint Baxley --- docs/markdown/chapter3/chapter3.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/markdown/chapter3/chapter3.md b/docs/markdown/chapter3/chapter3.md index 3a74c219..ed4d3391 100644 --- a/docs/markdown/chapter3/chapter3.md +++ b/docs/markdown/chapter3/chapter3.md @@ -221,6 +221,7 @@ Figure 3: Winlogbeat Install Location Then, move the 'winlogbeat.yml' file located at ```C:\Program Files\lme\winlogbeat.yml``` into the winlogbeat folder ```C:\Program Files\lme\winlogbeat-8.[x].[y]-windows-x86_64```, overwriting the existing file when prompted to do so. Now, open PowerShell as an administrator and run the following command from the winlogbeat directory, allowing the script to run if prompted to do so: ```./install-service-winlogbeat.ps1``` +If you receive a permissions error you can run ```Set-ExecutionPolicy Unrestricted -Scope Process``` to be able to run the installer. ![Winlogbeat Install Script](/docs/imgs/winlogbeat-install.png)

From 0c24d6eace87bbc20f6099d092345d36e6d85c7f Mon Sep 17 00:00:00 2001 From: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Date: Fri, 17 Nov 2023 19:40:28 +0000 Subject: [PATCH 13/29] add process_explorer.ndjson file (#37) Co-authored-by: root Co-authored-by: Connor <107427279+causand22@users.noreply.github.com> --- Chapter 4 Files/dashboards/process_explorer.ndjson | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 Chapter 4 Files/dashboards/process_explorer.ndjson diff --git a/Chapter 4 Files/dashboards/process_explorer.ndjson b/Chapter 4 Files/dashboards/process_explorer.ndjson new file mode 100644 index 00000000..3ab4f6dd --- /dev/null +++ b/Chapter 4 Files/dashboards/process_explorer.ndjson @@ -0,0 +1,9 @@ +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[**Home**](#/dashboard/2ec4b730-eb6c-11e9-875d-ef4cb6c5875d) | [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) | [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) | [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-08T00:21:41.174Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-08T00:21:41.174Z","version":"WzEwODQsMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"customLabel\":\"Hostname\",\"count\":9},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":8},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"customLabel\":\"Process ID\",\"count\":2},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":2},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"process.command_line.text\":{\"count\":2},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.ProcessPath\":{\"count\":2},\"winlog.event_data.ProcessPid\":{\"count\":2},\"winlog.event_id\":{\"count\":1},\"winlog.process.pid\":{\"count\":1},\"file.hash.md5\":{\"count\":3},\"file.hash.sha1\":{\"count\":1},\"file.hash.sha256\":{\"count\":2},\"hash.md5\":{\"count\":2},\"hash.sha256\":{\"count\":2},\"powershell.process.executable_version\":{\"count\":2},\"process.executable\":{\"count\":2},\"process.hash.md5\":{\"count\":1},\"process.hash.sha256\":{\"count\":2},\"sysmon.file.is_executable\":{\"count\":1},\"threat.indicator.file.hash.sha256\":{\"count\":1},\"tls.client.hash.sha256\":{\"count\":1},\"winlog.event_data.CommandLine\":{\"customLabel\":\"Command line\",\"count\":2},\"winlog.event_data.FileName\":{\"count\":1},\"winlog.event_data.Hash\":{\"count\":3},\"winlog.event_data.Hashes\":{\"count\":1},\"winlog.event_data.IsExecutable\":{\"count\":1},\"winlog.event_data.NewProcessName\":{\"count\":2},\"winlog.event_data.User\":{\"customLabel\":\"User\",\"count\":2},\"winlog.event_data.UserContext\":{\"count\":1},\"winlog.event_data.UserName\":{\"count\":4},\"winlog.process.thread.id\":{\"count\":1},\"winlog.event_data.ParentProcessId\":{\"customLabel\":\"Parent Process ID\",\"count\":1},\"winlog.event_data.IntegrityLevel\":{\"customLabel\":\"Integrity Level\",\"count\":1},\"user.name\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\"}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-08T00:21:41.174Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-11-15T19:49:10.324Z","version":"WzE0NzQyLDFd"} +{"attributes":{"columns":["host.name","winlog.event_data.ProcessId","winlog.event_data.ParentProcessId","winlog.event_data.CommandLine","winlog.event_data.User","winlog.event_data.IntegrityLevel"],"description":"","grid":{"columns":{"host.name":{"width":202},"winlog.event_data.IntegrityLevel":{"width":238},"winlog.event_data.ParentProcessId":{"width":141},"winlog.event_data.ProcessId":{"width":116}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:1 AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Process Spawn Event Logs","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-08T00:21:37.041Z","id":"6b57dff0-8f78-11ea-adec-8b77111fa9c5","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-15T19:49:49.131Z","version":"WzE0NzY1LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Process - Spawned area ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Process - Spawned area \",\"type\":\"area\",\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"labels\":{},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD\"}},\"params\":{\"date\":true,\"interval\":\"P1D\",\"intervalESValue\":1,\"intervalESUnit\":\"d\",\"format\":\"YYYY-MM-DD\",\"bounds\":{\"min\":\"2020-01-22T16:30:25.973Z\",\"max\":\"2020-05-06T15:30:25.973Z\"}},\"label\":\"@timestamp per day\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15w\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-08T00:21:37.041Z","id":"947d1bd0-8fae-11ea-adec-8b77111fa9c5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"6b57dff0-8f78-11ea-adec-8b77111fa9c5","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-08T00:21:37.041Z","version":"WzgxMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.code:1 and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Process - hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Process - hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Total Processes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"host.name: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-15T01:08:59.932Z","id":"784abb80-8ee5-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-15T01:08:59.932Z","version":"WzEyNDA5LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"1\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.code\":\"1\"}}},{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Sysmon\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"event.provider\":\"Microsoft-Windows-Sysmon\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Process - Users bar","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Process - Users bar\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.User\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now/w\",\"to\":\"now/w\"},\"useNormalizedEsInterval\":true,\"extendToTimeRange\":false,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"3h\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"user.name: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\",\"radiusRatio\":0,\"truncateLegend\":true,\"maxLegendLines\":1}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-15T19:58:03.581Z","id":"3082d6f0-8f78-11ea-adec-8b77111fa9c5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-15T19:58:03.581Z","version":"WzE0OTUwLDFd"} +{"attributes":{"columns":["host.name","winlog.event_data.EventType","winlog.event_data.TargetObject","winlog.event_data.Details"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:12 or event.code:13 or event.code:14) AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Process - Registry events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-08T00:21:37.041Z","id":"ea755df0-8f99-11ea-adec-8b77111fa9c5","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-15T22:49:45.242Z","version":"WzE2NTk4LDFd"} +{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"ac23c14f-b7b7-4243-be2e-63f640eda99c\":{\"type\":\"timeSlider\",\"order\":0,\"grow\":true,\"width\":\"large\",\"explicitInput\":{\"id\":\"ac23c14f-b7b7-4243-be2e-63f640eda99c\",\"title\":\"Time slider\",\"enhancements\":{}}},\"55e8d8a9-91b2-4dc1-b0a8-a9de490e1257\":{\"type\":\"optionsListControl\",\"order\":2,\"grow\":false,\"width\":\"large\",\"explicitInput\":{\"id\":\"55e8d8a9-91b2-4dc1-b0a8-a9de490e1257\",\"fieldName\":\"winlog.event_data.ProcessName\",\"title\":\"winlog.event_data.ProcessName\",\"enhancements\":{}}},\"7369fc1c-301c-40c1-87a6-c5f0c2d0c63d\":{\"type\":\"optionsListControl\",\"order\":3,\"grow\":false,\"width\":\"large\",\"explicitInput\":{\"id\":\"7369fc1c-301c-40c1-87a6-c5f0c2d0c63d\",\"fieldName\":\"winlog.event_data.NewProcessName\",\"title\":\"winlog.event_data.NewProcessName\",\"enhancements\":{}}},\"4bb375d8-94da-4310-80ff-8ee6a8971394\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":false,\"width\":\"small\",\"explicitInput\":{\"id\":\"4bb375d8-94da-4310-80ff-8ee6a8971394\",\"fieldName\":\"host.name\",\"title\":\"host.name\",\"enhancements\":{}}},\"41ef4856-7dab-4003-b3c2-bb421f65420b\":{\"type\":\"rangeSliderControl\",\"order\":4,\"grow\":false,\"width\":\"medium\",\"explicitInput\":{\"id\":\"41ef4856-7dab-4003-b3c2-bb421f65420b\",\"fieldName\":\"winlog.process.pid\",\"title\":\"winlog.process.pid\",\"enhancements\":{}}}}"},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"66249585-639b-453a-9d71-cfc90efafd11\"},\"panelIndex\":\"66249585-639b-453a-9d71-cfc90efafd11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_66249585-639b-453a-9d71-cfc90efafd11\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":15,\"i\":\"2cb3c5a0-bf16-43b4-a69d-73012062f55b\"},\"panelIndex\":\"2cb3c5a0-bf16-43b4-a69d-73012062f55b\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Process spawns over time\",\"panelRefName\":\"panel_2cb3c5a0-bf16-43b4-a69d-73012062f55b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":15,\"i\":\"78123b3a-baaa-497b-b1f3-d1fb1ce5a50f\"},\"panelIndex\":\"78123b3a-baaa-497b-b1f3-d1fb1ce5a50f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Hosts\",\"panelRefName\":\"panel_78123b3a-baaa-497b-b1f3-d1fb1ce5a50f\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"9a28d907-c8ef-4815-8ebc-ac897b19ab48\"},\"panelIndex\":\"9a28d907-c8ef-4815-8ebc-ac897b19ab48\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Process - Users (converted)\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-b43b035f-4bf5-4166-a5f4-dbfb6d30f500\"},{\"type\":\"index-pattern\",\"name\":\"3453bdf5-ec06-4b90-962f-15b4ffe3e460\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\"},{\"type\":\"index-pattern\",\"name\":\"9ef33492-9992-417b-b642-f04d1995c316\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\"}],\"state\":{\"visualization\":{\"layerId\":\"b43b035f-4bf5-4166-a5f4-dbfb6d30f500\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"48e5a1a9-04d8-4411-a5c9-5588d10dd562\",\"alignment\":\"left\",\"hidden\":true},{\"columnId\":\"12f20e93-46d3-4931-926b-91fbf9177d4e\",\"alignment\":\"left\"},{\"columnId\":\"91a8b04b-519b-49c6-a9be-bb1f0cd17431\",\"alignment\":\"left\"}],\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\",\"headerRowHeight\":\"single\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"1\"},\"type\":\"phrase\",\"index\":\"3453bdf5-ec06-4b90-962f-15b4ffe3e460\"},\"query\":{\"match_phrase\":{\"event.code\":\"1\"}}},{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Sysmon\"},\"index\":\"9ef33492-9992-417b-b642-f04d1995c316\"},\"query\":{\"match_phrase\":{\"event.provider\":\"Microsoft-Windows-Sysmon\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"b43b035f-4bf5-4166-a5f4-dbfb6d30f500\":{\"columns\":{\"12f20e93-46d3-4931-926b-91fbf9177d4e\":{\"label\":\"Domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"alphabetical\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"91a8b04b-519b-49c6-a9be-bb1f0cd17431\":{\"label\":\"Username\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.User\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"alphabetical\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"48e5a1a9-04d8-4411-a5c9-5588d10dd562\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"12f20e93-46d3-4931-926b-91fbf9177d4e\",\"91a8b04b-519b-49c6-a9be-bb1f0cd17431\",\"48e5a1a9-04d8-4411-a5c9-5588d10dd562\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Users\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":15,\"i\":\"b6b8e77e-67f7-42ce-a835-650ad795834f\"},\"panelIndex\":\"b6b8e77e-67f7-42ce-a835-650ad795834f\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Processes created by users over time\",\"panelRefName\":\"panel_b6b8e77e-67f7-42ce-a835-650ad795834f\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":33,\"w\":48,\"h\":17,\"i\":\"be6f4ac3-8e87-417b-9083-0f5eb11e8cdd\"},\"panelIndex\":\"be6f4ac3-8e87-417b-9083-0f5eb11e8cdd\",\"embeddableConfig\":{\"enhancements\":{},\"columns\":[\"@timestamp\",\"host.name\",\"winlog.event_data.CommandLine\",\"winlog.event_data.User\",\"winlog.event_data.IntegrityLevel\",\"winlog.event_data.ProcessId\",\"winlog.event_data.ParentProcessId\"]},\"title\":\"Process spawn event logs (Sysmon ID 1)\",\"panelRefName\":\"panel_be6f4ac3-8e87-417b-9083-0f5eb11e8cdd\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":50,\"w\":24,\"h\":15,\"i\":\"772befa4-51f2-4ba0-9e6b-6877a8ee553f\"},\"panelIndex\":\"772befa4-51f2-4ba0-9e6b-6877a8ee553f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Process - Files created (converted)\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-7d4de8b9-aedd-485a-8e8c-2e2d80c9ea0a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\",\"shouldTruncate\":true,\"maxLines\":1,\"showSingleSeries\":true},\"valueLabels\":\"hide\",\"fittingFunction\":\"Zero\",\"curveType\":\"LINEAR\",\"yTitle\":\"Count\",\"showCurrentTimeMarker\":false,\"valuesInLegend\":false,\"yLeftExtent\":{\"mode\":\"full\",\"enforce\":true},\"yLeftScale\":\"linear\",\"yRightScale\":\"linear\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":-90},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"7d4de8b9-aedd-485a-8e8c-2e2d80c9ea0a\",\"accessors\":[\"16954d93-9a3b-4390-9640-55264e3115b5\"],\"layerType\":\"data\",\"seriesType\":\"area\",\"xAccessor\":\"1ef9e5be-e927-4990-bb15-2de35d808f23\",\"simpleView\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"yConfig\":[{\"forAccessor\":\"16954d93-9a3b-4390-9640-55264e3115b5\",\"axisMode\":\"left\"}],\"xScaleType\":\"time\",\"isHistogram\":true}]},\"query\":{\"query\":\"event.code:11 AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" AND winlog.event_data.RuleName : \\\"Downloads\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7d4de8b9-aedd-485a-8e8c-2e2d80c9ea0a\":{\"columns\":{\"1ef9e5be-e927-4990-bb15-2de35d808f23\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":false,\"dropPartials\":false},\"customLabel\":true},\"16954d93-9a3b-4390-9640-55264e3115b5\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"1ef9e5be-e927-4990-bb15-2de35d808f23\",\"16954d93-9a3b-4390-9640-55264e3115b5\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Files created (in Downloads)\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":50,\"w\":24,\"h\":15,\"i\":\"6c61dd99-e6d0-48af-88ca-3618a4e7ef77\"},\"panelIndex\":\"6c61dd99-e6d0-48af-88ca-3618a4e7ef77\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Process - Files created table (converted)\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-46659b78-af58-4938-943e-f7c1173e94cf\"}],\"state\":{\"visualization\":{\"layerId\":\"46659b78-af58-4938-943e-f7c1173e94cf\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"cee95ad8-4116-4233-ade1-eaa093c956d7\"},{\"columnId\":\"ba56a5b3-a8cd-4a85-b924-a5eab3ade458\",\"alignment\":\"left\",\"isTransposed\":false,\"hidden\":true},{\"columnId\":\"367b1674-0d06-4140-9ff0-b73cabec99b5\",\"isTransposed\":false}],\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\",\"headerRowHeight\":\"single\",\"sorting\":{\"columnId\":\"367b1674-0d06-4140-9ff0-b73cabec99b5\",\"direction\":\"desc\"}},\"query\":{\"query\":\"event.code:11 AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" AND winlog.event_data.RuleName : \\\"Downloads\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"46659b78-af58-4938-943e-f7c1173e94cf\":{\"columns\":{\"cee95ad8-4116-4233-ade1-eaa093c956d7\":{\"label\":\"Process - files created\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetFilename\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"custom\"},\"orderAgg\":{\"label\":\"Count of winlog.event_data.CreationUtcTime\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"winlog.event_data.CreationUtcTime\",\"params\":{\"emptyAsNull\":true}},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"ba56a5b3-a8cd-4a85-b924-a5eab3ade458\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"367b1674-0d06-4140-9ff0-b73cabec99b5\":{\"label\":\"Creation time\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.CreationUtcTime\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"custom\"},\"orderAgg\":{\"label\":\"Count of winlog.event_data.CreationUtcTime\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"winlog.event_data.CreationUtcTime\",\"params\":{\"emptyAsNull\":true}},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"cee95ad8-4116-4233-ade1-eaa093c956d7\",\"367b1674-0d06-4140-9ff0-b73cabec99b5\",\"ba56a5b3-a8cd-4a85-b924-a5eab3ade458\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Files created over time (in Downloads)\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":65,\"w\":48,\"h\":15,\"i\":\"502494bd-c9c5-4f2a-a85f-ffc27cec088e\"},\"panelIndex\":\"502494bd-c9c5-4f2a-a85f-ffc27cec088e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Registry events (Sysmon 12, 13, 14)\",\"panelRefName\":\"panel_502494bd-c9c5-4f2a-a85f-ffc27cec088e\"}]","timeRestore":false,"title":"Process Explorer","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-15T22:57:21.013Z","id":"f2cbc110-8400-11ee-a3de-f1bc0525ad6c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"66249585-639b-453a-9d71-cfc90efafd11:panel_66249585-639b-453a-9d71-cfc90efafd11","type":"visualization"},{"id":"947d1bd0-8fae-11ea-adec-8b77111fa9c5","name":"2cb3c5a0-bf16-43b4-a69d-73012062f55b:panel_2cb3c5a0-bf16-43b4-a69d-73012062f55b","type":"visualization"},{"id":"784abb80-8ee5-11ea-904c-391ecaa2f2f4","name":"78123b3a-baaa-497b-b1f3-d1fb1ce5a50f:panel_78123b3a-baaa-497b-b1f3-d1fb1ce5a50f","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"9a28d907-c8ef-4815-8ebc-ac897b19ab48:indexpattern-datasource-layer-b43b035f-4bf5-4166-a5f4-dbfb6d30f500","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"9a28d907-c8ef-4815-8ebc-ac897b19ab48:3453bdf5-ec06-4b90-962f-15b4ffe3e460","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"9a28d907-c8ef-4815-8ebc-ac897b19ab48:9ef33492-9992-417b-b642-f04d1995c316","type":"index-pattern"},{"id":"3082d6f0-8f78-11ea-adec-8b77111fa9c5","name":"b6b8e77e-67f7-42ce-a835-650ad795834f:panel_b6b8e77e-67f7-42ce-a835-650ad795834f","type":"visualization"},{"id":"6b57dff0-8f78-11ea-adec-8b77111fa9c5","name":"be6f4ac3-8e87-417b-9083-0f5eb11e8cdd:panel_be6f4ac3-8e87-417b-9083-0f5eb11e8cdd","type":"search"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"772befa4-51f2-4ba0-9e6b-6877a8ee553f:indexpattern-datasource-layer-7d4de8b9-aedd-485a-8e8c-2e2d80c9ea0a","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"6c61dd99-e6d0-48af-88ca-3618a4e7ef77:indexpattern-datasource-layer-46659b78-af58-4938-943e-f7c1173e94cf","type":"index-pattern"},{"id":"ea755df0-8f99-11ea-adec-8b77111fa9c5","name":"502494bd-c9c5-4f2a-a85f-ffc27cec088e:panel_502494bd-c9c5-4f2a-a85f-ffc27cec088e","type":"search"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"controlGroup_55e8d8a9-91b2-4dc1-b0a8-a9de490e1257:optionsListDataView","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"controlGroup_7369fc1c-301c-40c1-87a6-c5f0c2d0c63d:optionsListDataView","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"controlGroup_4bb375d8-94da-4310-80ff-8ee6a8971394:optionsListDataView","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"controlGroup_41ef4856-7dab-4003-b3c2-bb421f65420b:rangeSliderDataView","type":"index-pattern"}],"type":"dashboard","updated_at":"2023-11-15T22:57:21.013Z","version":"WzE2NzA3LDFd"} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":8,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file From 0661dfcb97bb33f72fd31d8e7138502050c0de06 Mon Sep 17 00:00:00 2001 From: Michael Reeves <147089975+mreeve-snl@users.noreply.github.com> Date: Fri, 17 Nov 2023 14:58:32 -0500 Subject: [PATCH 14/29] Creating Initial Draft of issue templates (#34) * Creating Initial Draft of issue templates Issue Templates to aid with docs_update * Update bug-or-error-report.md * Update bug-or-error-report.md Minor typos * Proofread bug-or-error-report.md, updated phrasing in some places --------- Co-authored-by: Chad Poland <128160399+Chad-CISA@users.noreply.github.com> Co-authored-by: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com> Co-authored-by: mitchelbaker-cisa --- .github/ISSUE_TEMPLATE/bug-or-error-report.md | 59 +++++++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 20 +++++++ 2 files changed, 79 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug-or-error-report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/bug-or-error-report.md b/.github/ISSUE_TEMPLATE/bug-or-error-report.md new file mode 100644 index 00000000..210ff5ee --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug-or-error-report.md @@ -0,0 +1,59 @@ +--- +name: Bug or Error report +about: Report issues, mistakes, unsolvable, or unresolved errors to help improve the project +title: "[BUG] ERROR YYYYY in step X.X" +labels: bug +assignees: '' + +--- + +## **BEFORE CREATING THE ISSUE, CHECK THE FOLLOWING GUIDES**: + - [ ] [FAQ](https://github.com/cisagov/LME/blob/main/docs/markdown/reference/faq.md) + - [ ] [Troubleshooting](https://github.com/cisagov/LME/blob/main/docs/markdown/reference/troubleshooting.md) + - [ ] Search current/closed issues for similar questions, and utilize github/google search to see if an answer exists for the error I'm encountering. + +If the above did not answer your question, proceed with creating an issue below: + +## Describe the bug +A clear and concise description of what the bug is. + +## To Reproduce +Steps to reproduce the behavior. These should be clear enough that our team can understand your running environment, software/operating system versions, and anything else we might need to debug the issue. + +An example of a usable reproducible list are shown in these issues: [Issue 1](https://github.com/cisagov/LME/issues/15) [Issue 2](https://github.com/cisagov/LME/issues/19). + +To increase the speed and relevance of the reply we suggest you list down debugging steps you have tried, as well as the following information: + +### Please complete the following information +**Desktop:** + - OS: [e.g. Windows 10] + - Browser: [e.g. Firefox Version 104.0.1] + - Software version: [e.g. Sysmon v15.0, Winlogbeat 8.11.1] + +**Server:** +- OS: [e.g. Ubuntu 22.04] +- Software Versions: + - ELK: [e.g. 8.7.1] + - Docker: [e.g. 20.10.23, build 7155243] +- The output of these commands: +``` +free -h +df -h +uname -a +lsb_release -a +``` +- Relevant container logs: +``` +for name in $(sudo docker ps -a --format '{{.Names}}'); do echo -e "\n\n\n-----------$name----------"; sudo docker logs $name | tail -n 20; done +``` +Increase the number of lines if your issue is not present, or include a relevant log of the erroring container +- Output of the relevant /var/log/cron_logs/ file + +## Expected behavior +A clear and concise description of what you expected to happen. + +## Screenshots +If applicable, add screenshots to help explain your problem. + +## Additional context +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 00000000..bbcbbe7d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: '' +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. From a6188d6883ef8493503261b5b37b484e87a757ce Mon Sep 17 00:00:00 2001 From: mitchelbaker-cisa Date: Fri, 17 Nov 2023 22:18:03 +0000 Subject: [PATCH 15/29] remove input controls and update filtering with Kibana Control filters for (hostname, process exe, process pid) --- .../computer_software_overview.ndjson | 26 +++++++++---------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/Chapter 4 Files/dashboards/computer_software_overview.ndjson b/Chapter 4 Files/dashboards/computer_software_overview.ndjson index a0c3c76f..3aaa1e90 100644 --- a/Chapter 4 Files/dashboards/computer_software_overview.ndjson +++ b/Chapter 4 Files/dashboards/computer_software_overview.ndjson @@ -1,14 +1,12 @@ -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[**Home**](#/dashboard/2ec4b730-eb6c-11e9-875d-ef4cb6c5875d) | [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) | [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) | [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:05:05.608Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-02T18:05:05.608Z","version":"WzMyNTIsNF0="} -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":1},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":2},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.user_data.FilePath\":{\"count\":1},\"winlog.event_data.SourceImage\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:05:05.608Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-11-16T21:13:33.305Z","version":"WzEyOTc1LDExXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"vis_chc_select_host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_chc_select_host\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1588323783577\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host name\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:03:48.649Z","id":"feef3a20-8b8a-11ea-b1c6-a5bf39283f12","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-02T18:03:48.649Z","version":"WzI4MTUsNF0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"vis_chc_host_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_chc_host_count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Hosts\",\"emptyAsNull\":false},\"schema\":\"metric\"}],\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-16T17:26:38.828Z","id":"664b28c0-8b8e-11ea-b1c6-a5bf39283f12","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-16T17:26:38.828Z","version":"WzExODIyLDExXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"vis_chc_filter_hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_chc_filter_hosts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Host name\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:03:48.649Z","id":"a96f1df0-8b8e-11ea-b1c6-a5bf39283f12","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-02T18:03:48.649Z","version":"WzI4MTcsNF0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"title_chc_software","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"title_chc_software\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## Software\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:03:48.649Z","id":"916c04f0-8ee2-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-02T18:03:48.649Z","version":"WzI4MTgsNF0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.code: \\\"1\\\" and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"vis_chc_least_used_processes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"colWidth\":[{\"colIndex\":0,\"width\":232.66666666666669},{\"colIndex\":2,\"width\":223.16666666666663},{\"colIndex\":1,\"width\":511.58333333333337},{\"colIndex\":3,\"width\":113.58333333333337}]}}}","version":1,"visState":"{\"title\":\"vis_chc_least_used_processes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.OriginalFileName\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Process\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.Description\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Description\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Process\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Host\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-16T20:30:01.979Z","id":"0bf66940-8ee3-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-16T20:30:01.979Z","version":"WzEyNDQ5LDExXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"1\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.code\":\"1\"}}},{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Sysmon\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"event.provider\":\"Microsoft-Windows-Sysmon\"}},\"$state\":{\"store\":\"appState\"}}]}"},"title":"Process - Select process","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Process - Select process\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1588691833657\",\"fieldName\":\"winlog.event_data.OriginalFileName\",\"parent\":\"\",\"label\":\"Process Executable\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1588856904285\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1588856886670\",\"fieldName\":\"winlog.event_data.ProcessId\",\"parent\":\"1588856904285\",\"label\":\"Process PID\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-16T16:18:00.611Z","id":"9ef86220-8ee3-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_2_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-16T16:18:00.611Z","version":"WzExMzQzLDExXQ=="} -{"attributes":{"columns":["host.name","winlog.event_data.param1","winlog.event_data.param11","winlog.event_data.param12","winlog.provider_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:1000 or event.code:1002\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_proc_crash","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:03:48.649Z","id":"f3b54a90-8f7d-11ea-adec-8b77111fa9c5","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-02T18:03:48.649Z","version":"WzI4MjAsNF0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"vis_proc_crashes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_proc_crashes\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Date\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:03:48.649Z","id":"240b8f10-8f7e-11ea-adec-8b77111fa9c5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f3b54a90-8f7d-11ea-adec-8b77111fa9c5","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-02T18:03:48.649Z","version":"WzI4MjEsNF0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_chc_crash_table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_chc_crash_table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.user_data.param1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Application\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"winlog.event_data.param1: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-16T21:34:52.605Z","id":"77ffb740-8f7e-11ea-adec-8b77111fa9c5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f3b54a90-8f7d-11ea-adec-8b77111fa9c5","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-16T21:34:52.605Z","version":"WzEzMjQzLDExXQ=="} -{"attributes":{"columns":["host.name","winlog.event_data.SourceImage","winlog.event_data.TargetImage"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:8 AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_chc_create_remote_thread","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-02T18:03:48.649Z","id":"9418f1b0-8f80-11ea-adec-8b77111fa9c5","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-16T21:28:49.676Z","version":"WzEzMDg4LDExXQ=="} -{"attributes":{"description":"Shows software running on hosts","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"178b2555-f944-4281-8501-9b6f6d0c44d8\"},\"panelIndex\":\"178b2555-f944-4281-8501-9b6f6d0c44d8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_178b2555-f944-4281-8501-9b6f6d0c44d8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":15,\"h\":10,\"i\":\"935703ac-d8b0-4f1b-b443-bc4eaf2d9980\"},\"panelIndex\":\"935703ac-d8b0-4f1b-b443-bc4eaf2d9980\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Select Host\",\"panelRefName\":\"panel_935703ac-d8b0-4f1b-b443-bc4eaf2d9980\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":15,\"y\":3,\"w\":7,\"h\":10,\"i\":\"1f4b6506-11ff-4993-8005-86a5f3487725\"},\"panelIndex\":\"1f4b6506-11ff-4993-8005-86a5f3487725\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Host Count\",\"panelRefName\":\"panel_1f4b6506-11ff-4993-8005-86a5f3487725\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":22,\"y\":3,\"w\":26,\"h\":10,\"i\":\"58de2df8-db1b-4349-97c3-4c84af48d300\"},\"panelIndex\":\"58de2df8-db1b-4349-97c3-4c84af48d300\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Filter Hosts\",\"panelRefName\":\"panel_58de2df8-db1b-4349-97c3-4c84af48d300\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":13,\"w\":48,\"h\":4,\"i\":\"71da6dff-3e35-4ed9-b8b3-a50857c5f8ca\"},\"panelIndex\":\"71da6dff-3e35-4ed9-b8b3-a50857c5f8ca\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_71da6dff-3e35-4ed9-b8b3-a50857c5f8ca\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":30,\"h\":15,\"i\":\"947b4399-b50d-43eb-9248-938c178091df\"},\"panelIndex\":\"947b4399-b50d-43eb-9248-938c178091df\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null},\"colWidth\":[{\"colIndex\":0,\"width\":213.66666666666669},{\"colIndex\":2,\"width\":164.16666666666663},{\"colIndex\":1,\"width\":497.58333333333337},{\"colIndex\":3,\"width\":103.58333333333337}]}}},\"title\":\"Processes\",\"panelRefName\":\"panel_947b4399-b50d-43eb-9248-938c178091df\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":17,\"w\":18,\"h\":15,\"i\":\"7b7ba97d-b9c1-4c45-a166-e029b4d85691\"},\"panelIndex\":\"7b7ba97d-b9c1-4c45-a166-e029b4d85691\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Search by Processes\",\"panelRefName\":\"panel_7b7ba97d-b9c1-4c45-a166-e029b4d85691\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":32,\"w\":24,\"h\":15,\"i\":\"d8ec6b8b-2b5b-4b58-b2b9-60ebac01817a\"},\"panelIndex\":\"d8ec6b8b-2b5b-4b58-b2b9-60ebac01817a\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Application Crashing and Hanging\",\"panelRefName\":\"panel_d8ec6b8b-2b5b-4b58-b2b9-60ebac01817a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":32,\"w\":24,\"h\":15,\"i\":\"acc7eeb8-22ea-43e9-95e1-6841b7d024a3\"},\"panelIndex\":\"acc7eeb8-22ea-43e9-95e1-6841b7d024a3\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Application Crashing and Hanging Count\",\"panelRefName\":\"panel_acc7eeb8-22ea-43e9-95e1-6841b7d024a3\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":15,\"i\":\"eb5b5b00-ab55-4996-8d89-11cd5ac1337a\"},\"panelIndex\":\"eb5b5b00-ab55-4996-8d89-11cd5ac1337a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"CreateRemoteThread events\",\"panelRefName\":\"panel_eb5b5b00-ab55-4996-8d89-11cd5ac1337a\"}]","timeRestore":false,"title":"Computer Software Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-16T21:16:29.392Z","id":"33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"178b2555-f944-4281-8501-9b6f6d0c44d8:panel_178b2555-f944-4281-8501-9b6f6d0c44d8","type":"visualization"},{"id":"feef3a20-8b8a-11ea-b1c6-a5bf39283f12","name":"935703ac-d8b0-4f1b-b443-bc4eaf2d9980:panel_935703ac-d8b0-4f1b-b443-bc4eaf2d9980","type":"visualization"},{"id":"664b28c0-8b8e-11ea-b1c6-a5bf39283f12","name":"1f4b6506-11ff-4993-8005-86a5f3487725:panel_1f4b6506-11ff-4993-8005-86a5f3487725","type":"visualization"},{"id":"a96f1df0-8b8e-11ea-b1c6-a5bf39283f12","name":"58de2df8-db1b-4349-97c3-4c84af48d300:panel_58de2df8-db1b-4349-97c3-4c84af48d300","type":"visualization"},{"id":"916c04f0-8ee2-11ea-904c-391ecaa2f2f4","name":"71da6dff-3e35-4ed9-b8b3-a50857c5f8ca:panel_71da6dff-3e35-4ed9-b8b3-a50857c5f8ca","type":"visualization"},{"id":"0bf66940-8ee3-11ea-904c-391ecaa2f2f4","name":"947b4399-b50d-43eb-9248-938c178091df:panel_947b4399-b50d-43eb-9248-938c178091df","type":"visualization"},{"id":"9ef86220-8ee3-11ea-904c-391ecaa2f2f4","name":"7b7ba97d-b9c1-4c45-a166-e029b4d85691:panel_7b7ba97d-b9c1-4c45-a166-e029b4d85691","type":"visualization"},{"id":"240b8f10-8f7e-11ea-adec-8b77111fa9c5","name":"d8ec6b8b-2b5b-4b58-b2b9-60ebac01817a:panel_d8ec6b8b-2b5b-4b58-b2b9-60ebac01817a","type":"visualization"},{"id":"77ffb740-8f7e-11ea-adec-8b77111fa9c5","name":"acc7eeb8-22ea-43e9-95e1-6841b7d024a3:panel_acc7eeb8-22ea-43e9-95e1-6841b7d024a3","type":"visualization"},{"id":"9418f1b0-8f80-11ea-adec-8b77111fa9c5","name":"eb5b5b00-ab55-4996-8d89-11cd5ac1337a:panel_eb5b5b00-ab55-4996-8d89-11cd5ac1337a","type":"search"}],"type":"dashboard","updated_at":"2023-11-16T21:16:29.392Z","version":"WzEzMDM3LDExXQ=="} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":13,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[**Home**](#/dashboard/2ec4b730-eb6c-11e9-875d-ef4cb6c5875d) | [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) | [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) | [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-17T22:05:37.545Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-17T22:05:37.545Z","version":"WzMxODAzLDFd"} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":1},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":2},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-17T22:05:37.545Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-11-17T22:05:37.545Z","version":"WzMxODA0LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"vis_chc_host_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_chc_host_count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Hosts\",\"emptyAsNull\":false},\"schema\":\"metric\"}],\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-17T22:05:33.687Z","id":"664b28c0-8b8e-11ea-b1c6-a5bf39283f12","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-17T22:05:33.687Z","version":"WzMxNzMzLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"vis_chc_filter_hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_chc_filter_hosts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Host name\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-17T22:05:33.687Z","id":"a96f1df0-8b8e-11ea-b1c6-a5bf39283f12","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-17T22:05:33.687Z","version":"WzMxNzM0LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"title_chc_software","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"title_chc_software\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## Software\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-17T22:05:33.687Z","id":"916c04f0-8ee2-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-17T22:05:33.687Z","version":"WzMxNzM1LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.code: \\\"1\\\" and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"vis_chc_least_used_processes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"colWidth\":[{\"colIndex\":0,\"width\":232.66666666666669},{\"colIndex\":2,\"width\":223.16666666666663},{\"colIndex\":1,\"width\":511.58333333333337},{\"colIndex\":3,\"width\":113.58333333333337}]}}}","version":1,"visState":"{\"title\":\"vis_chc_least_used_processes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.OriginalFileName\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Process\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.Description\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Description\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Process\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Host\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-17T22:05:33.687Z","id":"0bf66940-8ee3-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-17T22:05:33.687Z","version":"WzMxNzM2LDFd"} +{"attributes":{"columns":["host.name","winlog.event_data.param1","winlog.event_data.param11","winlog.event_data.param12","winlog.provider_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:1000 or event.code:1002\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_proc_crash","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-17T22:05:33.687Z","id":"f3b54a90-8f7d-11ea-adec-8b77111fa9c5","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-17T22:05:33.687Z","version":"WzMxNzM4LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"vis_proc_crashes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_proc_crashes\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Date\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-17T22:05:33.687Z","id":"240b8f10-8f7e-11ea-adec-8b77111fa9c5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f3b54a90-8f7d-11ea-adec-8b77111fa9c5","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-17T22:05:33.687Z","version":"WzMxNzM5LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_chc_crash_table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_chc_crash_table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.user_data.param1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Application\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"winlog.event_data.param1: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-17T22:05:33.687Z","id":"77ffb740-8f7e-11ea-adec-8b77111fa9c5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f3b54a90-8f7d-11ea-adec-8b77111fa9c5","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-17T22:05:33.687Z","version":"WzMxNzQwLDFd"} +{"attributes":{"columns":["host.name","winlog.event_data.SourceImage","winlog.event_data.TargetImage"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:8 AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_chc_create_remote_thread","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-17T22:05:33.687Z","id":"9418f1b0-8f80-11ea-adec-8b77111fa9c5","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-17T22:05:33.687Z","version":"WzMxNzQxLDFd"} +{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"c93d4b0d-bfc5-4eda-9e05-9af5ddc9e410\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":false,\"width\":\"small\",\"explicitInput\":{\"id\":\"c93d4b0d-bfc5-4eda-9e05-9af5ddc9e410\",\"fieldName\":\"host.name\",\"title\":\"host.name\",\"enhancements\":{}}},\"afd54286-b00b-4c0f-8320-333564f20d01\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":false,\"width\":\"large\",\"explicitInput\":{\"id\":\"afd54286-b00b-4c0f-8320-333564f20d01\",\"fieldName\":\"winlog.event_data.OriginalFileName\",\"title\":\"winlog.event_data.OriginalFileName\",\"enhancements\":{}}},\"c863ffc2-f324-4e83-ac79-80fe3dad2f79\":{\"type\":\"optionsListControl\",\"order\":2,\"grow\":false,\"width\":\"large\",\"explicitInput\":{\"id\":\"c863ffc2-f324-4e83-ac79-80fe3dad2f79\",\"fieldName\":\"winlog.event_data.ProcessId\",\"title\":\"winlog.event_data.ProcessId\",\"selectedOptions\":[],\"enhancements\":{}}}}"},"description":"Shows software running on hosts","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"178b2555-f944-4281-8501-9b6f6d0c44d8\"},\"panelIndex\":\"178b2555-f944-4281-8501-9b6f6d0c44d8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_178b2555-f944-4281-8501-9b6f6d0c44d8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":22,\"h\":10,\"i\":\"1f4b6506-11ff-4993-8005-86a5f3487725\"},\"panelIndex\":\"1f4b6506-11ff-4993-8005-86a5f3487725\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Host Count\",\"panelRefName\":\"panel_1f4b6506-11ff-4993-8005-86a5f3487725\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":22,\"y\":3,\"w\":26,\"h\":10,\"i\":\"58de2df8-db1b-4349-97c3-4c84af48d300\"},\"panelIndex\":\"58de2df8-db1b-4349-97c3-4c84af48d300\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Filter Hosts\",\"panelRefName\":\"panel_58de2df8-db1b-4349-97c3-4c84af48d300\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":13,\"w\":48,\"h\":4,\"i\":\"71da6dff-3e35-4ed9-b8b3-a50857c5f8ca\"},\"panelIndex\":\"71da6dff-3e35-4ed9-b8b3-a50857c5f8ca\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_71da6dff-3e35-4ed9-b8b3-a50857c5f8ca\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":48,\"h\":14,\"i\":\"947b4399-b50d-43eb-9248-938c178091df\"},\"panelIndex\":\"947b4399-b50d-43eb-9248-938c178091df\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null},\"colWidth\":[{\"colIndex\":0,\"width\":495.6666666666667},{\"colIndex\":2,\"width\":446.16666666666663},{\"colIndex\":1,\"width\":785.5833333333334},{\"colIndex\":3,\"width\":291.58333333333337}]}}},\"title\":\"Processes\",\"panelRefName\":\"panel_947b4399-b50d-43eb-9248-938c178091df\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":31,\"w\":24,\"h\":15,\"i\":\"d8ec6b8b-2b5b-4b58-b2b9-60ebac01817a\"},\"panelIndex\":\"d8ec6b8b-2b5b-4b58-b2b9-60ebac01817a\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Application Crashing and Hanging\",\"panelRefName\":\"panel_d8ec6b8b-2b5b-4b58-b2b9-60ebac01817a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":31,\"w\":24,\"h\":15,\"i\":\"acc7eeb8-22ea-43e9-95e1-6841b7d024a3\"},\"panelIndex\":\"acc7eeb8-22ea-43e9-95e1-6841b7d024a3\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Application Crashing and Hanging Count\",\"panelRefName\":\"panel_acc7eeb8-22ea-43e9-95e1-6841b7d024a3\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":46,\"w\":48,\"h\":15,\"i\":\"eb5b5b00-ab55-4996-8d89-11cd5ac1337a\"},\"panelIndex\":\"eb5b5b00-ab55-4996-8d89-11cd5ac1337a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"CreateRemoteThread events\",\"panelRefName\":\"panel_eb5b5b00-ab55-4996-8d89-11cd5ac1337a\"}]","timeRestore":false,"title":"Computer Software Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-17T22:12:07.022Z","id":"33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"178b2555-f944-4281-8501-9b6f6d0c44d8:panel_178b2555-f944-4281-8501-9b6f6d0c44d8","type":"visualization"},{"id":"664b28c0-8b8e-11ea-b1c6-a5bf39283f12","name":"1f4b6506-11ff-4993-8005-86a5f3487725:panel_1f4b6506-11ff-4993-8005-86a5f3487725","type":"visualization"},{"id":"a96f1df0-8b8e-11ea-b1c6-a5bf39283f12","name":"58de2df8-db1b-4349-97c3-4c84af48d300:panel_58de2df8-db1b-4349-97c3-4c84af48d300","type":"visualization"},{"id":"916c04f0-8ee2-11ea-904c-391ecaa2f2f4","name":"71da6dff-3e35-4ed9-b8b3-a50857c5f8ca:panel_71da6dff-3e35-4ed9-b8b3-a50857c5f8ca","type":"visualization"},{"id":"0bf66940-8ee3-11ea-904c-391ecaa2f2f4","name":"947b4399-b50d-43eb-9248-938c178091df:panel_947b4399-b50d-43eb-9248-938c178091df","type":"visualization"},{"id":"240b8f10-8f7e-11ea-adec-8b77111fa9c5","name":"d8ec6b8b-2b5b-4b58-b2b9-60ebac01817a:panel_d8ec6b8b-2b5b-4b58-b2b9-60ebac01817a","type":"visualization"},{"id":"77ffb740-8f7e-11ea-adec-8b77111fa9c5","name":"acc7eeb8-22ea-43e9-95e1-6841b7d024a3:panel_acc7eeb8-22ea-43e9-95e1-6841b7d024a3","type":"visualization"},{"id":"9418f1b0-8f80-11ea-adec-8b77111fa9c5","name":"eb5b5b00-ab55-4996-8d89-11cd5ac1337a:panel_eb5b5b00-ab55-4996-8d89-11cd5ac1337a","type":"search"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"controlGroup_c93d4b0d-bfc5-4eda-9e05-9af5ddc9e410:optionsListDataView","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"controlGroup_afd54286-b00b-4c0f-8320-333564f20d01:optionsListDataView","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"controlGroup_c863ffc2-f324-4e83-ac79-80fe3dad2f79:optionsListDataView","type":"index-pattern"}],"type":"dashboard","updated_at":"2023-11-17T22:12:07.022Z","version":"WzMyODM3LDFd"} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":11,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file From 2090e14b0ac666f1a422b2f570e723214e322e83 Mon Sep 17 00:00:00 2001 From: ddiabe <133152385+ddiabe@users.noreply.github.com> Date: Fri, 17 Nov 2023 17:42:10 -0500 Subject: [PATCH 16/29] Alert Dashboard review (#49) * adding alert dashboard * Create Alerting_dashboard.ndjson * Rename Alerting_dasboard.ndjson to Alerting_dashboard.ndjson * Rename Alerting_dashboard.ndjson to alert_dashboard.ndjson * Delete dasboards directory --------- Co-authored-by: Diabe <0743724407@HQ.DHS.GOV> Co-authored-by: Michael Reeves <147089975+mreeve-snl@users.noreply.github.com> --- .../dashboards/alert_dashboard.ndjson | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename dasboards/Alerting_dasboard.ndjson => Chapter 4 Files/dashboards/alert_dashboard.ndjson (99%) diff --git a/dasboards/Alerting_dasboard.ndjson b/Chapter 4 Files/dashboards/alert_dashboard.ndjson similarity index 99% rename from dasboards/Alerting_dasboard.ndjson rename to Chapter 4 Files/dashboards/alert_dashboard.ndjson index 4bea8db4..4a85f911 100644 --- a/dasboards/Alerting_dasboard.ndjson +++ b/Chapter 4 Files/dashboards/alert_dashboard.ndjson @@ -16,4 +16,4 @@ {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Alerting - Event Log Label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Alerting - Event Log Label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### Full Event Logs\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","id":"4cca2320-8eb2-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-05-05T01:00:03.100Z","version":"WzQ2NzgsMl0="} {"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"signal.status : \\\"open\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Alerting - Event Logs","version":1},"coreMigrationVersion":"8.7.1","id":"22b6fde0-9076-11ea-bea6-81e365727970","migrationVersion":{"search":"8.0.0"},"references":[{"id":"fc252980-8a1d-11ea-9ff6-ed89e356f0e4","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-05-05T01:00:03.100Z","version":"WzQ2NzksMl0="} {"attributes":{"description":"Alerting Overview","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":true,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.8.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"2f6282c5-a0b3-4a3d-973f-73e59932453d\"},\"panelIndex\":\"2f6282c5-a0b3-4a3d-973f-73e59932453d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.8.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":22,\"h\":15,\"i\":\"74e0f1aa-0d28-4087-8435-6f0f048a4a54\"},\"panelIndex\":\"74e0f1aa-0d28-4087-8435-6f0f048a4a54\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.8.0\",\"gridData\":{\"x\":22,\"y\":4,\"w\":26,\"h\":15,\"i\":\"db9176ff-1842-4b14-bba2-44e4154bf2aa\"},\"panelIndex\":\"db9176ff-1842-4b14-bba2-44e4154bf2aa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.8.0\",\"gridData\":{\"x\":0,\"y\":19,\"w\":14,\"h\":13,\"i\":\"c0e06082-b790-4a1b-b686-98ed83d60ff7\"},\"panelIndex\":\"c0e06082-b790-4a1b-b686-98ed83d60ff7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.8.0\",\"gridData\":{\"x\":14,\"y\":19,\"w\":34,\"h\":26,\"i\":\"2712ca26-143f-4961-ba53-a008348cc653\"},\"panelIndex\":\"2712ca26-143f-4961-ba53-a008348cc653\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.8.0\",\"gridData\":{\"x\":0,\"y\":32,\"w\":14,\"h\":13,\"i\":\"4ef9c990-dfec-4198-828b-f269f1f4fbf8\"},\"panelIndex\":\"4ef9c990-dfec-4198-828b-f269f1f4fbf8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.8.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":22,\"h\":5,\"i\":\"93136da7-3849-4932-92f2-a443350636f2\"},\"panelIndex\":\"93136da7-3849-4932-92f2-a443350636f2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.8.0\",\"gridData\":{\"x\":22,\"y\":45,\"w\":26,\"h\":5,\"i\":\"3832099d-1166-44f0-a766-270f65ae20c3\"},\"panelIndex\":\"3832099d-1166-44f0-a766-270f65ae20c3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.8.0\",\"gridData\":{\"x\":0,\"y\":50,\"w\":22,\"h\":17,\"i\":\"aa385ced-e59f-4096-8b49-ad0014c0087c\"},\"panelIndex\":\"aa385ced-e59f-4096-8b49-ad0014c0087c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.8.0\",\"gridData\":{\"x\":22,\"y\":50,\"w\":26,\"h\":17,\"i\":\"2ab0a53c-c5c7-4116-afff-e0d119aeefa9\"},\"panelIndex\":\"2ab0a53c-c5c7-4116-afff-e0d119aeefa9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.8.0\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":8,\"i\":\"94c57cf9-5c91-4c27-a1a2-176e1d3bc30b\"},\"panelIndex\":\"94c57cf9-5c91-4c27-a1a2-176e1d3bc30b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.8.0\",\"gridData\":{\"x\":0,\"y\":75,\"w\":48,\"h\":21,\"i\":\"a7f758eb-65c6-4202-86a3-b8b4a169845c\"},\"panelIndex\":\"a7f758eb-65c6-4202-86a3-b8b4a169845c\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.8.0\",\"gridData\":{\"x\":0,\"y\":96,\"w\":48,\"h\":6,\"i\":\"25f49696-70e2-472e-9992-287665c7db7d\"},\"panelIndex\":\"25f49696-70e2-472e-9992-287665c7db7d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.8.0\",\"gridData\":{\"x\":0,\"y\":102,\"w\":48,\"h\":28,\"i\":\"38cb573e-5533-48f8-874d-5cfd5929d68a\"},\"panelIndex\":\"38cb573e-5533-48f8-874d-5cfd5929d68a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"}]","refreshInterval":{"pause":true,"value":0},"timeFrom":"now-24h","timeRestore":true,"timeTo":"now","title":"Alerting Dashboard","version":1},"coreMigrationVersion":"8.7.1","id":"ac1078e0-8a32-11ea-8939-89f508ff7909","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"panel_0","type":"visualization"},{"id":"434daa60-8af7-11ea-897e-5d5645b24ba1","name":"panel_1","type":"visualization"},{"id":"7d24d580-9536-11ea-b4a9-6d80addcce2e","name":"panel_2","type":"visualization"},{"id":"8e535ad0-8a22-11ea-9ff6-ed89e356f0e4","name":"panel_3","type":"visualization"},{"id":"27faeac0-8a25-11ea-9ff6-ed89e356f0e4","name":"panel_4","type":"visualization"},{"id":"c841d460-8a22-11ea-9ff6-ed89e356f0e4","name":"panel_5","type":"visualization"},{"id":"c91ec020-8eb2-11ea-904c-391ecaa2f2f4","name":"panel_6","type":"visualization"},{"id":"b4a31150-8eb2-11ea-904c-391ecaa2f2f4","name":"panel_7","type":"visualization"},{"id":"ca3cbc30-8a31-11ea-8939-89f508ff7909","name":"panel_8","type":"visualization"},{"id":"1f470d50-f825-11ea-86d0-51b0c2571342","name":"panel_9","type":"visualization"},{"id":"522c7590-9045-11ea-bea6-81e365727970","name":"panel_10","type":"visualization"},{"id":"40f55e50-8afe-11ea-897e-5d5645b24ba1","name":"panel_11","type":"visualization"},{"id":"4cca2320-8eb2-11ea-904c-391ecaa2f2f4","name":"panel_12","type":"visualization"},{"id":"22b6fde0-9076-11ea-bea6-81e365727970","name":"panel_13","type":"search"}],"type":"dashboard","updated_at":"2023-05-05T01:00:03.100Z","version":"WzQ2ODAsMl0="} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":18,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":18,"missingRefCount":0,"missingReferences":[]} From 0c5fb2b73cf6548a4c849f0fbf3bcd4af4510be6 Mon Sep 17 00:00:00 2001 From: ddiabe <133152385+ddiabe@users.noreply.github.com> Date: Fri, 17 Nov 2023 17:46:38 -0500 Subject: [PATCH 17/29] Delete dasboards directory (#50) From 600a171feacad335a55737025933b82e2e161a22 Mon Sep 17 00:00:00 2001 From: Dmytro Korzhevin Date: Sat, 18 Nov 2023 01:57:09 +0200 Subject: [PATCH 18/29] Update deploy.sh to debug issue #33 Add logging to indicate the script's progress and where it might be failing + introduce a maximum number of 60 attempts to check for Elasticsearch readiness, preventing the script from hanging indefinitely. --- Chapter 3 Files/deploy.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/Chapter 3 Files/deploy.sh b/Chapter 3 Files/deploy.sh index a39c5832..2ee2b5e4 100755 --- a/Chapter 3 Files/deploy.sh +++ b/Chapter 3 Files/deploy.sh @@ -101,10 +101,19 @@ function setpasswords() { temp=$OLD_ELASTIC_PASS fi - echo -e "\e[32m[X]\e[0m Waiting for elasticsearch to be ready" - while [[ "$(curl --cacert certs/root-ca.crt --user elastic:${temp} -s -o /dev/null -w ''%{http_code}'' https://127.0.0.1:9200)" != "200" ]]; do + echo -e "\e[32m[X]\e[0m Waiting for Elasticsearch to be ready" + max_attempts=60 + attempt=0 + while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' --cacert certs/root-ca.crt --user elastic:${temp} https://127.0.0.1:9200)" != "200" ]]; do + printf '.' sleep 1 + ((attempt++)) + if ((attempt > max_attempts)); then + echo "Elasticsearch is not responding after $max_attempts attempts - exiting." + exit 1 + fi done + echo "Elasticsearch is up and running." echo -e "\e[32m[X]\e[0m Setting elastic user password" curl --cacert certs/root-ca.crt --user elastic:${temp} -X POST "https://127.0.0.1:9200/_security/user/elastic/_password" -H 'Content-Type: application/json' -d' { "password" : "'"$elastic_user_pass"'"} ' From a9df5917d778191132492f56d32c6aef8fe905f3 Mon Sep 17 00:00:00 2001 From: Clint Baxley Date: Mon, 20 Nov 2023 13:04:55 -0500 Subject: [PATCH 19/29] Updates the dashboard menu and all of the dashboards that use it. (#53) * Change the navigation menu to exclude the old home page and include the new dashboards. * Delete the security dashboard home --------- Co-authored-by: Clint Baxley --- ...board.ndjson => alerting_dashboard.ndjson} | 38 ++++----- .../computer_software_overview.ndjson | 22 ++--- .../dashboards/process_explorer.ndjson | 16 ++-- .../dashboards/security_dashboard_home.ndjson | 6 -- .../security_dashboard_security_log.ndjson | 62 +++++++------- .../dashboards/sysmon_summary.ndjson | 22 ++--- Chapter 4 Files/dashboards/user_hr.ndjson | 19 +++-- .../dashboards/user_security.ndjson | 82 +++++++++---------- 8 files changed, 131 insertions(+), 136 deletions(-) rename Chapter 4 Files/dashboards/{alert_dashboard.ndjson => alerting_dashboard.ndjson} (75%) delete mode 100644 Chapter 4 Files/dashboards/security_dashboard_home.ndjson diff --git a/Chapter 4 Files/dashboards/alert_dashboard.ndjson b/Chapter 4 Files/dashboards/alerting_dashboard.ndjson similarity index 75% rename from Chapter 4 Files/dashboards/alert_dashboard.ndjson rename to Chapter 4 Files/dashboards/alerting_dashboard.ndjson index 4a85f911..e86a1875 100644 --- a/Chapter 4 Files/dashboards/alert_dashboard.ndjson +++ b/Chapter 4 Files/dashboards/alerting_dashboard.ndjson @@ -1,19 +1,19 @@ -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Security Overview](#/dashboard/9f302900-8ac7-11ea-b703-43c01853c348) | [Alerting](#/dashboard/ac1078e0-8a32-11ea-8939-89f508ff7909) | [User Explorer](#/dashboard/56d633d0-849a-11ea-b7fb-01bea49d9239) | [User Logons](#/dashboard/10c9e640-860f-11ea-a720-c7a0431f179d) | [Process Explorer](#/dashboard/f8eec760-8ee3-11ea-904c-391ecaa2f2f4) | [Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12) | [Logging Diagnostics](#/dashboard/ff455d20-9511-11ea-974f-b95a6148fe83)\",\"openLinksInNewTab\":false},\"title\":\"Dashboard Menu\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.7.1","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-05-05T01:00:03.100Z","version":"WzI5NDksMl0="} -{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","runtimeFieldMap":"{\"Column1\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { if (doc['process.pid'].size() != 0) { emit (doc['process.pid'].value.toString()) } } else if(doc['event.code'].value.equals(Integer.toString(3))) { if (doc['destination.address'].size() != 0) { emit (doc['destination.address'].value.toString()) } } } emit (\\\"No Data\\\") } } emit (\\\"Signal Closed\\\")\"}},\"Column2\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { def args = \\\"\\\"; if (doc['process.args'].size() != 0) { for(int i=0; i winlog.computer_name:(\\\\S+) > .*\\\").legend(position=ne)\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:22:59.753Z","id":"e48bf6f0-e90f-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-10-05T19:22:59.753Z","version":"WzU1OTksN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_types_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_types_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"|Logon Type|Logon Title|Description|\\n| :-: | :- | :- |\\n| 2 | Interactive | A user logged on to this computer. |\\n| 3 | Network | A user or computer logged on to this computer from the network. |\\n| 4 | Batch | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. |\\n| 5 | Service | A service was started by the Service Control Manager. |\\n| 7 | Unlock | This workstation was unlocked. |\\n| 8 | NetworkCleartext | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). |\\n| 9 | NewCredentials | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. |\\n| 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop. |\\n| 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:22:59.753Z","id":"846ca470-e9ac-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-10-05T19:22:59.753Z","version":"WzU2MDAsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4625_failed_logon_status_codes_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_codes_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.LogonType\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.Status\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.SubStatus\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:22:59.753Z","id":"43ef93b0-e9a9-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:22:59.753Z","version":"WzU2MDEsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_status_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"| Code | Description |\\n| :- | :- |\\n| 0XC000005E | There are currently no logon servers available to service the logon request. |\\n| 0xC0000064 | User logon with misspelled or bad user account |\\n| 0xC000006A | User logon with misspelled or bad password |\\n| 0XC000006D | This is either due to a bad username or authentication information |\\n| 0XC000006E | Unknown user name or bad password. |\\n| 0xC000006F | User logon outside authorized hours |\\n| 0xC0000070 | User logon from unauthorized workstation |\\n| 0xC0000071 | User logon with expired password |\\n| 0xC0000072 | User logon to account disabled by administrator |\\n| 0XC00000DC | Indicates the Sam Server was in the wrong state to perform the desired operation. |\\n| 0XC0000133 | Clocks between DC and other computer too far out of sync |\\n| 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine |\\n| 0XC000018C | The logon request failed because the trust relationship between the primary domain and the trusted domain failed. |\\n| 0XC0000192 | An attempt was made to logon, but the Netlogon service was not started. |\\n| 0xC0000193 | User logon with expired account |\\n| 0XC0000224 | User is required to change password at next logon |\\n| 0XC0000225 | Evidently a bug in Windows and not a risk |\\n| 0xC0000234 | User logon with account locked |\\n| 0XC00002EE | Failure Reason: An Error occurred during Logon |\\n| 0XC0000413 | Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. |\\n| 0x0 | Status OK. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:22:59.753Z","id":"3690c770-e9ae-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-10-05T19:22:59.753Z","version":"WzU2MDIsN10="} -{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.TargetUserName","winlog.event_id","winlog.event_data.PasswordLastSet","winlog.event_data.OldUacValue","winlog.event_data.NewUacValue","winlog.event_data.UserAccountControl","winlog.event_data.AllowedToDelegateTo","winlog.event_data.PrivilegeList","user.domain","user.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:4738 and event.outcome: \\\"success\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4738_account_details_changed_AD_to_AE","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:22:59.753Z","id":"1bdf1a30-e9d6-11e9-92c4-d918939a618e","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:22:59.753Z","version":"WzU2MDMsN10="} -{"attributes":{"columns":["process.name","host.name","winlog.event_data.SubjectUserName","winlog.event_data.TargetUserName","winlog.event_data.TargetServerName","process.pid","winlog.event_data.SubjectDomainName","winlog.event_data.TargetDomainName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4648 \",\"language\":\"kuery\"},\"filter\":[{\"query\":{\"bool\":{\"must\":[{\"script\":{\"script\":\"doc['winlog.event_data.SubjectUserName'].value != doc['winlog.event_data.TargetUserName'].value\"}}]}},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[{\\\"script\\\":{\\\"script\\\":\\\"doc['winlog.event_data.SubjectUserName'].value != doc['winlog.event_data.TargetUserName'].value\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"winlog.event_data.TargetDomainName\",\"params\":{\"query\":\"Window Manager\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"winlog.event_data.TargetDomainName\":\"Window Manager\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"winlog.event_data.TargetDomainName\",\"params\":{\"query\":\"Font Driver Host\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"winlog.event_data.TargetDomainName\":\"Font Driver Host\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["winlog.event_id","asc"]],"title":"srch_sd_security_4648_logon_explicit_creds_running_as_different_user","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:22:59.753Z","id":"103ccef0-ea73-11e9-be68-7f08998695a8","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:22:59.753Z","version":"WzU2MDQsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_logs_computernames_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Logged events\"}},{\"id\":\"2\",\"enabled\":false,\"type\":\"filters\",\"schema\":\"bucket\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_id : 4624\",\"language\":\"kuery\"},\"label\":\"EventID 4624\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computername\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_logs_computernames_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:22:59.753Z","id":"1c4214a0-f0cf-11e9-a5fc-65ed253cef03","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:22:59.753Z","version":"WzU2MDYsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[**Home**](#/dashboard/2ec4b730-eb6c-11e9-875d-ef4cb6c5875d) | [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) | [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) | [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T21:26:26.100Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-10-05T21:26:26.100Z","version":"WzY3NTMsN10="} -{"attributes":{"description":"Security log related events","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":15,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security logs events\",\"panelRefName\":\"panel_1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":149,\"w\":48,\"h\":17,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Process creation - event ID 4688\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":124,\"w\":48,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Log Cleared - event ID 1102 or 104\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":166,\"w\":48,\"h\":18,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logon created - Logon type 2\",\"panelRefName\":\"panel_6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select a computer to filter the below results. Leave blank for all\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":184,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - network logon created - Logon type 3\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":132,\"w\":48,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log events - Detail\",\"panelRefName\":\"panel_9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":199,\"w\":48,\"h\":17,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sercurity log - logon as a service - Logon type 5\",\"panelRefName\":\"panel_10\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":216,\"w\":24,\"h\":15,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Credential sent as clear text - Logon type 8\",\"panelRefName\":\"panel_11\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":216,\"w\":24,\"h\":15,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Credential sent as clear text\",\"panelRefName\":\"panel_12\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon attempts\",\"panelRefName\":\"panel_15\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":231,\"w\":24,\"h\":15,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon using cached credentials\",\"panelRefName\":\"panel_17\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":231,\"w\":24,\"h\":15,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logon using cached credentials - Logon type 11\",\"panelRefName\":\"panel_18\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":246,\"w\":48,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logons with special privileges assigned - event ID 4672\",\"panelRefName\":\"panel_19\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":33,\"w\":48,\"h\":15,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Computers showing failed login attempts - 10 maximum shown\",\"panelRefName\":\"panel_20\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon type codes\",\"panelRefName\":\"panel_21\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":16,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon and reason (status code)\",\"panelRefName\":\"panel_22\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":98,\"w\":48,\"h\":26,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon status codes\",\"panelRefName\":\"panel_23\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":279,\"w\":48,\"h\":9,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Account Changes - A user account object was changed - event ID 4738\",\"panelRefName\":\"panel_24\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":264,\"w\":48,\"h\":15,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{},\"sort\":[]},\"title\":\"Security log - Process started with different credentials- event ID 4648 [could be RUNAS, scheduled tasks]\",\"panelRefName\":\"panel_28\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":11,\"w\":24,\"h\":7,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"title\":\"Select a computername to filter\",\"panelRefName\":\"panel_30\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\"},\"panelIndex\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b71dba65-ed1c-4917-9fc7-54923511ad2d\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":82,\"w\":48,\"h\":16,\"i\":\"96010259-5ae8-4632-bcce-34078573b1cd\"},\"panelIndex\":\"96010259-5ae8-4632-bcce-34078573b1cd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed Logons\",\"panelRefName\":\"panel_96010259-5ae8-4632-bcce-34078573b1cd\"}]","timeRestore":false,"title":"Security Dashboard - Security Log","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T21:12:42.548Z","id":"51186cd0-e8e9-11e9-9070-f78ae052729a","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"e5245110-e8e8-11e9-9070-f78ae052729a","name":"1:panel_1","type":"visualization"},{"id":"781b09e0-e8ea-11e9-9070-f78ae052729a","name":"2:panel_2","type":"search"},{"id":"8c100710-e8eb-11e9-9070-f78ae052729a","name":"3:panel_3","type":"search"},{"id":"0222a210-e8f0-11e9-9070-f78ae052729a","name":"6:panel_6","type":"visualization"},{"id":"5c6f40d0-e8f4-11e9-9070-f78ae052729a","name":"7:panel_7","type":"visualization"},{"id":"666027c0-e8f5-11e9-9070-f78ae052729a","name":"8:panel_8","type":"visualization"},{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"9:panel_9","type":"search"},{"id":"d99cb4d0-e8f8-11e9-9070-f78ae052729a","name":"10:panel_10","type":"visualization"},{"id":"80125e30-e900-11e9-9070-f78ae052729a","name":"11:panel_11","type":"visualization"},{"id":"3ce572e0-e901-11e9-9070-f78ae052729a","name":"12:panel_12","type":"visualization"},{"id":"fefc2830-e904-11e9-9070-f78ae052729a","name":"15:panel_15","type":"visualization"},{"id":"27974a20-e907-11e9-9070-f78ae052729a","name":"17:panel_17","type":"visualization"},{"id":"b40a99e0-e906-11e9-9070-f78ae052729a","name":"18:panel_18","type":"visualization"},{"id":"379f1cb0-e90a-11e9-9070-f78ae052729a","name":"19:panel_19","type":"visualization"},{"id":"e48bf6f0-e90f-11e9-9070-f78ae052729a","name":"20:panel_20","type":"visualization"},{"id":"846ca470-e9ac-11e9-92c4-d918939a618e","name":"21:panel_21","type":"visualization"},{"id":"43ef93b0-e9a9-11e9-92c4-d918939a618e","name":"22:panel_22","type":"visualization"},{"id":"3690c770-e9ae-11e9-92c4-d918939a618e","name":"23:panel_23","type":"visualization"},{"id":"1bdf1a30-e9d6-11e9-92c4-d918939a618e","name":"24:panel_24","type":"search"},{"id":"103ccef0-ea73-11e9-be68-7f08998695a8","name":"28:panel_28","type":"search"},{"id":"1c4214a0-f0cf-11e9-a5fc-65ed253cef03","name":"30:panel_30","type":"visualization"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"b71dba65-ed1c-4917-9fc7-54923511ad2d:panel_b71dba65-ed1c-4917-9fc7-54923511ad2d","type":"visualization"},{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"96010259-5ae8-4632-bcce-34078573b1cd:panel_96010259-5ae8-4632-bcce-34078573b1cd","type":"search"}],"type":"dashboard","updated_at":"2023-10-05T21:12:42.548Z","version":"WzY0OTUsN10="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":1},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":2},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzcxOSw4XQ=="} +{"attributes":{"columns":["event.code","event.action","winlog.logon.type","user.domain","user.name","host.name","winlog.event_data.LogonProcessName","winlog.logon.id","winlog.event_data.SubjectUserName","source.ip"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY2Niw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Vis_sd_security_log_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Vis_sd_security_log_count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"e5245110-e8e8-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY2Nyw4XQ=="} +{"attributes":{"columns":["host.name","process.parent.executable","process.executable","winlog.event_id","winlog.event_data.TokenElevationType","winlog.event_data.MandatoryLabel"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code: \\\"4688\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4688_process_creation","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"781b09e0-e8ea-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY2OCw4XQ=="} +{"attributes":{"columns":["winlog.user_data.SubjectDomainName","winlog.user_data.SubjectUserName","host.name","event.code","winlog.user_data.Channel","event.module"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1102\\\" OR event.code:\\\"104\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_1102_security_log_cleared","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"8c100710-e8eb-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY2OSw4XQ=="} +{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","process.name","winlog.event_data.LogonProcessName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:2\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4624_logon_type_2","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"beaefbb0-e8ee-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY3MCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_2_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Logon created for user\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"logon created locally\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_4624_logon_type_2_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"0222a210-e8f0-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"beaefbb0-e8ee-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY3MSw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"type\":\"phrase\",\"key\":\"winlog.channel\",\"value\":\"Security\",\"params\":{\"query\":\"Security\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"winlog.channel\":{\"query\":\"Security\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"},"title":"vis_sd_security_4624_picker","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1570446686972\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Computername\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"title\":\"vis_sd_security_4624_picker\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"5c6f40d0-e8f4-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY3Miw4XQ=="} +{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","source.ip","source.port","winlog.event_data.LogonProcessName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:3\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4624_logon_type_3","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"203b2790-e8f5-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY3Myw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"not user.name:*$\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_3_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network logon created for user\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"network logon by user\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_4624_logon_type_3_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"666027c0-e8f5-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"203b2790-e8f5-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY3NCw4XQ=="} +{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","process.name","winlog.event_data.LogonProcessName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:5\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4624_logon_type_5","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"649fd2c0-e8f8-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY3NSw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_5_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service account used\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Logon as service with user\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_4624_logon_type_5_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"d99cb4d0-e8f8-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"649fd2c0-e8f8-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY3Niw4XQ=="} +{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","process.name","source.ip","source.port","winlog.event_data.LogonProcessName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:8\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4624_logon_type_8","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"2d636030-e900-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY3Nyw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_8_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Credentials sent in clear text\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_4624_logon_type_8_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"80125e30-e900-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2d636030-e900-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY3OCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_8_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4624_logon_type_8_count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"3ce572e0-e901-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2d636030-e900-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY3OSw4XQ=="} +{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.WorkstationName","winlog.event_data.TargetUserName","winlog.event_data.LogonType","winlog.event_data.IpAddress","winlog.event_data.Status","winlog.event_data.SubStatus"],"description":"New settings test 9/29/2023 16:44","grid":{"columns":{"winlog.event_data.Status":{"width":221}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"4625\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_4625_failed_logon","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"0b549610-e902-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY4MCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4625_failed_logon_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"fefc2830-e904-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY4MSw4XQ=="} +{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","process.name","source.ip","source.port","winlog.event_data.LogonProcessName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:11\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4624_logon_type_11","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"df7536e0-e905-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY4Miw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_11_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4624_logon_type_11_count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"27974a20-e907-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"df7536e0-e905-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY4Myw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_11_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computername\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Account logon with cached credentials\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_4624_logon_type_11_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"b40a99e0-e906-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"df7536e0-e905-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY4NCw4XQ=="} +{"attributes":{"columns":["winlog.event_data.SubjectUserName","winlog.computer_name","winlog.task","winlog.event_id","winlog.event_data.PrivilegeList"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4672\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4672_special_privileges_assigned","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"03537790-e909-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY4NSw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4672_special_privileges_assigned_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computername\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User assigned special privileges\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User assigned special privileges logged on\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_4672_special_privileges_assigned_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"379f1cb0-e90a-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"03537790-e909-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY4Niw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_timelion","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_timelion\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(q=winlog.event_id:4625, index=winlogbeat-*, split=winlog.computer_name:10).label(\\\"$1\\\",\\\"^.* > winlog.computer_name:(\\\\S+) > .*\\\").legend(position=ne)\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"e48bf6f0-e90f-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY4Nyw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_types_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_types_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"|Logon Type|Logon Title|Description|\\n| :-: | :- | :- |\\n| 2 | Interactive | A user logged on to this computer. |\\n| 3 | Network | A user or computer logged on to this computer from the network. |\\n| 4 | Batch | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. |\\n| 5 | Service | A service was started by the Service Control Manager. |\\n| 7 | Unlock | This workstation was unlocked. |\\n| 8 | NetworkCleartext | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). |\\n| 9 | NewCredentials | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. |\\n| 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop. |\\n| 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"846ca470-e9ac-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY4OCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4625_failed_logon_status_codes_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_codes_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.LogonType\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.Status\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.SubStatus\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"43ef93b0-e9a9-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY4OSw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_status_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"| Code | Description |\\n| :- | :- |\\n| 0XC000005E | There are currently no logon servers available to service the logon request. |\\n| 0xC0000064 | User logon with misspelled or bad user account |\\n| 0xC000006A | User logon with misspelled or bad password |\\n| 0XC000006D | This is either due to a bad username or authentication information |\\n| 0XC000006E | Unknown user name or bad password. |\\n| 0xC000006F | User logon outside authorized hours |\\n| 0xC0000070 | User logon from unauthorized workstation |\\n| 0xC0000071 | User logon with expired password |\\n| 0xC0000072 | User logon to account disabled by administrator |\\n| 0XC00000DC | Indicates the Sam Server was in the wrong state to perform the desired operation. |\\n| 0XC0000133 | Clocks between DC and other computer too far out of sync |\\n| 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine |\\n| 0XC000018C | The logon request failed because the trust relationship between the primary domain and the trusted domain failed. |\\n| 0XC0000192 | An attempt was made to logon, but the Netlogon service was not started. |\\n| 0xC0000193 | User logon with expired account |\\n| 0XC0000224 | User is required to change password at next logon |\\n| 0XC0000225 | Evidently a bug in Windows and not a risk |\\n| 0xC0000234 | User logon with account locked |\\n| 0XC00002EE | Failure Reason: An Error occurred during Logon |\\n| 0XC0000413 | Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. |\\n| 0x0 | Status OK. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"3690c770-e9ae-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY5MCw4XQ=="} +{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.TargetUserName","winlog.event_id","winlog.event_data.PasswordLastSet","winlog.event_data.OldUacValue","winlog.event_data.NewUacValue","winlog.event_data.UserAccountControl","winlog.event_data.AllowedToDelegateTo","winlog.event_data.PrivilegeList","user.domain","user.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:4738 and event.outcome: \\\"success\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4738_account_details_changed_AD_to_AE","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"1bdf1a30-e9d6-11e9-92c4-d918939a618e","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY5MSw4XQ=="} +{"attributes":{"columns":["process.name","host.name","winlog.event_data.SubjectUserName","winlog.event_data.TargetUserName","winlog.event_data.TargetServerName","process.pid","winlog.event_data.SubjectDomainName","winlog.event_data.TargetDomainName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4648 \",\"language\":\"kuery\"},\"filter\":[{\"query\":{\"bool\":{\"must\":[{\"script\":{\"script\":\"doc['winlog.event_data.SubjectUserName'].value != doc['winlog.event_data.TargetUserName'].value\"}}]}},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[{\\\"script\\\":{\\\"script\\\":\\\"doc['winlog.event_data.SubjectUserName'].value != doc['winlog.event_data.TargetUserName'].value\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"winlog.event_data.TargetDomainName\",\"params\":{\"query\":\"Window Manager\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"winlog.event_data.TargetDomainName\":\"Window Manager\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"winlog.event_data.TargetDomainName\",\"params\":{\"query\":\"Font Driver Host\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"winlog.event_data.TargetDomainName\":\"Font Driver Host\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["winlog.event_id","asc"]],"title":"srch_sd_security_4648_logon_explicit_creds_running_as_different_user","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"103ccef0-ea73-11e9-be68-7f08998695a8","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY5Miw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_logs_computernames_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Logged events\"}},{\"id\":\"2\",\"enabled\":false,\"type\":\"filters\",\"schema\":\"bucket\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_id : 4624\",\"language\":\"kuery\"},\"label\":\"EventID 4624\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computername\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_logs_computernames_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"1c4214a0-f0cf-11e9-a5fc-65ed253cef03","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY5Myw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Alerting Dashboard](#/dashboard/ac1078e0-8a32-11ea-8939-89f508ff7909)\\n| [Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T11:11:46.893Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T11:11:46.893Z","version":"WzE5NjYwOCw4XQ=="} +{"attributes":{"description":"Security log related events","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":15,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security logs events\",\"panelRefName\":\"panel_1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":149,\"w\":48,\"h\":17,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Process creation - event ID 4688\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":124,\"w\":48,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Log Cleared - event ID 1102 or 104\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":166,\"w\":48,\"h\":18,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logon created - Logon type 2\",\"panelRefName\":\"panel_6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select a computer to filter the below results. Leave blank for all\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":184,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - network logon created - Logon type 3\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":132,\"w\":48,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log events - Detail\",\"panelRefName\":\"panel_9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":199,\"w\":48,\"h\":17,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sercurity log - logon as a service - Logon type 5\",\"panelRefName\":\"panel_10\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":216,\"w\":24,\"h\":15,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Credential sent as clear text - Logon type 8\",\"panelRefName\":\"panel_11\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":216,\"w\":24,\"h\":15,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Credential sent as clear text\",\"panelRefName\":\"panel_12\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon attempts\",\"panelRefName\":\"panel_15\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":231,\"w\":24,\"h\":15,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon using cached credentials\",\"panelRefName\":\"panel_17\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":231,\"w\":24,\"h\":15,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logon using cached credentials - Logon type 11\",\"panelRefName\":\"panel_18\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":246,\"w\":48,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logons with special privileges assigned - event ID 4672\",\"panelRefName\":\"panel_19\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":33,\"w\":48,\"h\":15,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Computers showing failed login attempts - 10 maximum shown\",\"panelRefName\":\"panel_20\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon type codes\",\"panelRefName\":\"panel_21\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":16,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon and reason (status code)\",\"panelRefName\":\"panel_22\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":98,\"w\":48,\"h\":26,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon status codes\",\"panelRefName\":\"panel_23\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":279,\"w\":48,\"h\":9,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Account Changes - A user account object was changed - event ID 4738\",\"panelRefName\":\"panel_24\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":264,\"w\":48,\"h\":15,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{},\"sort\":[]},\"title\":\"Security log - Process started with different credentials- event ID 4648 [could be RUNAS, scheduled tasks]\",\"panelRefName\":\"panel_28\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":11,\"w\":24,\"h\":7,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"title\":\"Select a computername to filter\",\"panelRefName\":\"panel_30\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\"},\"panelIndex\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b71dba65-ed1c-4917-9fc7-54923511ad2d\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":82,\"w\":48,\"h\":16,\"i\":\"96010259-5ae8-4632-bcce-34078573b1cd\"},\"panelIndex\":\"96010259-5ae8-4632-bcce-34078573b1cd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed Logons\",\"panelRefName\":\"panel_96010259-5ae8-4632-bcce-34078573b1cd\"}]","timeRestore":false,"title":"Security Dashboard - Security Log","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:53.302Z","id":"51186cd0-e8e9-11e9-9070-f78ae052729a","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"e5245110-e8e8-11e9-9070-f78ae052729a","name":"1:panel_1","type":"visualization"},{"id":"781b09e0-e8ea-11e9-9070-f78ae052729a","name":"2:panel_2","type":"search"},{"id":"8c100710-e8eb-11e9-9070-f78ae052729a","name":"3:panel_3","type":"search"},{"id":"0222a210-e8f0-11e9-9070-f78ae052729a","name":"6:panel_6","type":"visualization"},{"id":"5c6f40d0-e8f4-11e9-9070-f78ae052729a","name":"7:panel_7","type":"visualization"},{"id":"666027c0-e8f5-11e9-9070-f78ae052729a","name":"8:panel_8","type":"visualization"},{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"9:panel_9","type":"search"},{"id":"d99cb4d0-e8f8-11e9-9070-f78ae052729a","name":"10:panel_10","type":"visualization"},{"id":"80125e30-e900-11e9-9070-f78ae052729a","name":"11:panel_11","type":"visualization"},{"id":"3ce572e0-e901-11e9-9070-f78ae052729a","name":"12:panel_12","type":"visualization"},{"id":"fefc2830-e904-11e9-9070-f78ae052729a","name":"15:panel_15","type":"visualization"},{"id":"27974a20-e907-11e9-9070-f78ae052729a","name":"17:panel_17","type":"visualization"},{"id":"b40a99e0-e906-11e9-9070-f78ae052729a","name":"18:panel_18","type":"visualization"},{"id":"379f1cb0-e90a-11e9-9070-f78ae052729a","name":"19:panel_19","type":"visualization"},{"id":"e48bf6f0-e90f-11e9-9070-f78ae052729a","name":"20:panel_20","type":"visualization"},{"id":"846ca470-e9ac-11e9-92c4-d918939a618e","name":"21:panel_21","type":"visualization"},{"id":"43ef93b0-e9a9-11e9-92c4-d918939a618e","name":"22:panel_22","type":"visualization"},{"id":"3690c770-e9ae-11e9-92c4-d918939a618e","name":"23:panel_23","type":"visualization"},{"id":"1bdf1a30-e9d6-11e9-92c4-d918939a618e","name":"24:panel_24","type":"search"},{"id":"103ccef0-ea73-11e9-be68-7f08998695a8","name":"28:panel_28","type":"search"},{"id":"1c4214a0-f0cf-11e9-a5fc-65ed253cef03","name":"30:panel_30","type":"visualization"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"b71dba65-ed1c-4917-9fc7-54923511ad2d:panel_b71dba65-ed1c-4917-9fc7-54923511ad2d","type":"visualization"},{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"96010259-5ae8-4632-bcce-34078573b1cd:panel_96010259-5ae8-4632-bcce-34078573b1cd","type":"search"}],"type":"dashboard","updated_at":"2023-11-20T10:41:53.302Z","version":"WzE5MzY5NSw4XQ=="} {"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":31,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/Chapter 4 Files/dashboards/sysmon_summary.ndjson b/Chapter 4 Files/dashboards/sysmon_summary.ndjson index 24e5b910..a5b34a5f 100644 --- a/Chapter 4 Files/dashboards/sysmon_summary.ndjson +++ b/Chapter 4 Files/dashboards/sysmon_summary.ndjson @@ -1,12 +1,12 @@ -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_event_summary_image","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_event_summary_image\",\"type\":\"markdown\",\"params\":{\"markdown\":\"![SysmonSummary](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABQAAAALQCAIAAABAH0oBAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAP+lSURBVHhe7P1JcBx7fucJ1mVm6qiLNDrMjNWh1SaT5lCHVlupTzq0prPmJDNlaepW2Sa1mazVh1pkLXWrVFkvU7m+hfvO9/j4+Ehi37mTAEisJPYdiH3f931Fzs/Dg0GP7x8AQTKIjd+PfQwZEfiFIyIQRPrnuYf7P/sNIYQQQgxsb/8mX6xWt7cLpar8j3ytVLeLpWq5sl0qa18bF4pl7VuNMbmL3LF294r+Vb+l/t3Xi9LvK19L5fqi9OU3xvSf3lgIPB6Z1OZfL0S+Ni7oj+fNot72ePRFaQ9AW4Jm7QI+noLyePRb4PHo9208HrmqPh65IzwebVE7Pp6aR+fx6MvZ+fHUFvX6pda+1hduWMgOj0dfMjye0puFaL+p1wsxLkq/V/3xqAvZ/fHoM8aFyNcdHk+5Pqb/dONCtn/zGxnW/5l4I/nvHjn/yzdrf3d55e8ur+7hf76+bnKn5S67LV8u68uU706sRL64a/qy3fx/XFnV/T+vrr3Fa3V/fGP9Z7c25cL5XqvFmzF50hMr0bGlyOxmLBQvyPL1V0B/NfRfvf4AarfUv6u/SV6/IPXXWXsr7vD6vLl7YyHaV/27jUXV7qsvp3H1zULqj2eHRe3weGoL2f/jka/1hdS+yrx81R9G4/HI1/q35B2if91pIdrX2nf1heg/WltCTX1RjW/JmAw37oiP5/UP0ucbD6NxwbgQ7etOC9G+Ghai/e06mo+n+uaC3GhcVOOO6qJkRr7KvfSvjSXIPeWCcSHaV8Mdm74aH49hIY0LcmNjUfpPND4qXMg+Xh/9644Lka/Ghez4eGBRjTu2/PHI7QxgQgghhBCyL5KZkvTk07nghV4rhK7q31/R/MnNDXcoV7//LnhCuQfTgfPd1s9ubOw3fV93r+6Pb2yMLoaXrcnptXru6sj6LiHHC3nT6u/bXKEiUVe7TYNv5lbBACaEEEIIIXtRLFVdwdyzudDpTvNbN/nq3duw7Zm7/Hq7MeCP5u3+7OhC+Jffb71f9/70u81f3THdfOicWosyD8hxp7q9nc6VE5lSPF3yRfLBWCGRLhXLVfkHmC1U5PJu/5TIO8EAJoQQQgghu7JmT319z/5fv1mH0AWhext+98hZX5ABmy8zsRL5ss3042/W36N7xR/fWO8b98lyHP6sYSPZcSWTL0vk1K8cSZheB0ChVJXKle6Vd7Vo92dD8YIzoF2IJosSxiX+FloBA5gQQgghhOzM2FLkH66tQeuCULyg3P3elF/W6fPFSq5Qka/ecP5UR/1Tvhi6qkr6/uqO6dd3TcvWpNRC/VEef/RPKh5l7L6sxZNhBn8k5M0s/zQkcSWAJXe3XGlfJC8N7AnnHAHtlY+liqls+eO9/pXqdiZX/kQCmwFMCCGEEEIQqy/T88IHrWsUQhfU+7bhP93c+PWdrV/d3pKvcvn/vPrOm3x/Iku4a+oc9UhLi/VHecSobv/mpCZENl9xBXPVPbe2R5LFqbXow1fB0cXwvClh9mSk2cR8UTtoln54qvroSadYrsJ/oNmuHdFK38O5sbVfbtTKM1/2hvMSuu5QTgLYE8rZfBm5Rf4NylezOyMBHEkU5eUtFD/Wf/SRB7bpTH8ivyAGMCGEEEIIqSOFE00WpV7+6btNKF5dCF0QulcVQxdUuvfzNtO3D53dz73SAPLAjvgKusTMyEJ4zZ6UTpSH+oGP9Qju2i0NPL0e80Xz9esG5Pm2D3t++t2m0Yt9NvGbe47bT1zfP3bdeuTqeeGd3YzPbcUlj4PxglRirlipL+I1oXhhxZZctCQC0QIkt7zC0ofJTKl+/TCQZ7rHfwiobm/nCpVwohiIFSSDGzemsmX9k7165WZre0Nk8hXJWgldcdOVkq/y2mozwZyMSfpavZkNZ8rhz0oJyxOXJesLbDnyjEqvH+2JhwFMCCGEEEI0/NG8pOZPb27+H1dwt2cIXVUIXRBDF2yO3l/c3jrTbbnQaz3XY302H8rmK3tveDxSyGu4bE1K2DiDuQ/8WK/0oTz3+pUjgAT9nCnxi9umdUeqfpMBqbvP28yN9P2nPf3Zra1ffG86223tfeGTt9zjmeCLpcjL9dj4SvThy+AXbWZ97Fy39clsaHQhPLIQHl0My8y9Kf+v7phuPXK+2ojJjVNr0UVzYsGckNc8mS3XH4p2zq1tyUhJx3TuzY0fiLYRu/Y+1PtWvwzIS6SHrvzuNpxp+SrvAcldSXp5PHJBstbizUjKyoVoUtuoa/ZkbL6M2ZOWR2vxZFzBnLSufJV5CeBNZ3rLlZavNl9W3lryvvrQ/6xCGMCEEEIIIUSIJIpftZuhe0UIXRBCF8TQVW1O33+4ttY16pUVfQk/bdtgoXJMt0pJpHz4I5d2CsYKUkpHp3mk7h6+CvqjO+yCLtV3qtPSSNwdle7dW5gHf3ZrL6/fc4wtRySJZzbjbcMeqeuff791ZcAu2Ty9HpPb665GJ1ejiXffhizvRnmO2UJFalYaVV4KyVH9w9vyXpWUle8mM1r9SujKSyTJqh/FSlLW5E5bfVrcihLAVq9WvJK7Ur/SvZuulFSuHrrOQE6+6w5qH/2Vu2/WbhdlTK7GUrUzPpMPgwFMCCGEEPJJI6vyowvhL9qa6hdCF4TQVcXQBZu7V/zHr9dvP3HPbcVL5ZOzfq/v5iqBtOPWwv0gFR2IFo74fwWQJJOu6x3z/fL2rgULoQvCMAihqyqhu4e/2Mm7T91PZoKPXgUfzwQHJ/19477+Cd/wfEh8Nlf7Oh8aXQxLu6ZzZelbrXKL2n+RkeiVvtXPVCQ5ql+Opoq+aD5S2+1ZGlhucYdyEr3SwPrey3JVXiJ98++6Q0tZ+a6WvrUNvFr6vv4qVWzzaYUs99W/yo2iXJa7yEJiqaLewMVS9RP5yG7LYQATQgghhHyiyBq8rOt/adjwC6ELQuWqYuiCSvf+w3XtqM5PZ0Oy9n/y9u0MxgvhhJYrUkQf+OykfCTG6leOGNJsZ3bZ9guhC8KwKoQuCKELQvHu4O29/OUdk3i+13Zl0P71fefNR67h+fCGM231ZbXtwPmKhLGYzGrKhUhSq99QXAtgGZDWld+XpKy0rnwrnChIJMtArXJTeu4umBNyQbJWLstrqAewtq3Ym9Gi15k2e7TDX+kZLAuUG+VtIO8oeTulstpPlH+/2UKlInnOEH4XGMCEEEIIIZ8cmXxF/7DlfrpXhNAFMXTB5uj9L9+sX+q3DU76XyxHVu1JaYb6YzpxSJno2+iK5Q/dcdXkzqzaU0ezc4Ym/Uq4YuuCMA9C6IIQuqoYuqDSukb17t3DKwP2zlHvsjUpNesN5/V9kuUXrSdxMlOSHpYAlne1KNUqAaxflWr1R7WjW2mh+3rDryxnzZ6S6HUEtC29Wgy76xmsh7FMSgB7wnm5XW7xhHO6Mu+N5OWC9HAmd+RPonXEYAATQgghhHxClMrVeVPiTKflwzf5YuiqKukrBTK6GE5mylxjPzHMbMYkO2vhiqELGitXFUIXNCbujjZVrqrSuiCELvirZr9oM1/ss13otUn8L1mSc1txeRFmt+L6Z4OlhF3BnBSvUzI1nJcAlje8vq1YGljfmVnKVr6uO1IbTi2AZV5uX3Ok5Ba5KhdW7dq3pIGtvowzmBNtvqy2wNonis2ejK8WwJGkdn5gMV88TseKO1wYwIQQQgghnwSSvrIO/e0D58Hv6nyu2/r1PYd0Qihe4Naqk4RE1/RaVJoQWtcohC4IoasKoQti6IJK6IIQuqAxendxy+itx86JlciKLekMageskvoNRAtaAGfL+v7wcovNp23R1Rq4tqVXinfJkpAb5d/msi0p3St3nzfF5atksMxYvBlHIOuLage1tvu1DwbLBbnRXtsvOprU9ogWa5ld4qeC9wMDmBBCCCHk5JMvVgYn/P/49Tq0rlGoXFUMXVDpXvFin21yNSqr/vIA6g/lE2bvU8juh+0POKRWa0nlyrNb8Z4XPulAKF5dCF1VCF0QQhfE0H3tr++YznRatK9dFmhdoxC6YHPi7mhT9xr99d2tL9vM/eO+8eWI9Kq283O6lM5p2349Ie0UR1uutC+Sl4KVuNV2eHZqDSyXJWslbkX9qsWjbRBetiZlxlw7PZJ+o1yWbJaFyFdnIBeMFWTJEtvawbfYwPuDAUwIIYQQcsJZs6cu9Fohd41C6IIYuqASveKNB84HLwOji2F2bwNpV8kYKZ/69fdCFnK4hSMPwObLdj/3Xe63Q/E2hNAFIXRBCF1VKF7w8zbt9MLy9VyPFaJXhNBVVUIXxNw1KtUNXh9yPJsLBeMFCeBMvhKI1g6C5dQ+8esMaAeC1hrYpfWtfJVb9FMfSfHqnwTWhmtfpY3lNRf1W2QJ+l2klqV+I8liNKWdhEk/Ppb8oPqvSkHfUFy/8gnDACaEEEIIObHIKvXdZ26JWCheXWPlqmLoqirdK/7yzlbfmE9WyuuPgBiIJovSLXIhW6iY3JkP2ZabK1SCscJH3Rosb57ptdjTudCLpYgoAbZiS7YPe37x/fts8oXQBaFyVSF0UaV1QQhdUAldEFsXhO41+vldU+eoZ24rLr+sWLrkCuYkbiWJ3SHtY72SuxK3Dn/WF8nruzc3PuIrr7a1dhBpeZ/IZUttw6+o7TL9+tBZYiiu7WIt7ytZghiIaYebln990rr6Rw2KpWoqW5bl6Afukttrv9sWox8JrH7lyMMAJoQQQgg5mchq8akOM0SvCKGriqELKtHb8KsOs82X0de8D5F87ZSt9StHCXlgUj5yQR5e75hPQki//T2Q3oilSh+pOqRnFsyJs931kxvpfftFm1lqsJG7DRuJu6MQuqoQuiCGLqiELgihCzZX7o5i6xqF1kXvvvFMl+XakP3OU/foYlhiWKI3EC1I68qbQVrXGci6aseLNnvqm3y1z/36ta3Boiecl2yubTTWDpQl0SsDUrOSwRLD8l1/tCBjMq/dt3ZA6VC8KG8t/fTR2Xzl3nTg8UxwyZL4SPUrVLc/dN/+g4QBTAghhBByApGV7Ev9toPpXt2LvVZZla//+MNAalDfPVguFEva2v9RQx5eY59waeCDr3R5AIVSVUIokihKOEl9SURJld2bCgxO+MUHLwMWT+bBdKDWrti6Ro2Vu6MQuiCELoihq6q0rlEIXVCpXFVsXaMYuqqG9FX9ot30Zbu567nn1UZMXvw1R8rq0/ZklsqVjpW4FU1u7UBZ+ud+5UbpXptP20FaKlfbQboWwPqkfFfCWH5lMiOXpahlaVK/UtfpXFn/pS9aEs/mQuMr0U3nCTzb9nvAACaEEEIIOVEEooWhSf8/XFvbZ/pi6IJK6KJXZQmrUr/SVPVHcEhUP/IBoqQo8sWq/AgxW6hITB6jnJDuld6Wxy/PYsGcuD7kON1pkZKEahW/aDND64IwD0LoghC6qk2Vq6q0rlEIXVUldEFsXaNYuapK6xr9vA093Wk+32u9OmgfW47MmxJmjxa98o9XP8KzJLHUrCSupK8krnxXetgZ0ApZLm84tYNFS/TKjEk/oLRHO1uSL5IPJ4qheFFqWS7IG7W6vb1sSz5fDM9uxT/2BxPkX8TR3PMCYAATQgghhJwcZP34l7e3WtC9IoQuWOte8dqgfcmSyO5+6J2TgaRuqVyVjJRnKurb3I7F6r6OxIm+k2qlsh2IFaSmOkY8X99zXOqzvQ5XDF2wkbg7CqGrCqELYuiCSuuCELqgErogti6IoQsqrWsUolf1izaz7s2HrqFJ/+Ckf8malKwNxgrBuLaJfsudlqv6B4a1/Z9rW4BlRm9jUd9rWr4rv9NkthxLlSR0ZV4aOJPXTritH/sqlSt/7DOQSb0vWhL1K80Y9304dBjAhBBCCCEnBH80LzEAoauKoQtC6IKvu1f8ybcbt5+4ZE29/uM/DSQiRMlIyWDp4fqtLUKWLIv9qJ3SWLg8hWK5uu5Ine22QusahdAFoXJVIXRBDF1QCV0QQhdUQlcVW9cohi6otC4IoQs2ulf12wfOR6+C4uOZ4MuNmDOgfQxY/28W0rRaEru0Q2HpHwaWr1avtulYildmJEGjqWIoXnD4tWNo+SL5aLIo76hIoqj+x5rK648MtApZWqG4878IeQxH5wDUDGBCCCGEkBPC8HwIWtcohi4IoatqSF/xizaTrIXrB9ohLeRjdPUeSLRIPt156n6n7hUhdEEIXRBDV1VpXaMQuqBSuarYukYxdFWV1jUKoQtC66p+2d7kpT5b13PvyHxYuleUxPWGtXMIy2V9z2e5oO8sLRdsPi2V9auekHbELFGGpYfldulnuWD8jIAkseRx/cqBIH8uMvn6J5MPEQYwIYQQQsgJ4dGrIESviKELQuWqNnev+MVd06NXgUP/xO8J5l23AGfylT3O/rof4unS1UHHftIXQheE0FXF0AWV1jUKoauqhC6IrWsUK1dVaV2jELqqELogdC/4Rbv5XI/1bI/15iPn88XIzGZc3+dZQjecKErEStxq+0I7tcNHy43Sxs5A/bzBG86UL5KXt4eEsc2XMR4cTn7pcsf6lQMhmSmtWJO7bSU+MBjAhBBCCCF7UaluR5JFWXdsnLTmY3+U7r15MvMmgDF0VSF0QaV7//H62tkuy8v1WOgDTt5DPgblSgv2ZV13pCQyIXcbQuiqQuiCGLqg0roghC6ohC6IrQti6IJK6xqFylU1Vq4qhC4o3bujZ7osNx44H74KmmunUJLilX+S8lVyt+7rvaO13aRr+0gnMqVArPB8MeypnYVLR/6y5Q+2ReUvZ7ZQMW6FPhQYwIQQQggheyErayvW5NxWfHYz7grmzLXVyqNZwE9ntQDG0AUhdEGle8XPvl2/88S16UrHUtzqe2JJ58pftJlOUPeK2LpGMXRBpXVBCF0QQheE0FWF4gUbY6c6LLceu57MhuZN8VVb0urLOALaeZL09H0TwD5ts7DU8u0nrmVrslCqtvajv8cOBjAhhBBCyF7IyqIzkE1lyw5/dsEUf7URs3oz9e8dMZ7OhjB3G0Loqird++Nv1q8O2PStRoe+0ea4sF07FdNR3UVgLyqV7bvP3PtMXwhdEENXVWldoxC6oFK5qti6RjF0VZXWNQqhC0LoqjbadUchdEEYNnqu23q53za6GJa/VHZ/1qJ9YDi9ZElop0dyp6WK5avZnZG/YNFk0RvOR1OlT7mBGcCEEEIIIXsRTmjnFCmVq5FEccWWXLQkZA3ySK08ZnLlNXvqwXTgbJf1w7tX9+e3NmWlWZ41y3c3pBj1C8Vy1eLNSGx4I9rBeBOZ0pHdSX5vBib8ELoghK4qhi6otK5RCF1VJXRBbF2jWLmqSusahdBVhdAFoVdBCF1VmAe/6qh7ttvSPux5PBOUt6LNpzWw/BOWP1bOgLZ3tHy1+WonUqpVcTp3+AejOiwYwIQQQgghuyIxY/FkoqmiJ6wdWkac2YxtOFP1bx82klmTK9HP75r+s5ayzRorV1UpXqNSMm7DZwWJkCtUAtFCKluWd8LMZvzFUkRy8flieG4r/mQ29MvbW2e6LGv2lITH0Tnf6buyRwAbK1cVQxdUWheE0AWV0AWxdUEMXVBpXaNQuaoQuiCUKgiVqwrzYKN7Va8N2ceWI45AVt6x+tmD9dNW60oGz5sSrmCu8HH+Q40s84j/9x8GMCGEEELIzkjJyLrjpivtCeVkDTJc2wL8ZCZ4dM58K4/nP19fb1X3iv9wbe3ntzbNniO6j/fBUyhWM/lKNl8ZmvJf6LVeGbCf7rR89u2G0Z/UHJr0y/zx3PSrUals37jvaGX3ikrrGoXQBZXQVcXWNYqhCyqtC0LoghC6IJSqKoQuCMMgtK7qqQ6LeL7H1vbM0zfmax/2PHgZnNnQDmHwakP7j3eBWGHBnBiY8EsMF1t9GjN5/2fy5SO+fzUDmBBCCCFkZyR0lywJmy+z7khJALu1k44URhdC3ki+PnF4yApmJFE81/16n2cIXVWldY1K9+r+9Ka253P9Z3ySuII5uz+bzJTFTVf6Yp9NquOb+w5j8cot0hJzW/Hx5ciqPblgSowtRZyBbH0RRx5p3WSmBEcAlnTpGPGc8O4VldY1CqELQuiqNjJ1RyF0QRhWhdAF9e7dTe0sSt0W8eqgfWIlIu9eeWOv2pKRZDGWKhnPjfTh7HG8gEKpehQOwcUAJoQQQgjZmXyxsmhOSPpuudLSwJI6m87UijWZKxzaPq6ZfMURyC5ZkkOT/s/vmrByVZXWNdroXvGrdvOT2aAnfAh7Pmv7TNYvHg4SuuMrUZsvO7ka/bLdIgUowSBKEenFe6rDrF/46c1NqQib73hvIc/kytFk0RjAyWzZHcp1PfdC64IYuqDSukYhdFWV0AWxdY1i5aoqrWsUQlcVQheEUgUhdFVhHoTQBSF0VWFe97tHzjtP3SML2vHtEulSyw9xp+8HIV3ti+QbC5cLDn82kiiGE4WW/8R3ggFMCCGEELIrEpyygugN56fXomv25KuNWDxdqn/vYJFHMrESlTXaf7y+Lr2KoQsqrWvU2L3if/l6/eZDZ+Dw9usulasHv0K8Yk32vPA9ngk9eBmU6P3s282ffrelVy4ogfR8Mdw+7LnYa12yJMKJ430uqGpV2/wbTb0J4GK5+nwpcmXADrnbEEMXVFoXhNAFldAFsXVBDF1QaV2jULmqELoglCoIlasK8yAkq6qxclVhGDzVYT7daZb3c/+4b3gu9HK9xUe217fxFkragQMbHwqQC3KL/EuXMG75rtfvBAOYEEIIIWQv0rlyMFZYd6Rk7U1W3Q5l28WyNXm609KSj/iCEjAjC2FJ0PpP+gRYtaWezoYkvSR6X4vR2/CXd7YmViLy+sRSJX/08Hd9NyIpCxty90muUImlivJ+1q/KcjK5ciBW6BzxSK/ut3tFpXWNGitXVQldVWxdoxi6oNK6IIQuCKELQqmqQuiCMAxCqapC6IIwrCrpu6PSw6MLYbs/25LDvmfzlUb37oj8FdV/kPZH9cD/+DCACSGEEEL2QlbTZC3tsBLRF8n3jfn+yzfr2Lqg0rpGIXp1f35r88F0IJk54Wc6yuQr8gTlZXw8ExqY8Hc/9+3dvT+5uXGp33Z9yPHNfYcE4aYzJWvz9WUdPaRY5KnVr+wbiZMd38/eSP5cjxUrV1VpXaMQuqBSuarYukYxdFWV1jUKoQtC6KpCrIIQuiAMq0KpghC6IAyrQu7u5tUBm/y1kRIOxgt7F+xuyL3k30ss9WbDr0oiXXIGsoXaf7iRsff7QR8CA5gQQggh5CgSThT7J3z/dGsTW9eo0rpGoXgb/tN3m12jnnlTvP6TjgDlynapdYfGkVVwmy8rTqxEb9x3Svp2jnp3614p3p9//2bn5/5xnyeUS2XLxdp/9Tj4tfP9o2860x9k46TE70e1ui1Lc4dyF3p3D2CldY0aK3dHldAFsXWNYuWqKq1rFEJXFUIXhFIFIXRVYR6EUgUhdFVhHoS+3b/XBu23n7ikhFdtyXf6b3/yRsrs+R+M8sXKqj0p7zRXMJs5pHMRM4AJIYQQQo4WnnB+cNIvVYC521BpXaOQu7oX+2xXB+yX+22dIx5XMHe4B6HZkVY9IHl23z1yGXLX6JvubXj3qfvygE0uXOy1ji9HDvEIZzsi+bH3x84Lpap+qur69f2h74MqX/XCT2bL0vySJRd7be/UvSKELthcuarYuiCGLrhL6J7q1A53LL9W+Xq229K4HYTQBaFUVSF0QRgGoVRVIXRBGAahZj/Q9mH3ijUZTe73DdbYvXlHgvHC5GpkxZqYWovKW65+aw2518EcIJoBTAghhBByhNh0pc/3WLF4dZXWBSF6da8N2udNCQkkWd1M58pHMH1bQr5YkSe44UzfuO9sjt6du7fhF22mn9Tqd9OZqi/rKCF9u+FMSdXXrytIwXpCOfn9vtPGalmsdHUio50CR146uSyvXiRRvD7k2Gf6QuiCSuiqYusaxdAFm7u34cU+m/zbudBrvfHA8e1DpwTwuR6LXPhEuleEdm2VpzvNl/ttEq7hBO4aLcm6/z8p3nBO/pWZPWm7P2t2pyF3tYNjtfSETLvBACaEEEIIOSrMbsX/4brSvaLSukaheHWl64Ym/Wv2pKROfeknkWptG+aSJXlt0HGh1/bz7/d1aKuf3Nz4p1ub0r3iT29uPJkJ+qP5lm99koeWzVcysuAPW3K2UNnj0NP61jZ5EaRjG3Hy1o1pMpDMlKV7daWE5aFuOtMXeqwQuiCELqhUriq2rlEMXVUleo1qcdtukg68NmQ3Fq8uhK4qxCoIoQvCsKoxU1UhdEEYVoVebbWmhhd7Lb0vvFOrEZM7rX82vlR+h/P6Sj/LP7RcoWLzZSSA9beu9g+kduHAdr5gABNCCCGEHAnmTPF//Lr5YFdK6xqF4jUqjefcfZvhicHkzvSP+7tf+D6/a95P9+pK9EpKne2yyIXLfbYv20wTK5H6Ej8YaV1Zjy+UtDCXq/mitqH1YP4bhHHTXLG2gXePMpFvGes3lS3Pm+Jnuiy/vIPFqwuhq6qELoita7QpcXdUaV2jxso93WW5fs9+ZdAmJdy4EUIXhFIFIXRVYR6EUgUhdFVhHlRKtbW+6V5V+efTNepZtSfr76e3IZ0cSRQb24rl7eeL5KOpotxu82YKRS195Q0sA/vP6feGAUwIIYQQcvgsW5Nvtv0qrWsUWldVMubxTLC+3BNKMlue3Yx/3mbs3rekr76912jvC28mV57ZjF3stRr3vZSV8kz+fQ7Pk0iXesd81wbttx67pCr1G2W1Xo/hA0N+miecl96Qx7BbTkiTx1Ja/Uquy4spk989ckH06kLogkrogti6IIYuqLRuw1Odu36ytyGELgilqgqhC8IwCKWqCqELwjColGprxdZVfDN8utO8Zm/64IC894Lxgn6EZyPyT0D+TRnfjXLZG85J+qYNh8KKpYpv3Q4sb1348PC7wgAmhBBCCDl8+sd9ELqqELrgf76+9o/X1x69CkrV1Bd6DKlWtd2G9wjGaLI4PB/++p7xg77YukaNxXuu23Kpzya5e77bKvXbWPOW9Wl9b8wGrzZi8+ZE/YqCrM1LMc5sxu9PB54vhidXoy+WInr6/tN3m+LPb215QvvdAv+BeSwFYvVl6ldq5IoVVzAnASxlmy9WMju9nslMWQJYnnilui1j8p6589Tduu4VsXWNYuiCSu4aPdttvTJg23EnZ10IXRBKVRVCF4RhEEpVFUIXhGFVY3x+BCF0QRiue6HHanKn6++qWtZOrESCsUL9uoKxgeFtKd+S9+He/xzkm2v2pNnwE98DBjAhhBBCyOGz4Uz97LtNKF5dCF1Qulf3Z7c2p9eiEHLHjlK56gzk4EOzsta77kit2JKDk/5TnZb9dK9oTF/xxn2HN5xPpEvJTCkUL+y2ni1BGE4U700FJLHmtuKN9XW5XapyzZF68DLw9T3H+R6r3ro7+rNbW5f67BLGNl82kixKtDsCWanNYlk7zI/8dLs/u2pLrtqTFm9mai1q9mQae4eqyCPd49c6uxXvH/cZn06+WM0VtOiVHydFIU8nkys3vi+Tcln/ALC82nJLoRYd0vBv7V5RCV0QW9cohq6qkru6Z2pHcj7fa706aD/TZdnxwM5Quee6rWe6rPL1qw5L48Y9hNAFYVgVShWE0AVhWBWas9VC6IIwrGo632NxBbP6u0tIZLR/YnJBf3cZkX9N+rm7dkTehMY83g13MCv/oOQtu8c/mb1hABNCCCGEHD5SLKc7zfvvXrGRvmLbM/f+NzkeZaT01uypYPzNFiRfJP/wZXCf23tF6N6GowthWZqsZMdSWvBJDO94wlIZ8IRz0qs3Hjh/+t3m2HJEwnt6LSaRKSUGoQv+7NaW6tf3nOLpTst3j1zfPnTeeuSShGvc5Wy3FtJXBuyS/fVHoCDvjcY+n/LwYL1fbtltu5nkhNSvvJiSu419vGVpUrzZgrbraamsbXOTVziZLfeM+U51Ws72WKF4dZXQBbF1jWLlNvt57UO8xtw1qsfttSG7ROYX7doxrvRbjOp9KyV5bdAhFy71268OOuTy5X67fJVX2FiqIISuKsyDUKqgsXJ3FOZBJTVbK4QuCMOqTfO3HzsbW2XlnbjbwZzhTSr/2CWS5b2905v3Lch7+70/Ws8AJoQQQgg5fPLFiqxWvmv3ij//fnN8ObLHdpVjh55n8oIsWZLD8+HTndb9pC/kLnpz8+GroF6Jsuosa94dI56vOiyji2HpWyjhYKwgt7cNe35WOxWQZHCjV3f0Z0r0gjAP/uyW5qZr5706pRBqm2rriSDPQK7qlwE9d0PxQqOWBXkxRbnd7MlYfZlVe/LVRkyc2YxtudPzpvi1Icf5XtuFPpvee/KatKp7RWhdo9K9Nx86L/RaJW7lMcibf8f0/fq+41SnudG6RvXubSg5er7HJhekeE93WoyZuqONxN1RGAahVFUhdEEYBg2R+TFsCtedhHkQht94rtsciOa1t1zthGT628+I/OuDbcLyZpY3bTRVlK/1mw4EBjAhhBBCyJGgb8wHrWsUuldXKs7uf7Pz4QlAUi0QLdh82aHJQAu6V7y5qXumyzq1FpWynduKbzhTkWTx/nRAOkr69lK/7flSxBfJu4K5vnGffuNbu1f8mdK6RmEY1LtX9xffbz2dDe24n3Olilu6nMGcRLuEbjJbllYX3aGcJ5R7uR67NmgXB8b98lzyxap+dKuJ1eiNB86rg/bG53v1XZ0vD9glfY252/D6Pcfnd81K7hrF1jUKrYu+TtwzXZaLfbbG1YaNxG343SNn40O/xuhVhVJVhdAFYVgVYhWE0AVhWFWpzdaKydosDIMwrNi+Jc5uxuQ9LFmr/5cm+ZKvHd55DyR95Z3c2KlB5vXdp43IcmrLaxkMYEIIIYSQI4GkrLTQfrpXt3fMe8BbTj420r1nu62/vG2SeoTQVcXQBV93r1FZrH7hV3dNksHyEyURRxbC/3RLy11JL2m//aSvLGcPYVjVmL4Nf/69tru1/jo0kJww/orl8oYjJQ3/RZtJQlce+fBcSByZD18ZsJ/utEhIy7N4PBN8sRSR7p1YiT6dC+nFK09Z79691fv2u0cuiUlD7jbE1jV6dcD+/WPX5T6blK32SV1N647pK57rsUryGW9p5K7q+R6rvDGMoasKpQpC6IIwrGrMVFUIXRCGVZXabK1KrDYJw6ow32ytexue6zI9m63vZyFIyr71POTyDg8YTsEtd1EPwF4qV/XzJLUKBjAhhBBCyJEgX6xcH7K/NX1/eXvr7lP3wIQvljrGR3sGZB3XGchd6rdD5api6ILNxauq960oNfj9E9eDlwHJTqmvD+9eEeZBKF7w599vSWi92oiZPZliWYuIJUtyaNLfPux5NBPcdKXXHalFS+JCj/Wbew69deW7zxfDz+ZCXaPe3jHf0JS/c9Rzvtd6/Z6jY8Rz95lb7ntvOiA3do565cIp7TS/WLy6SuiC2LpG9bi90q/V73cPNe88cfeP+/rHfJf7tX2SG4mr7fA8aL88oG31lcvyLOQCtK6qsXJVjZmqCqGrCvMglCoIoasK86CSmq1VidUmYVgV5ptt7l5weC6on8ooW6jY/Rl9i64krvZJdWUfh3SuPLsZC8YKjW9tOFNmz74O8gw7VO8fBjAhhBBCyOEjK4hPZoL/+PU65C54bcjuDGj7POOK5HEmkiz2jfn/6dZeeztj6IJK6IKN7t1RKFVVCF0QhkEIXVVJX6OnOi3dz709L3xfdVjkqoSu7tluq74hVFr3TC2Abz3SAl4a+MlscHQx/GIpMrkalfLUN/nqSgz3jfu+feiUC2e68QBXSuiC9cT9ok3r1cbVc92Wr9q1777ZtHvH9KWE7h3TF3fNUsLXhxznuq3SURf7bOd6rI0AbiTlx+5eEUIXhGGw0ai7CaELwjDY3JktV4lVFOZBGG5WaV309WTniNvi1U7NVShW9a278rVY0i7DIdyWLYmvB22uYFZvZsHmy3jCOxwQTgrZ2M+ynPfbL1qymQFMCCGEEHLIyJrc4KQfWtfof/l67b/eWJfOOQoHu9pttTOb145cpV+WNV19xXcPZIXY5M5Itp3pskDuNsTQVVVa1yiELgilqgqhC8IwCJWraoxe1Ub3NpTo/ard3D7ske6VItX79ot2070p/81HTklNUUK3Y8Rz44GzsbH3Yr/t8oC9bdjTiF5RCV3Veuvqyo8712PRL0sJy2P45p5DSk9P39O1C6fatQCWB/ndI5fMNKJXFUIXhNAFoVRVIXRBGFaFWAWNlasKw6pKbbZWQ6nuIAyDMKwIoQvCcM0LPZZNV+qtfwTC8cKDaX9iH6cud/gz6/akXEhly7HacbN8kXz2dTY3aOyALf+74yZi+bPDACaEEEIIOWT80bwkLkSvKNErLXF/OrDuSFlrW1QOHe3QSplydfs3ldqxlOu31lYrI8liLFXSt/BIDOu3q8i9ZOVVhjtHPZC7RjF0QaV1jULoqkKsghC6IAyrQuiCELogRK+uvsPzjfvOwUn/w1dByd3r9xx6AJ/qNP/yjrbRWL8qt99/GZCxa0MOY/FKEksJ7yN9m7oXlL690Gu7+9R954lbAvhKv/1Sn0283G+Tq1cH7BK3+keRpVSNxasLoQsaK3dHoVRBCF0QhlWhVEEIXRCGVZXabK1Yns3CsCrMNwuhC8Kw4rku0/0pn8WTDsYKuULFeDLqBqF4Qcq2fuU1jYhtICnrCeVcgazNl1m1JVasCVmgO5id3YxavWljBhujV/1xOgxgQgghhJBDZnotCukrfvvA6Qxk1U0ch0smX1+RlY4tFKvyNV+sSP1K8cbTJQlgfSC503lQBLs/e33IcanfJmEAxauLoQsqrQtC6IJQqiCErirMgxC6IISuaiN3v5AgvGv6qt3cP+6b24pvudLhRHFoyj++EpGV+3VHang+JJfvTwcevgo8X9I+A7xW+3jwyEJ9L2iJ5LM91nM91vO92mZhuSxxe+epe2jS/1WHpbl4dbF1dbVjSg/Ztc/x3jVL2Urxynvy2qBDove7hy4p3gs9Vm3zb+2IVsbWNQqhqwqhC0KpghC6qjAPGjNVFUJXFeZBJTVbK9ZmszCsCvPNQuiqwjzYPCwZ/M2QTao1kijKHwr5i2H8D2eZfNnuz0STRXlv65uLK9VtdyiXzr35AyJ/bfzR/NRq5MViaGjSe3XAMjDuebURlSSeN8Vu3LctmuPG+bfCACaEEEIIOWQkdM90WRrp++s7W/em/OrpQI4gss6aK1QqtTVXWQeVAE5myo5ANpIs6gM6qWzZ7MlImEluQfHqYuiCSuiCELoglKoqhC4IwyCEriqELtjo3oanOy23H7uWLMl8saq9trVa0P8rg1yQeCiWq4mM9jrLgLywEg9Z7Twy2nb1RLokl+XFlx5esSUljEPxgjecvzbk+PqeQ9p4eD78+ZvDO2uVe6nfdnXQduO+4/KATf9kr+6v72pHdZYUP99jlQuSwXJZ297bZ7vQa/v1Ha1doXWNGhNXVbr6q3ZtQ/FuQqmqQuiCMAxCqapC6IIwDCqp2VqV2kRhHoThZpvDdQdhHoThZq/2W20+/VPBlXCioP1RqG3p9YZzk6uRl+vR2c2Y2Z2OpYqZXPnepM+4WbhQqkroPpsLXB+0nu7YuvXILg3cP+bZcqXmtmJdo67J1fCyJR6MaYuVfxES1fF00ZjZAAOYEEIIIeTwyeQrJndaEmVsOSJJU7/1WCEZHJcAy1ciiaKshuo3bm//Zs2ekoiSVoToFTF0VZXWNQqhCxozdUchdEEYBqFyVSF0QYhesPu5V8JVXsmw4ZU0ImEsVSDFKy+vXJaXPZktS/rKcDonASDvpYy87A9eBuUdZfdnN53p20/cEm/6eXcblSue6jSf7jRfH7J/fU/L3S/aTOe7m85d9FW7+UynRTtic+3jvhKQxtBVhdYF9b49122V5TRyt2GjUXcTQheEYVWIVdBYuaowrKrUZmtVgrNJGAZhWFHp1SZhGIRh1Y66nSNusyetb+aVd6+UsCTx9FrEHczObEQfTPtfLIaWLAkJ4I5hl/St/lYv1Y6IvmJLjMwHH0z7+sY83z92nO0yXegxSQZProQTmZIs0xPKrdoS8pdzxZqIJArPZgMyry9BhQFMCCGEEHKYyOrdyUCeiKyMSoxJhuWL2nbI6fXY7ScuiSLoXhFDF1Ra1yiErirEKgihC8KwKoQuCKELQujuYO2jvOd6rAvmRCxVktcQTotarO0pKi+vvNryOm8402PLkbvPPLrfPXJ9/9jVOeodmPDfuO/Ut/ReG3K0DXsu9NqM3Qv++u6W1K+eu5ckkg0B/Mbm0AUhdEEIXVUoVVCL2w7z1/cdxtxtCMOqUKoghC4Iw6pKbbZWJTibhGFVmG8WShWEYVWYB193r9Fz3aae5+7Hr/zi3afOTWdK/lz4wrmzndoHhkfnQ/p/7nEFszcf2pOZUuNvYyCan1gOT61G5MZQvHC5z3zroX10IWh2p7SWLlXt/sz4cnh4LjC7GZV7yRJu3LPJd+v3b4YBTAghhBByaMgK3m4HdpbOKb3tGKqHTrXadDKSRLoka6iBaGF0MXy+xwrRK2LogkrrghC6IJQqCKGrCvMghC4IoauKoQvWurfhqU5tU600sORBpvlwYtFk8eYjl3Tvii3Z9dz7eZtZPbTVtw+cgxN+KV6p2dotWuK2D7tvP3Gd6pRbmtJX/O6hS+5ysbZj8w4qrWsUQlcVQheEUgUhdM90W+EWmAehVEEIXVWYB5XUbK1KbaIwD8Jws1CqqjAPwjCoRC9qGJYG1v9rzv0p35lO09UBq8WTTue0HZhXbQmHP2M8opW0sff16ZGcgcymUzsidCZXfrkeGRj33Hni6BpxSV1L+urH0Pr+kf1Sr7lxFyMMYEIIIYSQQ0PW1BoBWd3WLovFkrYKp+/mWv/eESBfrGYL2obHBpWqts+z/iFVQep3djP+eCZ4oRfTF0MXVEIXhNAFoVRVIXRBGAYhdFUhdEEMXbC5e3Ulfb9/4pILp7ssvWO+qbWYtO6cKT6xGpXivf3ULcV7ttv65c6HszKd6bLeeuy61N+0vfeLNqlih/xqHr0K3Hzo1G883WnRDnM1qB3LSlJ5x+6VFJeI1b82olds9O1uQuiCUKqqELogDINQqqoQuiAMg0pqtlalNlGYB2G4WUN57izMgzCsCqELwnDNy32WQDQvfzqkgbdcqTOdW1LCxXJVAtgTzvkiOePneCOJgnFvCPlDJH8lo8ni9Fqkc8R1pc/sDmYld+Vvpnwrlio+eunve+G+9ciuNjADmBBCCCHkcJBVvZR2yJaKrOfJmty8KbFqTy6Yta+RRNFQmkeCQlFWTN/kriAPWypdv+yoHcfrJzffpXtFpXWNQuiCUKqqELogDINQuaoQuiCGrqrSvQ3P91ov9GmnLNpNKF6wFqhv0lc81225PmT/7qFTuvrGfcf5nvpHfD+/a/pSWrStOX1fJ648Binkq4N2KSv5Ku2n3w6hC0LoglCqqhC6IAyrGktVFUIXhGHV5tRsuUpwNgnDIAwrKuXZJAyDMKwKoQvCsOKLxZD86cvW/mPf9HrE5E6lc+VFc1wuSwYXipVkpmT2pCV9pWn90bw7lJVmlmDW/+xI7ErfzmxEH7/SjhpYKlflW8lsKRwvSD/L5JIl3vPcDWdaYgATQgghhLSe7W1tA2n9ikJt84V22GQJSFm3m16LDc+Hx1eiU2vRkYXw88XIsjVp9WZkpbBU2d5jOQ0aP06+7HH40w9BfoQ0cP2KgWKpuuVOf/vA+Q7pq7SuUQhdVYhVEEIXhGFVCF0QQhfEylVVctcohK4qtK5iU/c2PN1pvv3Eda7beqZ2ICvVqwP2rlFv2zO3NGQjgM/1WCWuGlchdEEIXdVGo+4ohC4Iw6pQqiCELgjDqs2p2XKV4GwShlVhvlmlNpuEYVWYByF0QRhW/Kp9U/dCj6lj2KVv2k1kShuO5LI14Y/kGzs/S/eu2RP6Z4M3ndphn7dcKXtt72j54ymJu+5Iyu1SwvIHULo3kiikstqx0PW7CzI8sRyWBpYBiWq7L8MAJoQQQghpAVKqmXxFP8apoJ2rJq2dx0hqVNbGoEmlUUV/NL9gTkg9ji1rxTtvSsxuxZcs2oW5rfjESjRX1BYoa4ey8L2jVsbiae0AVK5Q7sA+ORxNFp8vho3pi6ELKq0LQuiCUKoghK4qzIMQuiCEriqGLqi0rlGoXFUldEEsXhByF9WO/KyVnpRkI3cbQuiqGitXtRGo14cc+o8wCqGrCvOgHqi7CaGrCvOgkpqtValNFOZBGG5WqU0U5kEYBiF0VWG+2Ub3gt2jbqlciyc9OOGdWo34wk07P8tfT/0cYOlcWWY2nEmrV9sm7ApmTa6UM5CVrNUntc2/mVKhdlgsuSpVrC9HBmT5L9cjVwfMV/pMDGBCCCGEkBYg614StPr6lnyVFo0ki7FUMRQvBGIFvV9lTU5XLsvtIwvhidXo09nQs7nQ1Fp00ZJ4tRGT7n2xFFm2JSdXtQ3Css4XTRXDu+8Rra8oyk+Un+IO5eRrKFHU1//026WNDSuTrUGejhT7mS7LoXevCKELwjAIoasKoQti6IJK64IQuqASuiCGLoihCyqtaxQqVxVCt+H5Hpu0pVqqF3pt39x3aB9drt0CoQs27rijxkzdUWPlqsIwqKRma1VqE4V5EIabVWoThXkQhlUhdEEYbhZyV/VUzeuDlqnVsPzNtPkyJncqHNfO6yt/aqRj9Z1l5Kp89UW0jweXK9VlS3x2MxpJFDadSX0TsaDvFJ2tbVJOZbWdovXbBenqieXQ3FaUAUwIIYQQ0mJkdW3TmfJG8rGUdlTk+q2/+Y10rN2f1YtUWndsObJgSjx4GRic9Ev0Lpi1LcAvN2LD8yHJ4HlT/Nl8aHQxHIwVGkFrRG6UH5SU5clKX+0URP5oQb6aPRm5iz4jWS4drm8/eStv2cr8mkC00P3cK5mEoauqtK5RCF0QSlUVQheEYVUIXRBCF8TQVVVa1yiELqiEriq2rlEMXVBp3YanOy21jx9brw3Zbzx07mj/hG8PByZ8Q1P+gUm/XFDtfuH79qETlCq+2G/T1U8OvIcQqyCELgjDqkpttlYlOJuEYRCGFZXgbBKGQRhWhdAFYVgRQhfUu9fo94/snlBO/p5tuVKrtoTkq/yJk7858qdJbpE/qtofz6q2U4xcuD/lHZr0umqnEZZvaalc1epX+lkGoqmitLG+L7R8KxjL6//lUWAAE0IIIYS0GMnOaLIYT5f0s7bKLbLuJTc6AtkVW7JUW4eTvpX0fTobejIbfDQTvD8dmNmMjS6EH74MdI54xlci646UKLe8XI/tmKayauiP5j3hfLZ2GC25RX5cNKXtCG34BF1J1L+7B/LwZE1R7qg/2h2Rkh9ZCEv6ft72tvRVWtcohK4qlCoIoQvCsCqELgihC2LlqiqtaxRCV1UJXRBb1yiGbrNnu7S4FbW4feC8+cjZN+7rr3l/2i/VKj6eCcqbTXu/bcS23OkdjSSL762UCSxNXLYl9R8qygPQH4l4T0L6dTm3j3jkAYvXBm2X+m3ne6zN4YqtK57tsl7ut8sF4+SOKrXZWpXgbBKGVWG+WaU2m4RhVZgHIXRBGFaE0AUhesGr/ZbptcjUqvwBTLoC2czrALZ607ObUfmL1+hYeUctmGIv1yPuYNYdysothVJV/vDKsM2XfjCttbHcIn/TpKUHxz3RZP0/CzKACSGEEEJahqRmoyClQqOpovSnFK9c2HCmPOGcrMBJZ6ay5cnV6OhiWBp4disuGfBiKTI8H3q+FJ5YifQ890oGr9lTcpclS2JsKZLJV2RpErrGbbmyIihXN11pUQJD6leuJjIlGZPvyiORNb9grCBrhHK73Kjf3sAY1fLwgvGCcXdBQB7J1UE7hi6otC4IoQtCqYIQuqowD0LoghC6qhi6oNK6RqFyVZXQBbF1wUblftFmkji81GeTxO0c9Wpx+zIgMSnvMb0wJ1ajjfJsdOkev/RDJFfQ9lzQdQSy+mOe3ojJPxm9k+9NB/Q8vvXYdfOR6+qAXYr3XLf1fI/t63uO7x65JPWhdY0qqdlaldpEYR6E4WaV2kRhHoRhEEJXFeabhdAFIXT39mzn1vBc0B/JN/5MyV+2zdqnf+UPXf2m3/zG5NYOiyWpvGSJF2pHTJD3c7lSlTAengusWOPyRpK/k1Or4fHlsL4zTr5YYQATQgghhLQAvTalbI1hKemrb4OV6E1m6x9jk6tWb+bZfEg7uetKVBJ305nS9oiuNfDL9diyVfsA8MhCeMWWlMvSxnKXdK6s7fCc0XZ41hcuyCUJV7s/K53gDuUS8lMyZflZemPLql597je/kYSGAG6Uj+RxJlfecS9rQdY7pcalITF3GyqhC0LogsZM3VEIXRCGQQhdVQhdEEMXVFoXhNAFldAFMXQbft621QjdjhGPhK7UoDTh41ltE+6iRTusmjeck7fEbr/TE0C1uq3nsdmDbSzBPzTp737hvfnICVuMldRsrUptojAPwnCzSm2iMA/CsCqELgjDzULoqkLc7tMznVujC8E1e0L/QIczkHn8yt/7wi0XtDfA9rbYP+Z5MOWd34p2Djufzfr1/z4YiOZtvrT8nVy3JxbNMbmq/0PQd2/ZcCQZwIQQQgghLUDiNhArGHc2lkuy4qUHcDKj7Q4tM3KjrLLru5u+3IhJ906taQ0s3Tu+HHk2F3oyE5QSnl6Pzm7Fp9e042BJBsuKvixYclrW6iSwjXs0S9a6gjkxFC94wnmzJ+OL5BsdLl8LxfoxUVWkkGWVUf8Ucf2m18jtnlDu3pT/XLcFi7eh0rpGIXRBKFVVCF0QhlUhdEEIXRBDV1VpXaMQuqASuqpNuStpdKHX+s0DR18jdGtvHv344Sc+dN8DvY31Pa61g8zNheRFu6/tU+2XJL5e24+6uTw/XCU4m4RhEIYVleBsEoZBGFaF0AVhWBFCF4SgfQ/Pdm49nQnUGjg/sxHVb5QLmbz2960WwO6+F+4FU0zqVzS7U/KXNpIoSPdqpxEuVVdtibmtmJ6+clX+AsstDGBCCCGEkA9C6lHf8gDnH5JVNAnRaKqofVI3lNNLWFbCpHtfLEWeL4Y3nalFS0K6V+pXekZuXDQnxJH50KOZ4JPZ0MxmfHg+rB1EurbAXLGSyVfyxfrnivWvskony3eHcuKaXfvYsASw/FD56foDSNQ+2ZvJNW2a1pFanjfFDXtta8iwN5y/9cj105tK8eoqrWsUQlcVShWE0AVhWBVCF4TQBbFyVZXWNQqhq6qELljbuntX27p7fcjeMeIZnPQNTWvbdSfXtF2XQ/GCvgcBeQ/SubJUsbyMc1vx0cWwvLD3p7WPGbcNu7+573jfJFaCs0kYVoX5ZpXabBKGVWEehNAFYVgRQhds5GtLrJ0o2Nn7Qgvd2i0bs5tRkzuVyGhHOliyxCVop9fCLxaD9ya90sBjS6F5U0yaecuV0neWliSOJrXzJMnfuViqKGHMACaEEEII+SD0BNW3wsk6lqxqS3bq21TlqqylyZq3tgm3qp3MI54umT1pyd0H0wHx1UbsyWxwbDmy6UpLAD94GZgzaacCnlyNSv1OrEYfz4SWrdpxs2SBwdqJjvRdl+XHSdlm89rRtsKJokSvzZfxRwu1bV95VzCnbW3WVvi03aH1zbxywbiBWpA7XuyzTa/H9Kvy8ORnXRmw/frOToe5UloXhNAFoVRBCF1VmAchdEEIXVUMXVBpXaNQuapK6DZ5utN8sc/67UPtqFSSZPdfBkYWQvJmkF90rHYeafKR0P9hyr+aFXtKS+Lakbe6n3v30cNKbaIwD8Jws0ptojAPwjAIoasK881C6ILGav0IbojXBy0j84FFc0yi1xfORRLaAQ7kVyl/CbtGXbcfO54vBBfNcalfVzDri+Qy+bInlJtei5hcKfmD2fgvfQxgQgghhJC3o2w91ZAolQSVyNQOxVzbOpfIaKf/jaaK8IFbSdDa9tuyDMhVkzst9StV+d1Dp7af82p0yZpcd6ZGFsLP5kJSpLNbcQngNbt2iwzL0sqV7U1n2uHP6psB5ZZkRvugr/5xX5sva/Fm5LIsXx6PlLA8hkJtW7F+iyec05bzehOirAzK6qDc/uu7pmuDdrlFSuC7R84d0lcJXRBCF4RSVYXQBWEYhNBVhdAFMXRBpXVBCF0QQrfhqQ7L5X5b27BnaFI73LH2qe/aUZflbaP/NxRyWMg/KHcopx2YutbD8gvqHPV8fc9xsdf69nDVNFauKgwrKsHZJAyDMKwKoQvCcLMQuqpKrLZWLX11L/aapH7DiYL0rTuYHV8KzWxE5Y9wqVyd3YyOLYVs3nQ8XT8coPx9C8cLkyvhieVQLFWUP5vaH8N0KRQvMIAJIYQQQt6CrDzli7UNvK93PNapbmtnHpKMFOVCqbItnWn3ZyU+5apxUnpV6lRujyaLmXzFGcjem/I/fBl4PBO89dj1eEY73+/L9Zik7/hKVG58sRQZq+0aPbYU0XaBrm1JlguekLZpV8pWVuOCsYIsU89dqzcj35USTmbKmVxZhuV2SV/5WfomYsljieTGYbFkgaJMysP4+a3NR6+CN+473il9IXRBKFVVCF0QhlUhdEEIXRBDV1VpXaMQuiDkru6ZLsv1IXvPmLaN99GrwNxWzBHISm7pvwtyNNF7eNGifSRB7+GOEelh+/keS3N/QuiCxsmdVIKzSRgGYVgVQheEYUUIXVAp1db6pnuNXuje6n3hWjTHNxzJ4bng8FwgldX+HUnvGg8ZbXanXIGMzNh9Gbms/2dH+au4Zk+Y3CkGMCGEEEKOHLIak86VG815uOgbUWXVSnJXmjOR1i4bkcjUt8oWSlUpUqlNVzAnX/UbhWLt7ETJrLb5V8JVviv98/BVUKJXP8jz/enA07mQFO/UWnRuKz6yEB6c9M9sxm2+jCzc+OP0/aslbtfsqVV7StJXHo/Ur9mTkSVL0MqLph/aSiZlDV6+a3KnpbfXHdpJlWRS7l5fVg35iS3sXhFKFYTQBWFYFUIXhNBVxdAFldY1CqGraizez+9qZyT69qGzf8I3OO1/Nh9a0X5Z9f3kyXEkli7JP9t5c+LRTPDetL9nzPfNfceFHn3j8I4qvWpUqc0mYVgV5kEIXRCGFSF0QaVUWysWr2J9sve5e2I5LHGr79WyZIk/XwiWK/rHQyrzW9EFU0z+DMrVQDS/aI4VirXzIa2ENhw8CBYhhBBCjh7Sci+WwpJ/Um6SlFJ0h5jBEsDRVFHSN5PXklLCEg52pW/XlfUwuV3f4uqL5OWRS2rqu+fp22llTG6XMJYMnt2KS/FOrNQ/6PvgZVCUFevnixEJYLl9ej3W+LxuQKo7ox3ISn60XMjmK57ap3zlayRRlBK2+bKOQM4ZzOl9LmOFYi25MyUZW7UlpX633Gm5bKl1sr5YmZFHdanPtp/uFSF0QShVEEJXFeZBCF0QKlcVQxdUWtcoVK5qI3q/er1v8+CUX6J3bDmi79isv9rkJFEoVb3h3IIl8XhWO/GSHsP72lNaqU0U5kEYBiF0VWG+WQhdsFGeH00IXRCGNa8NWJ7NBkbng/IXT98jOhjLh+L5DUdSojeZLcmfX/lr7Allly3xh9PeJXNsbCnIACaEEELIkUPWWiR9Jds2nKmX61GJN2/4zb5th4KUraxj1a80I11qctcOWSSJm9S2/ToCWbs/K1Eq8SPpLvUr39UaOF2y+bPyXJKZsjOQk0CSypX6HZ4PP3oVfKg1cOD+dEAa+NlcSJaZK1QkoeWOVm9GFit3lNyVq6K+MVnb4TlbfjobWjAnZFh+ivxo+a6UtjwYueCN5GU5q/akRLIEudSv3ChdLQ0sN44uhK8M2KByVSF0QShVVQhdEIZBCF1VCF0QQxdUWheE0AXrW3rbTBK97SNa9D58FZje4L7NnxylctUfzS/bkk/mQkPTgb5x37cP7Jf6JYbfqV2bh0EYVoXQBWG4WQhdVcjOVguhC8IwWB+b2YjIL6JYqpYr2v4vK9b42FIokigUStrluc3ooinW+czx9aB5cNw9uxFhABNCCCHkCCGdKxlp90lAZrZcaVGybWYz7ovk6xMfDVmR1U+bsRsyIGtXxuMoy0XJTmldqXRnMGf2ZCQ4pVc94VwwXpDOFMOJoi+alwuS0JKpUr/6Ea084fz4cuTxTPDlekzSd3g+JEX6dC4kF2SBkqyyZIneQKwgOb1sTUozh+La1mPJYLmvJK7+GeC5rfjsVlyGRRmW0JUGkzvKpLxo8gJuOrX6lXV0eQyZXFmWdqXf9qvbW6c6LdC6RiF0QShVVQhdEIZVIXRBCF0QQ1dVaV2jELqg3r1nuiw37jsGJv2DU4GJ1ajDn20cXYx8yugxvOZIP5sPDU75e174vhmynes2Q3O+EUIXhGFVCF0QhhUhdEGlNltrI3F3FIZVm+bPdG56wzn9V1AoVoKxfM+oc9EckxuHJjxdI07p3unV8IIp+mIhMDwXYAATQggh5GghkbnhTEnUSVVKPWbylSVLwuxJ17/90ZCVV0nT+pXXSO9KterVm8lrH77VL8uw/G8qW5bHJo9WqlLr1UheLmgbbGvtKg0sRpLaAbFkUv/8p57ZEsAyP7kaHVuKSPc+Xww/ndUCWJL42VxI2lW+K89dTGbLErqytC13esOZlvSVnyIr2fJIZMmSuPLT5YUSJZv17c8S4XIXua/UrzweUe9hbSGu9MW+vbb6QuiqQqmCELogDKtC6IIQuqoYuqDSukYhdFW/bDdfHrB3jmpHb34yG1qzp+SXq71FCNkJ+ZcuATa7Fbs/HRic9H//2HWp11KPTwhdVUOm7iCELgjDihC6oJKarbUpXHcS5kEYfuOdJ/YNR9Idys6sRxZNsbnN6Io1PjIXkBJ+vhCYWg3Ld5Pa38Cc/PFkABNCCCHkaCFhKQk3vRZ7tRGTC1J6EyuRA9gCrCI9nC9qVSyPwbgPtuSr9GSgdlZeyUt5bHJVrO1arEW7zMtVSWSpZQn4eFr7BK+2x3KmrH9AV25ZMCcGJrTjyj58GXz0Kji+EpHml7tPr8fku2IortVvpnbUq2iqOG9KSGyvOVKecE5uSdR2dZbilQCWGBO1rdCBWn4Hc6LcIrmr7fnszcgqePuw51Sn5auOXbf6QuiCUKoghK4qzIMQuiBUriqGLqi0rlGoXNWz3dZbj90SMPemA/KrkReWB7Ii74qk14Yz/WQ2pJ9a6fqg7UynEr2iEqtNQuiqwnyzELqgkpotF5O1WRgGYVixbV083b5+97H96YxPund8KWjzpeXrpZ6t2c1orlDxhLJzW1oVO/wZBjAhhBBCjhZSmlKJUncrtuTYcsTqywRr+w/Xv32ASLVKjctX/XjUOnKLrM42dm/WZqpaD2tbfWvHuJL6lXyV7i2WqxJLMlCpaJuRpVrlW2I0WYwktYNXSdM+mwuNr0Q3XWnJV3mashxtIFWUtJbWaixNGls6dtWmfZo3GCtIGPujeZtPO/izxZPZcKTku5K+5toO2NK9+g7kMiMvoCQctK5RCF0QSlUVQheEYRBCVxVCF8TQBZXWBSF0jX5R29jb9dw3NKUdnVvSRX4L9V8/IR+A/EFw+LMTq9HBKX//uO+b+/YLPa83C+8hhC4Iw81C6KoqtdlalVhtEoZBGFasdS/Y98I1sxF5sRB4sRh8uR55Nut/uRZxBjLSvb0vXKPzAbmRAUwIIYSQo0ipvJ3NVwLRw0nfvZGalSLSYjVdO/1v7aS7gVhB9EXz0dpu0vJd/Xy8+l0StQNBy42SvvKk9NCV4rX7s1K5ckFS1lY7T69M6vsti5LBclWUAelhfQOv3F2vXxmQ4pULksRS455wzq0dGlr7MLAsU149eemu33NA8epC6IJQqqoQuiAMq0LoghC6IIauqtK6RqF1jUr3Xh2w94377k0HZrfi3nCu8esjpOXIv+IFS+Lhy8DQpP/uE9fFHuWjwhC6IAwrQuiCSm22ViVWm4RhVZhvVoleo5f7TKu2xORKeHgu0PfCvW5PyNUnM/7uUdeyJW71pj2hLAOYEEIIIUeRAzjsc3Vb+4hv/co+kIeULWhVGU+XUjntM73SsZK7Ep9yY7myLd+Vb0key7C283Nt72V9z2fJURmWyWTt6M3+aGHDmZavEqvO2gd3JXFXbanHMyEJWlmIya1tv5W7yGVdX0T7ULE3nHf4s/o2Xn2fZ7ldW2ztuNDRZFEWLg9A5uXGp7Mhqdn9d68IpQpC6IIwrAqhC0LoqmLogkrrGoXWNfrrNtNlQ/fKy67/ugk5GOSvh/yLfjwTrJdwrxlb16gSuiCELqikZmtVYhWFeRCGm1VaF309ebHHdPOBbX4rOjIfeDDtnduKPpv1d404TS7tQ8I2b5oBTAghhJBPFH335vqVXahWtyUmtYitnZEoUDvwsrSlzZ+Vy7F0KVw7yLPEpxSvqC9QUllWamOpktSUM6CdIalQ1I6DZa8djyoQLUijTq/HFi0JyVeTO+MJ5+WOcrntmVt6WO4ui5Uf1FCyWZQB/cO9+id+5au+BVh+irYZOVaQHyHD8q27z9znepr2fIbQBaFUQQhdVZgHIXRBqFxVDF1QaV2j0LpG9e7tHfMNTgVebrB7yeFjLOFbj5wXeppLWGldoxC6oJKaLddQqjsIwyAMK0LogjBc82zn5q1HNgngJ698z2b8LxYCG46EmMpqO+YwgAkhhBDyqfDW3DVSKFUjyaLJnV61JUOJorSrXJXQlViVRhWlfuV2KU9RkliaVlat9M2/8jWa1G6XXpXila9yL5lxh7R8tfqykspSxWe6rGPLEYt22qS89G2+WJEZKdhsvn6hUb+SZ3KL3EVyVx6SJK6uLM3kzkiK69uKpZD7x/3/dGurJd0rQuiCMAxC6KpC6IIYuqDSuiDkbkO9e3te1LvXG85ph/Mm5Cgh/+RXbCl972gp4T1OpAShq6rUZmvF8mwWhkEYVoTQBWFYtW39ar9J6nd6NbxsiZndKXcwK6+t/O1lABNCCCHkU2E/ASwTEkQSRY7aCXWlObe3tTMzpXNl+ZaUrWStXNA/9ytdGogWZEzqVG/UYkk7V7Csv0qRSu7Kt+Sr2aPtrqwd+ypR1A+UJbGaypZHF8OjC2H9p8i8fJXqlvqVSWnmaKqofag4krd663s7u4O5VXtSrkoDW30ZiXDJcn2jtCh3fDobOvTuFSF0QQhdEENXVWldo5C7DfXu7X4u3eufXtdOEMruJUcf+UuyYEnoJ1L65r7dWMIQuqBSm61Vqc0mYVgV5puF0AVhWBXm29a7RpwTy6FVWzyhHY2/Kn/JGcCEEEIIIW/Q94sWJUf1WySAJTKlV/WrDSQ4N11piVuHXzsBr/75W1m7ksv6aXgt3syaXTs9by2VC7L6JZmq7ThdO7CzKMOygqtvQM7ktPvKjCxHZoLxgh7A3nBeoneudlZkWbL8uC13WpYsVzec2qZgmZFI9oTzE6vRn9/egtYFoVRBCF0QhlUhdEEIXVUMXVBpXaOQu0bP91o7Rr3sXnKsiSSLegkPTPiuD9pOd2Dx6iqp2VqV2kRhHoThZpVwRWEehGGwff3rIbMvnIuni4vmGAOYEEIIIWQvJIalUbO1fZt19LiVjnUGtONRSe5Kpkqyyo2i3a8d0Urf8Pt8MXL7iVvCWPpW5rVDQMtw7bzBshB9K7HcJVLbj1rS1xPKbTi08/dK00oAm93pTWdKAliWM7UWre3wnF61p1ZsSbmXRK8sUxbuDOYGJvw/+37X+oVSBSF0VWEehNAFoXJVMXRBpXVByN2GX7Sbv7nvGJr0Dy+EXEF2LzkhyN+W6fXY4JS/Y8R9sddyIN0rKsHZJAyDMKwIsQrCMAjDqu1vHJ7ze8M5BjAhhBBCSBN7dNJ2beNwqVyVCj3fY/31XdPlfrv07ZPZkM2X1ZUo1eM2ENX2TJZwlYqTAEvXzmzsj+YTtfMh6ZuCpYT1PZzlFlmvlQvL1qQUr8zL7XKjLEQuSCSvO7STBs+ZElK/lto2501XWnp4w5mS9L1+z/FPtzB6RShVVQhdEIZBCF1VCF2wqXJVldAFIXeNnu+1do56700HFiwJednrvzxCThCFUtXqy+iHy/rmvu1cl0nJzpaoBGeTMKwK881CqYIwrArzoKF7G57t3Hg6648mCwxgQgghhJA3FMtVCd0dkdszee0MwNLAUlZjy5Ev2y2ffbspSoXKKqlk7chCeMWWlO/qR7GyeDM3HzodgWxGAjipBXAyU5KKluXoOz/LjL59WK7KmLP2eWBJZT2SZTn+WkiLskB77czAMr9qT95+6pYClxSE6BWhVFUhdEEYVoXQBSF0QQxdVaV1jULrGv2yw3LrsZubfMknhfyhmN3SNgh3P/de6bcoCfp+KrXZJAyrwnyzUKogDKvCPKhEL3i6ff3WAysDmBBCCCGfOhK9+vGr6td3QZpKj1Ip2ErteFqhePFcj01v4KdzoWy+8vBV8NqQXUpVmlaGg/FCIKad+zdb0MpZbpFO1o4XXTstsFbCtfMJy9JksYl0ST+dr0zKVxmTnyi3y73kFqsvE6kdHGvLnb7Yb4Po1YVSBSF0QRhWhdAFIXRVMXRBpXWNQuuC8mr0jHmHpv2LVu0/Pei/LEI+HUrlqiuYHV4IDUz6vn/sONf9fhuEldpEYR6E4WahVFVhHoRhUAldtHmeAUwIIYSQTx3pTGnLTWdavtZv2gkZk8SVNA3GCpK+cqFQrEq13psKfPfI9eu7pkevguPLkc++3bj9xCXJKkUt3SuV+yZxMyV3MHdlwHal39b2zL3hTEncSujq35IIDye0jwGHEkUpZ3kw8uO2t3+jnUM4V/ZF8mPLkf4J/+dt5hZ2rwjzIIQuCJWriqELKq0LQusarW3ydcka/8hiWNb+ucmXEPlLsmBJDE37e8e81wb3v0FYCc4mYRiEYcXm+ERhGIRhVQhdEIZfywAmhBBCCNGIJrXDUNWv7IQkllSoI5CT+jW5M4FoQVY3pW8lU+XClit9ussiyffLO1tSttGUdlDoUm2HaqlcizcjVx2BrKTvw5eBVxuxvjHf0KTfE85LHsvdJZgDsYLZox1Dyx3KydLkqyxEfqIUcrFcfTIbeqfuFSF0QRgGIXRVjZWriqELKqELQuuCF/u4yZeQvfCEc/oG4Rv3bWc6IFkbKsHZJAyrwnyzSnY2CcOqMA9C6IIwrMgAJoQQQgh5C/pWXOlY7WjPtXMUSZ1Kr2r7Kqe17cDeSD6ZLeeLletD2vGoni+G/dG8DCdqJwResiSs3sy8KX65z3ahx6o3m5SxL5qXhej7RWfyFSlkWaBEb+eo985Ttz+q7T6tnT8pU4L6hVgFIXRBGFaF0AUhdEEMXVWldY1C6IKf3zVdGbDJOv3j2SA3+RLyVmKp4suN2MCU7+4zl2G/aKU2m2z07W7CfLNKbTYJw6owD0LoqsJ8s6drnwEWGcCEEEIIITuj7X5c2zwrFRpOFJOZsjSqpK/dnw1EtUNSSeXKd0vlqq7cpX/M9+s7pp98u/FiKRJJaNtvpZClh7UjV9mS1wYdodoZlfR4k+XL0kJxbUuytjd1RjtPkix205nueu6VJUhXx9KlFVvyV3dMR7l7RQxdUGldoxC6ql+2m288cAxO+sZXIsF4ofbLIYTsC/mDs+ZIDU37u5+7r/SbsTnfCKELwnCzSm2iMA/CMAiVqwrzzTa6tyEDmBBCCCEEKZarUqTJrPbJWylS/bDM2XwlGCuY3GlpMElTaWBRVi7zxUqlul3d3pavM5uxs12WM52WwQm/3Ncd1A7aLJUrV1+ux+SCLFwWq/8Ihz9r8WjnQIqntQ3F0WRxw5lyBLKSxFZfZs4Ut3gzq/bUxV4bxKpRCF1VmAchdEGoXFUMXVBpXRBCF5Ts/6rDcnfYPTDlmzXF5SWq/XIIIe9Mtbpt92cevgr0T3ivD1rOdDT6E0IXbIztohKcTcIwCMOqELogDDcL0WuUAUwIIYQQ0kQmX9lwpj3hvLRrJFk0ezKSrBK3hVJVitQV1LbZyo1SrRLA/mheS9/KdrGkfdx30ZLofeFdsSXDCe0zwM5grnPUK5cl5CTn+sZ9yUx5ej0mbSzlLN+VRZUr23oDy8+y+bIL5oQsZN2Rkh8xtxW/0GuFZG0IoQvCMAihqwqhC2LogkroghC6oLxQ4vkea+eoZ2jav+FMyStf/90QQj4M+ZP1fDk8MOn77pF9zxMIK71qVAnOJmFYFeZBCF0QhhUhd8FTbWsMYEIIIYSQJorl6qYrLeYK2qbdfLG+x7KgV+uKNekMZD3hXLB23GbJY/3svjKwaE7I7XIXCVq5u5TtqU7L5X77z77f+slNrSov9dt/+t3m/elALK193FeiV7I5VTvXkdWXke6V+l2yJNbsqZ4X3rPdFghXEUIXhGFVCF3QWLmqGLqqSusahdAF9e4VL/Xb+sd9D18GrF55WZm+hLSedK48uxWXDG4fdl/oMWawEqtGldpEYR6EYdBYuTsK881C6ILSvQ0ZwIQQQgg5mejtqnfpOyHRZXKnpXIDsUKqtrtyA2ljVzAn33UEtP2iQ3HtOFj+aF7yVe4lPyuR0bblyo3ecN4dysmNd566JX1F6V6JwOdLkZnN+Jluy/RaTHJa+lkWIj9FvsqSPaGcxZuxeDLdz71KuGLrGoVhVQhdEEJXFUMXVFrXKISuqt69n7eZrg3aByd8IwthT1jbV5wQ8lEpFKubrtTQlL9zRM9gJVl1ldpEYR6EYdCYuDsK881C6Koa01eXAUwIIYSQE0i1up3MlIvNu85KEu+nh+Ve0qKr9qQkrhTvtuEe2ql9a4drDsYKUtcSunoDZ/LatmJ9plCqSsduutK+SF7ua/Vmesd8P7+9JQH8q7umF0uRh6+Ccvn6PUckWZQAFuUuyUzJ4c9uudJS13NbcQnC1+GKrQs2EndHIXRBqFxVDF1QaV0QQhfUu1dP31uPXYOT/qnVaCSx15moCCEtp6Tt87JLBivB2aRxUhWGVY2VqwrDzULlqkL0GmUAE0IIIeRkYgzXBnKjKGWrH4kKkDyWapVkdQZz3nBePdGODGhHbC5ph8jS986V9JVbKq+7Wi7IkvVtudFk0R/Na1t0vZnni+GvOszSvQ2lP9cdKbmLzL9cj0n0rliTIwvh6bXopT7tqFcQuqCxclWNlbujELoghi6ohC4IoQs2uldP35uPnJK+s1vxbKGiv4aEkINHz+B707UM7t6C4GwSQlcV5kFj5arCsCKELgitu6MMYEIIIYQceyRH1VjdDWnUTVd61ZbUz2Nk7ORworhsTdp8mUSmJFmrLlNu0fdwlgaWQs7mK8a7S8JJzcpMsVSVkJ5ai67ZU1K5rzZi4vhK5EyX5ee337Trtw+dM5vxe1MBuXx1wC4Dz+ZCF/ts0LpGG/fdTQhdEEIXxNBVVVrXKIQuaOxePX1rZzbyz2xou4LXX0FCyKEif76s3syuGQyhC8IwaKzcHYX5ZiF0QUjcvWUAE0IIIeTYox+BGSiVq6msdn7d+vXXyKSEruSrI9AUwNKusuYn4VqubEvZ6ht4VSR9pYElj2XhmXxFP/uR3C73kiXki9VgXDtF8IotKUE7vR6b3YrPmxKTq9GXG7Gp1eiSJdE56ukY8ZzubDrAlcTt1/cc2uGylOgVjZM7CqELQuiqYuiCSusahdBVxfS9a/rmnpa+8mrwzEaEHEEaGdz7wnu5d/fPBusqsdqkMXF3FOabhdBVhbjdjwxgQgghhJwcpGY94bxEbO3YVNqnc+EoVg1kUiq38SFhSdlVe1LW+aRs5XZPOCe36N8yosezM5iLJIvJjNbA8iOk4sRArCA/2h3K9U/4L/bbns6FJIAnVqMr1uS8Kb5mT0n6Tq9FpY3XHSm5ccGcON9jhdBVhdAFIXRBqFxVDF1QaV0QQheE7hUlfSXyByd9TF9Cjj56Bt/XM7jP/G7dKxorVxWGm4XKVYWmfScZwIQQQgg5KlS3f1Nq2qf4nanUdlGOJIr5YjVX2GEr7m5LD8ULy9akdKl+SOdMrmw8XFahWC3UUlmWL11tcmdWbFoty71Mbu1gV4FoQXpYL+GZzfjYsnaoZwldmy9j82Wn12KPZ4KPXgU7hj3yU+a24g+mAxMrUYnkkYXw/enA6U5LC7tXhNAFMXRBJXRBCF0QoldX0vfaoH2A6UvIcaORwT0vPPVDZCm92qSxclVhWBFCF4SUfT8ZwIQQQgg5ZKQtM3ntfEWxlHYOoXTtpLgf1MG7ID2cLexc2Mls2RvOS9BWKtuywle/9TXRZFEelX45li5tudMSt/rm4mLt7EfGZRZrh3R2186WJDOLZm3/59mtePdz71cdZuneeVNifDn6dDa0YE44AllJ4vO99c/9QuiqQuiCELoghq6q0rpGIXRBKF6jVwZskr4vliI8wjMhxxdXMHtv2tf+zHWuYxOqVdNYuTsK881C6IJQsB8oA5gQQgghh4w7lFt3pryRvMmTkfSVgLT5spnXwdlCjBt1gcZhnI3IPGxDrlS31+wpaTlPOC/NnM1XjPtRG5GnIH0r6ft0LvTwZbBz1Hup337jvnbE47HlyPhKdGYzLm3c88J3tlvbERpCF4TQBSF0VTF0QaV1jULoqkLuGr08YBucYPoSckKoVrflb/XQlO/7R/Yz+qZgY+LuaHPoghC6qtCuLZEBTAghhJBDplCqpnPaqYOcgZyUUjhRXHekYqmSuiW2JciS5UfsEcMNcoVK0RDAmXzZ6stI1m6505l8pXau4NSGM+WL5BvbhwVpZvkRI/Phu8/c3z5wji6Gh+fD3c99Vwcdt5+4+yf8T2ZCcovUb/dzL4QuCKELQuWqYuiCSuuCELogtC54vsfaP870JeQEUihWF8zxwUnf10MWzN2GSusahcpVhWRtrQxgQgghhBw+EpDu2olzA7GC2ZNZs6eMSdla4umSN5zf8RhXglS3/nFfFSnbRKYkX2UgWTvZrzuYkxiWpek5LcGczJQd/uzMprbD85UBe88LX9szjxTv+HL0/nRAbqmdEin+dDbUOeqB3G0IoasKoQti6IJK6IIQuiCErupXHebO556HrwLBWEF/3QghJ49soTK5Gumf8F0ZMO+ze0Vj5apCqbbaVV0GMCGEEEIOmUp1W2JJutcXyVu9GXHNkcoXW3ZuWGlpfUdl4+bc3ahub+9nbHtb62F/VHvAsiIol6V+pYc3nKkNZ7pz1Huq03K22/r9Y7dE7+V+e8eI90yXVW6Z24o/Xwx/2W6G6NWF0AUhdEEMXVWldY1C6IJQuTu59Xnb1nePnYNTPos3U3+ZCCEnmliqODwf6h3z7nDSYIMQuqBSqq213r0NGcCEEEIIOXzKlW1nILdiS67ZU/5owRvJ17/RCiRTt1xpXzSfypYlU+WWQvN5g+VGZzC3n52iAYlquZcsdtOVlscsMTxvSsxsxoemAneeuiV3rw46fnnb9LNbW3JZ+vZSn+3VRuzGfYcxekUIXRBCVxVDF1Ra1yiErqoSuuCW7pUB68Ckb8mSKO3jPx8QQk4S8tf1wUt/x4gbjo8FoauqxGprxfTVZQATQggh5EhQrW4nM2UJ0XSu3PJDQOeL9U/z6kuWcJVOk8v6sa9cwdzsVvy9y83m007tu2hJ6B8Jfrkek6uji+HP295s5v35ra3zPdZz3VapX2naQ+9eEUIXVEIXrHeveLbb3Dvuk+f78fZaJ4QcfSzezL0pv3Z8rA4MXVAp1daKxdssPwNMCCGEkKOERKl01HtsjFWRRYl66KrIrfp+y9FkcdOZlgZ+152updj1H+GL5OdNicczoSVL0uROy+XaGYCzN+47pWM7hj2yUjg46b8yYJerb+1eEUIXxNAFldAFIXRBJXRV36Tvl23mtmHP/Wm/L9rKLfaEkGOK/FGdM8UHJnxX+swQvWJzprZcCF3V+iQDmBBCCCFHCwngQvFDd6OVOk1ld2nf18gPSmRKNn9WClbM7nJYrN2QStcXn8yWny9GJlej0r1zW/FXG9oW4GVrcmw58vBlQK6OzIe/vqft9gyhC0Loghi6qkrrGoXQBZXKVX3TveLnd7duPHAMTvk2namPdLBuQsgxJZYqPpkN9rzwnO/ePDrd25ABTAghhJAjQaW2QVXI1Y4pVbvt/ZFF7RFm+aKWxhKuUqrZQiWSKNp8md22AMuA5/VxnlXk0W660gvmxPRaTBpYAnh2Kz6zGZ9YiT5fDG84U/3jvi/aTNC6RiF0VTF0QaV1jULoqiqhCzZ1r+6FPuvAhG9mM/bh/52CEHJSsXgzg/UzBmOCtkgIXRCG38gAJoQQQsiRoFLR9kl+182w+6dY0nZ41i+nc+VUruwIZB+8DGw604VSVepXfrS6xTiSLE6vx0zuzI4BLAuU1h1fiazZU9LSi+ZE7SxHsSVLQmK4ttuz7effY/HqQuWqYuiCSuuCELqgErogRq/u6U5zz5j36XwoluLZfQkhb6FQrM5sxgYmvFf6TFChHyCELgjDqjwIFiGEEEKODBKgu52D971phKsEcDxdkguZfGXRoh2r+cWSFq7jy5Fla1LaW01cmZT6nViJ5nbaOFwsVyV6JXen1qLzprjUryxHuvfJbHB0IfztQ6dUKESvLoQuiKELKqELQuiCSuiqYvQ21PZ5nvY7g9n68yeEkH0QSxUfzQS6nrvPdW0oObp/IXRVYR58M8kAJoQQQsjJQRJavm7XjqSlt7S+Ybl+ubrtjeQlU6Vp9X2V502JJYu22dbqzfij2seAGxms7SOdKQfjhR3rV1bpXm7ExpYiL9djU6tRWZTJnV6xaQEsXf3oVVDd8AuhC2LoqiqtaxRCF1QqVxVz1+i5bkvfuG98NcJ9ngkh74f8hRyc8n330PaOe0S/CdddhHkQhjUZwIQQQgg5ThTL2hmM6lea0bu3Wt0ulqqZfEU/2a98le6VDM7ky1vu9Mh8eHotKtErGaxvv100SwMnpYfDiWIorinDcsfdPvSrY/Zkns2Fpte1z/1Or0cXLYkNZ0oCeMGckEW1D3skWffTvWJT5aoqrWsUQldVCV0QW9for++Yvrhr+v6J6x6P80wI+WAKxar8zewf3+ce0RiuzcIwCMNNMoAJIYQQcpyQOhXrV2obdSV3pVf10/xK/UroxtOlVK4sY4FYYWYzZvdn/dG8tO7YUkQ/R9Fs7VjN0qsv12NSv+LUalQCOJEuxVIluRBJFvUF7kYoXpCQnliJvFgKy32leyWqrd6MdHXbsFvf/AuhC2LogkrrghC6oBK6ILYuKOkrXuix9k/6PuQMyYQQAsgf2IevAu3PXGd2PkA09mqzMKwK802erskAJoQQQsgRJZOvhBJFids9kJlgvOCPFiQ+tcNIb/9G6ldaVKJ0ej0mjaofmVkCVdJ305mW2/vHfS9rZyrS03duKyGTcrvNl80XtQNl+SJ5WcjeW4BdwdyiJWH2pGc346MLYfkRkr5rdu2YzxC6IIYuqIQuCKELKqGriq1rVO9ebcNvm6ljxPPwVVBWVetPmBBCWkS1ur1iS/ZrpwtubArGWFVsJO6OwnCTevc2ZAATQggh5IgiLfrWD51K9EqvRpNFyWBPOOcJ5aRdF82J8eWIpKkU6YZTOzizvtVXGli+3p8O1D76mzS5M3K7fqNE7PRazObLpLJlqb69t3nmixUp3qm1qKzDSWMPz4fk7nL5yWwIcrchhq6q0rpGIXRBpXJVsXWNNrpX9/KAbWDCv2rnCX4JIR+RWKr48GWg/Zmz9qlgrNbXGitXFYZRSF9dBjAhhBBCjjfZ2nmD88Wq3Z91B3OZfNkfzY8uhldqm2QXLYmt2nl69Y29EsMbzrR0r+6rjbiUnlyQfB1bikgDS/1qHyTe3pbF7rjxORArTK9rh3qWAJZQ7Bjx9I75RhbCXc+9F/ts0L0ihi6otK5RCF1VJXRBbF2j0L3iV23m7hfeZ3OhREY7XDYhhHxUXm8K9l7p22puVwhd0Di5g1C8IAOYEEIIIccYaVSpX/laKFUD0cJSLXcnVrRP5y5bk+LcVnx8JSqhq1WuVfvQr9mTmTcl5IJ8V+ZlUvJYbpTvyuVgrJArVDL5SjS1w8eA88XKC62ToxvO1JI1+WgmKA3cP+57PBNsYfeKELqgErogti4I3av7zT2HPBeTO11/qoQQciDom4LbtE3BO34q2Ci2rlEIXbAxxgAmhBBCyElAqnW1thPy6EJ4ak07wNWmK/1qQ6vcRe3IzInZzfimMz29ph8KK147/JV2LGiJYYlkCT8ZHpcAjheSmZI7lJN1sni6JA1s3A4cSRYlgPXtyXpdjy6Gbz50Xuitb/vF0AWV0AUhdEEldFWxdY1C8TY83WnpG/ONLUeyhR1O+EQIIR8bfVPwwITv2qBZiV7xTb6qQuiqwjwDmBBCCCHHg9LuJ0ASpFqfL2oHeRZnNuP6Aa6m17USXnekpHslg+Vb0q61DwNryu1yWWakY+Vbk6tRyeBMrpzOlWOpklzQL8tXPYJL5e1Vu9a9ckfR5svK5fZhzy9vmzB0VZXWNQqhCyqVq4qtaxRyF7w+ZB+c9DmDWf1lJISQwyKWKj56FewadZ/r2Hhr94oQuiAMN2QAE0IIIeR4kNX2TC7Xr9QolqqifjmZKY8uhFftKQnaseWIXNYzWEr15XpMulcq9/FMcGYztuVOb7rSG87U1Kq+p7S217RclQs2XyaeLvmjeSnh6TXt5EaOQDZX2y4qCewN519uaKdNsngzMqDXL4YuqLSuUQhdVSV0QWxdoxC6ql+0mzpHPcPzYYl8/TUkhJDDpVrdlj/j/RP+a4MmCNeGELogDKsygAkhhBByXMkXq42TFUmmzpsS+pbeVxvaRl3tY7oWbavvvEnbw1k7N9Ja9PlieM2ekrKdXo/q5+81e7T6HZz0f/fIKX7/2HWxz2Y8i++dp26pxK7n3hsPnE/nQlZfZnYrPrsZvz7kwNxtqLQuCKELKqELYuuCELroXc0LvdaBSZ+saOqvHiGEHB30TcG1TwW/2Q4MoQs2xnb17oouA5gQQgghxx5912jp4U1nenwlMr0ek6bVd1SWAF61JeWqtK6EsVxYsSWlhJet2oeEJYwt3oysaUnx6ja6V2x75nm5Efui3dy45dqg/dlc6Kt28+lOi8Qkdq+otK5RCF1QCV1VbF2jTZWrWute8Ys20/dPXPdfBmQVU3/1CCHkqFGtbi9aEv3j3ks9G9C6IIYu+Lp7GzKACSGEEHIIGI8s1SrKle1QvBCIFqRvp1aj+hGw9CNd1Tb5apuFJ1ej86b49HpULusfD5YMlgvfPnA2Krfhnafu0cXw949dUsji3afuX0rHQvHqNocuCKELKpWriq1rFENX9XX6iqe7tONdzWzF9/g0NSGEHBGCscLApP/mAytEr4ihCyrd25ABTAghhJBDQD3D0IeTyVes3ky+WAnGCya3djKk2c24xZPRu3fRnBhdCNeqWDsitP55YLmqN/DIQvirjjdbeiUUL/bZvmw3Xx2w97zwXuixdj/3rtlTVwftrepeUQldEFvXKFauqqF7db+57xia8vN4V4SQY0ShWJU/3V3PPec61t/evaJSvE22MYAJIYQQckgUS9VK9e0bgnfcVmy8sVzZ1rdnyo3ZfCVXqEhdB2MFidul2mmBV6xJcXpNO+TVoiUhHbtiS0oSS/fKVXHVnhxdDEvufvvA2TvmG5z0P5kJ6luMN5ypyZVo54jnxn3n3Wfu/XSvCKELKqELYuuCGLqg0r3iV+3m7hfe4fmwrErqLxohhBwjNp2p/gnflb4tzN2GELpg2xsZwIQQQgg5HPJFPKrzjqg761a3tx3+bDRZlAuyhEKpfigsuSoXpKszuXI4UZSC1T/oKw287kgNz4ekh19uxCR9n9fO5asfDeuFdlrgxJI1+c19Z/+4T5Y8s6GdK1jC2OLJ6DMPpgPSlh+4yVcJXVVsXaNNlauqRG/DC73W/gm/rD7qrx4hhBxHYqni/Zf+24/tZ9rfp3sbMoAJIYQQcmhU97EFWKVYrsZSpUiiKAmt5nEqqyWxrCpJ2b7aiM1uakds3nSmJWVX7fUzA0vuLpq1cwJPrUW1LcC2pETvQu0g0jKjbzc2ezIbztST2dC3D5ySkdC6RiF0QaVyVbF1jWLoqirF2/CLNtOdZ+5Hr4I83hUh5AQgf/Dlb3jvmPdC1zq2Lqh0b0MGMCGEEEKOOuXKdnWnPaHV+tV3h9Y3CEeSxTmTlr6SsiZPRqo4ECtI9JrcablRqnhiJSq5KyUsoSsZLLX8eCY4taodH2velJB7SQl/c98BudsQQldVCV0QW9coVq6qkrtGP28znem29I1rx7t6v//KQAghRxNnMDs46bs2YMLoFZXcbbI2wwAmhBBCyFFH2rXy+ny/grSwnsPZQkVvXUFuyeTKuWKlUcrSzMlM2ebLbrrSa46UJ5yXALZ4MxLAogTw1FpUQnfZmpTWXbOnns2Fni+GpYen12Pi5Gr08oBdShK6V4TQBZXQBbF1QQxdUGldo/JodS/22WQF0RPK1V8LQgg5QaRzZfmL3THs0naH3l/3NmQAE0IIIeSYkS9W9KNn6dGrb+GUQs43H+EpV6hEk0VHIOsK5tyh3IYzpVk7ObAE8Ko9ObESXTBrR8CSAF6xJZ/MBIfntQaWy+MrkW8fOlvavSK2rlEMXVBpXbCRvuKtx9ppfhOZUv2FIISQE4f85Z83JfrGvBe617F4Gzanry4DmBBCCCHHBineWKooWds4fHSxVJXSy+Qr+lUjsnok34qlSlLC4qYzbfVmxpYjk6vRJUtixZqUGJYb9SNdPXgZeDwTHJjwP18Kz27Frw6+2fYLoQsqlauKrWsUQ1dVaV2jxu4VT3WYu1/45DmqO4cTQsjJwxPKDU7qR4d+S/c2ZAATQggh5NggAZzKlvOv93OubmtbfcU9PuaazpXlLvF0SVo3FC+YPRl3KGf3Zxdqn/J1BXOSuyML4e7nXgngwUm/XO4d80lbQuiqKqELYusaxcpVVVrXKHSv7rkey8CEb83Boz0TQj4hEpmSfnRoCF3V022aDGBCCCGEHBvgUFjSvXufSVgGktlyMFaQAHYGsnJZX0C5sr3u0A4KPbYcGZryP5sLvViKSPoOTPgv9dt+tWf9KqELYuuCGLqg0rpGoXiNfn3PLk/EF8nXnjchhHxClMpV+QPeNeqpfyR4p+5tyAAmhBBCyOHQHLP7QoJ2j429u5EvVqPJYiJTyhcryUxZjKWK+keCbz12db/wji6G24c93z9xQ+saVUJXFVvXKIYuqLQuCLlr9Mt2U/uI5/FMMJ17+0mVCSHkpLJqS/ZPeC91b+zYvQ0ZwIQQQgg5HErlHc9t9FGoVLUjQstPdASyvkg+kizObMZebcSezoVGFyODk/7P28xQvA2V0AWxdY1i6KoqrWsUWhf8os18utPa88L7cj2695ZwQgj5FJA/7wMTvusDJoheowxgQgghhBxv9rNNOF+sSgAXSlUxX6x4wnmzJ9M56u0d88nXLzssEL2iErogtq5RrFxVpXWNQuiqSvqKl/psfeM+iyddf5KEEPLJk8qWH77y33niON3e1L2n7i7rMoAJIYQQcozZ3v5NqbzfjZ/a4bK2t9O58qo9NbYceToXGpjwf9HetO1XCV0QWxfE0AWV1jUKlauqd6/uzYfOoUl/NFWsPzdCCCE1KtXt6bVoz3PP+c71Rvc2ZAATQggh5CQjxaufE0ja1x8tSP36o/nRxXDnqHdkIfzl6/pVQlcVW9cohi6otC4IoQsau1f8qt3cMeJ5NhfKF3c4+RMhhBDB5Er1jXsv9WADM4AJIYQQ8kkgAVwsV23+7LP5sKTv0FTg+j3HB27yxdBVVVrXKIQuCN2re6rDzA/9EkLIfgjEtI8EX+7dYAATQggh5JMjk68kMqWZzfijmeC3D53XhhxK6xrF1jWKlauqtK5RCF1ViN6G57qtfePeRWuy/pQIIYTsifzZ75/wXevfYgATQggh5PhRrmz7Ivl4ulS/vjsyqe/53CAULyxbky+WIlcG7EruNsTWBTF0QaV1daVdrw85oHJVja2rerFP6tdn82Xqz4cQQsg+SGXLQ1O+b4ZMDGBCCCGEtIztbe3TtvUrH418sWL3Z7P5t3/2VQ1ghz87shC+3L9b/WLrGsXQBZXiNXqp3/ZFu+l0pxlytyGELvhlu+b1IfvgpD8Qy9efDCGEkH0j/6/x4KX/5gMLA5gQQgghrUENzkNBO8qzkuFySyZfmV6LXeyz7bN7v2gzXb9nP91pwdYFldw1qvftxX5bo3WNQuiq6ukr3nrsujftT2Tevt2bEELIjsj/Qz2eCdx+YmcAE0IIIWRf5AqVWKq445GHM7nyzGbMGcjWrx8ShVI1lS2rG6KTGXl48eY9n7F4jUrZnum03HnivtxvO9dtbSpeXaV1jULoil+0m64O2t9cVVrXaKN7xa86zHeH3Y9ngvvZ6E0IIWQPKtXt54thBjAhhBBC3kK5su0O5vrGfKc6LB0jnnCiGE+XoqliOldOZkrRZNHkTg9M+BbNiY+/E/ReyMrNjrthW32Z19t+sXVBY+Weajdf6rOJb25UWtdoo29VJYDP91ohdEFj9+qe6jB3jXrHliNHYdM6IYScAOT/JhjAhBBCCNmLbKEyPB/+2a1N8Wy3Rb5eHbR/c9/x9T2HfJUefjIblEiT+j30LcA74ghkv7nvhNAF3yTuaz+Xpr1jOt1p0QK4OXRVIXdBCF0QorfhmS7tgM/z5kT9aRBCCGkFDGBCCCHkGFMoVcuVj7LV1R3KTa1FX23Ehib9Er2/+H7rq3azZKFewro//35zYML3YimSypblLodyZlr96e+25XnDmbrUZ4XcbWgsXvGLu+bz3dazXdZz3dabD5xyVeL28oDtdJfFmLsNIXRBCF1VKF6j53qs/eO+LVeq/jQIIYS0CAYwIYQQclyR+i2WWr9zrCOQ7Rjx6Bt7G37VYb7YZxMbt/z8+y1RJpesyY8U4XtTKlcz+Uo8XQrFC3KhfqsBhz97cZf6hfTV/bJN2+dZ6vfKgF2eqSSunqnG6BUhdFWNlatqDF3VL9rNF/qs/RM+dyhXfxqEEEJaBwOYEEIIOa5I/bb8M7eRRLFt2N2o3IYXeq3ilQHbmS7LqU7LuR7r1UG7ODTp33SlDyWAi+VqqaJ96DeVLcvl+q2v8Ufz1+/Z99O9b6z17fle6+V+2+0nbrksT/PyQH0XaKhcVQhdEEJXVdJXvD5kH5jwRVPF+tMghBDSUhjAhBBCCNGQnN5ypaX9IH0b/vz7LenAs91WPYB7XvgmVqLjK9EFcyKZKX+MBpaslcLX1cnkK7nC24+HHIwVpCSleL/QulTbtCt+JZ3Zpu3FvWP3NrzYp521yHjLtSH7hT6rsXWNqqF7utNivLq3evfqfnPPfm/azwM+E0LIx4MBTAghhBCNh68CUrl61MmFs92W012WM10WKV5R3+HZaNuwZ3g+/HQ2NL4cmVqLmtzpUrnFDax3b7W63ajrbKFSeltphxPFF0vh54vhqdWoOL0W07/qt8xtxa8POXZMX1B/Kb7sMH9z33F1yH6q06zfottIXPBUh+X2E/eFXhuELmjsXt1vHzkfzQR3PMsUIYSQVsEAJoQQQogWme21PZ+/ajdL+p7rsV7qt9186PzukUs83Wn5vM1srN9f3jFdHdD2fx5bjvij+XSunMlXWrI/9m6nMlKRKXUncKnf4fnQy/WY1Zux+bIWj/bV7s9uudKzm3GbL+MK5l5txLpfeL/qwA/3inKjPPHvHjmv37PLiyBX9dw93/vmslTuV+2Wb+47jd3bUOL2TJflfI/VmLsNIXob6vXL0x0RQsjHhgFMCCGEHBuk9j5SI8liO0c9jV2df3G7HrpXB+3tw57TXZbbT90SgdKE2oeBe6xnuyxtzzzecD5fbNnjkfTN5iuxVGnHI1rpyEzjWNOZfNkXyRcMhwGTq3eful8sRtYdKSneFVtyYkXb9rtqT0n0ylXp4U1nWqJ9dis+PB++8cDZSF8p2yuDNvHqkPbZZonVKwO2s91S/jtv8pUGNl41Vu6OQvEavfPM/WSW9UsIIQcBA5gQQgg5Nkj7tTA4ge7nXj16jf7qjvaZ2NtP3N8+cF7q07YJfz3kuP3Y9ehVUGqzfs8WIQuMJovaFuCdTqekb+qVL/om32LtENCNqzqOQFYemJ6+y9akvufzkiUhuStX12pVPGeKT6xGX27E5rbiM5vxF0uR3jGvnrjneixftNdzt6GxclWhclWhdUEZuDvsfr4UaVQ9IYSQjwoDmBBCCCEaOwbwL2qer234/fqe41y3VTsKdId5aNJfv1uLkL4NxQtwMGeJ20y+XChq8QuHhvKG8xZPxnhALMlmWYIrmDO5tb2dH88ERxbCG86UxZtZMCfGlyNyVb5OrkYfTAd6x3xSxS/XY9PrMZmE6BUhdFWNlasKoQvqM191sH4JIeSgYQATQgghRAMCWE9f8Ys208Ve2/Uhh3y9/dh1qc92bdC+5UrX79Y6jNtydUqVbQla/bhQUsL6BW0/8Mr2piu9bE0m0qVGPfoiebM74w7l5FvSvdK3+o7Q0sOvNmJPZkPP5kNPZ0PDCyEp3ocvA1Nr0YnV6LDcOBc63/vmIM8QumAjcXcUQle1MSn12zninV6Lsn4JIeQgYQATQgghRKOrFsCN7m34+V2TeHXQLg38ZDZo82UjyQM6S60kcWN3aLngj+ZT2XK2oJ0JKZktGw8HLW0s3btqTy1ZEhK9m870lltLX1Eujy6EpXKfL4WlhCWDx5YjC+bE5Gr0xVJELrcNuy/0WSF0wUa47iaELgjDev3Kg6k/ekIIIQcFA5gQQggh2uGU700FrgzYoX7Fi722y/22Gw+covRk/Q4fk91OKSzdK0oVp3Nl44ZTiWGrN2PxaG44U+sOLYNnN+PSwGZPZs2RksvSui83Ymv21LO50LwpvmhJLFkTckFuP9XRdDgroxCuqhC6IAzrnuowd79g/RJCyOHAACaEEEI+deLp0sCE//qQ48Z9p7Su3r2/vmOSWquFnOkXt7cevAyksvWdkD82b90rWBq4sb90sVyV0JXolQZetSelbOWyFO/4SmTTlZ5YjcoFqWIJzoevgqOLYcngZWtiwST1q02e6955268xWVWNlasKw0alfnteeFftqfqjJ4QQcrAwgAkhhJBPmlyh8mIpcmXA/s09hzSwdK8WwLe3TndZLvXbtJMe9WmntJWGrN/hiJHMlCV0t8Ta3s7yddmW1E50tKkd7XlqLaof/3l6LSrl+WgmKIU8vRYTJYk7R7wt7F4R5sHTneaeMdYvIYQcJgxgQggh5JPG4s08fBl4PBOUPrz12HW223J10P7LO1oD68rl6fWYfhaio0BVHsrrx5LKlk1uLXpfbsQmV6P6Ps/zprh+ECx52JK7C2ZN/aRHEyvR0YWwTEqFSjZf6rfvp3tFCF0QhsGvOjT1+l13sH4JIeQwYQATQgghny6RRFGa8NGroATw7ScuCeCLfTZj/X7eZhpdDGeaT0F0uMiDSWRK+vmQY+mStK50r4Tuq43Yii0p1jJYOxD01FpUu+pK68fH2nSmX67Hns2FZjbiJnemf9x3rkfbuL2HELogDKvq6duoX277JYSQQ4cBTAghhHyiRJLFF0uRBy8DXc+9naOeu8/cX99zNNJXlMabXI3CCXgPkVS2HIwVYqliKF5IZsqFUnXdoR3yyu7PSvFavBlp3dmt+JIlId1rcqen12IPXgYfvgwOTfpvPXLdnw7cmwp899DVN+b7/rELYtWosXJVYVi10b26pzq1o16xfgkh5CjAACaEEEI+RRyB7LcPneLIQnh0Mfx8MSx9+P0T16V+2y/vmMTP28wzm3GZPAr7PstjkPo1ezK+SF6CXD9KVjhRnN2MS/HafNnN2vl+Fy0JubpqS+rFe+OBs/Hh3v3s6gyhqwrzIHSvrtRv56hXHpX+RAghhBwuDGBCCCHkk0Ny8UKfVd/M+819x73pwKNXwc5Rz9VBx1edFqnfcz3WeVOiPn0EKFW24RjU6Zz26V+rNyMNLN274UzNbcXl8tRatHfM907dK0LogjAMQvEa1euXZzwihJCjAwOYEEII+YSIJosL5sTVQXtjP2fx8zbz6S7LqS6LxN7FPps08OPZUP0ORxVPOLfl1rb6Pl+MDM+H+8Z814cc14YcX99zSJQeQPeKkLvgqQ5L2zP39Fq0/ogJIYQcARjAhBBCyKdCKF749qHzl3e2bjxwSKHpuzobvTJolxjuG/cFY4X6fQ6cQqkaT5em1qKPZ7TT9tp8mUS6lM1XSuWqvhG4ur2dyVckfZesyZmN+NUB+1cdlsbG3v2kL4QuCMOqxspVle7VlfqVOH/rOY0JIYQcJAxgQggh5FNh0ZL4xe2tX981dz33fvPAebHPdnnADg0sN7pDufodPjLStMF4IVeoSNkmMiX5Klnb9dxzVetwk+65HqtcvX7PIel+bch+477z1mPX1/ccl/vtl/rt57qtrepeEeZBCF2w0b26d1m/hBByJGEAE0IIIZ8KT2ZDkrhSelK5v7prkoA8021tpO+vakpeftRsyxcrEr1brvSLpYhU4vke652n7ttPXLefuuSClGQjfY0aK1cVSlXVWLmqMAwaK3dHIX3F7x66nsyFWL+EEHIEYQATQgghnwQWT+bXbU27PZ/qtHzeZta7V/dyv93my9bv0GpKle0td3pw0i/RKz/613dNIoQuCKGrCrEKQuiCMKwKoQtC9DaU+n00EyyVtdMUE0IIOWowgAkhhJBPgtmtuLF+RWP6ime7rY7A+9RvufKWTZ25QsXmy4wshKVpT2r36n5z38H6JYSQowwDmBBCCDn5bG//5uGr4I7d2/DakENKtX6Hd0EWvmZPrViTmXylUKxGksVYqjhvSkytRcWX67Hu515Jx7d2rwihC0KpghC6qjAPGitXFUJXVWau37MPTvmN52oihBBy1GAAE0IIISecSnX70UwQcldx61SHeXL1nc/Zky1U7k8HJC+lb7975BKvDdlvPnTqW3obQuiCELoglKqqsXJVYRg0Vu6OQuiCjbFL/da+cV82z/olhJAjDQOYEEIIOcmUKttP50JK7hrdavhlu2nRkqjf823ki5Vkttwx4oHWNQqhC0LoqkKsghC6IAyrNtp1RyF0QRg+12PtHfdFk8X6S0MIIeSowgAmhBBCTjKheOF0p0WJXvFN9xq9Omj3RfLqEYy3t7WP8mZyZW84b3ZnXm3Evn3olGEoXl0IXRAqVxVKFYTQBWFYFdoVhNBVhXnxbLe1d8znjeTrrxQhhJAjDAOYEEIIObFUq9sDE/79dG/DX98xnWo3P5sLWTyZYKyQypaTmXI6V162Ju88dXeMeC722SB3G0LoqkLoglCqIISuKsyDUK0gVK4qzDc83WnuGfOaPen6K04IIeRowwAmhBBCTiwr1qS03z671+gXd81nuywXeqxX+u1f33NI957trp+4aEchdEEIXdCYqTsKoQvCMAi9qgqhC8IwKPXb9dw7Z9rvTuOEEEIOHQYwIYQQcjJJZctXB+0QuiB0L6qELgihC0LoqkKsghC6IAyrQqyCELogDKueqtn2zP1iOVJ/uQkhhBwHGMCEEELICUTqt33YDbnbEENXVWldoxC6IFSuKpQqCKELwrAqlCoIoasK86Devbq3HrkezwTVD0sTQgg5yjCACSGEkJOG2ZP57qETolcXQxdUWtcohK4qhC4IpQpC6KrCPAilCkLlqsI8aOxe3a+H7IOTPOUvIYQcPxjAhBBCyIliy5WWZmth94oQuiCELgilqgqhC8IwaMzUHYXQBWEYhOhteLnP2jfmS2XL9VecEELI8YEBTAghhJwcfNH8qc439YuhCyqhC0LoghC6qhCrIIQuCMOqEKsghC4Iw6pQvEbP91h7X/hC8UL9FSeEEHKsYAATQgghJ4Tq9nbvmPft3SsqrWsUQheEylWFUgUhdFVhHoRSBSF0VWEehNZVPdet1a8rmKu/4oQQQo4bDGBCCCHkhFAsVy/32bB1jSqtaxRCVxVCF4RSBaFyVWEehFIFoXJVYR6Eyt3NM53m7ufeTWeq/nITQgg5hjCACSGEkBOCJ5w/22XF6BWV1gUhdEEIXRBKVRVCF4RhEEpVFUIXhGEQ+nZvT3eaO0e9rzbj9deaEELI8YQBTAghhJwQHr8KHlj3ihCrIIQuCMOqEKsghC4Iw6oQt/vx1mPX8Hy4/kITQgg5tjCACSGEkJNAoVhte+bZT/pC6IJQuapQqiCErirMg1CqIISuKsyD0LT793K/dXDSXypX6681IYSQYwsDmBBCCDn2bG//5tlcSOoUWtcohK6qsXJVoVRBqFxVmAehVEGoXFWYB6Fm39Xz3dbuF95oslh/rQkhhBxnGMCEEELIsUcC+MYDJxRvQwhdEEIXhFJVhdAFYRiEUlWF0AVhGISOfT9Pd5q7X3gc/mz9hSaEEHLMYQATQgghxx4J4O8euVrYvSLEKgihC8KwKsQqCKELwrAqROyHeHfY/XIjVn+VCSGEHH8YwIQQQsixRwL4m/uOQ+9eEeZBKFUQQlcV5kFo1w/363v2RzOBSnW7/ioTQgg5/jCACSGEkGNPdXv7/nQAWheE0AWhVEGoXFWYB6FUVSF0QRgGoVpb5cVea9+4L5uv1F9iQgghJwIGMCGEEHISSGRK7SMeiF4RQheEUlWF0AVhGIRSVYXQBWEYhF5trWe7zD0vvKF4of7iEkIIOSkwgAkhhJATQrZQGZry76d7RYhVEEIXhGFViFUQQheEYVWI1VZrOt1p6hz1rNiT9ZeVEELICYIBTAghhJwcsvnKN/ec0LpGoVRBCF1VmAehVEEIXVWYB5VSba2mhrefOF8sh+svKCGEkJMFA5gQQgg5ORRK1VuPXBC9IpQqCJWrCvMglKoqhC4Iw6BSqq31TffqXu63Dk76S+Vq/QUlhBBysmAAE0IIISeHULxwddC+z+4VIXRBGAahVFUhdEEYBpVSbbmYvuL5bkvPmDeVLddfTUIIIScOBjAhhBByclixJT98ky8Mq0KsghC6IAyrKqXaWjF6G57uNHW/8Dj82fpLSQgh5CTCACaEEEJOCOXKdt+4D2LVKISuKsyDUKoghK4qzINKqbZWzN1mtZm7z9wvN2L1l5IQQsgJhQFMCCGEnBBK5eq1QTtUqwiVqwrzIJSq6qU+2zf3nJC7DWEYNDTqxxBCV7U+ebnfem/KX6lu119KQgghJxQGMCGEEHJC8IbzF3ptxnaF0AWNk6pQqqqNxD3dqdm4qgvDYKM8P5oQumDT8Nkuc+8LbzRZrL+OhBBCTi4MYEIIIeSE8HgmqLcrhC7YSNzdhFgFIXRBGFaF+Gy1ELogDNftGPGs8ay/hBDyacAAJoQQQk4IQ1N+aF0QQheEUgUhdFVhHoTmbLUQuiAMN/nNffvTuVD9FSSEEHLSYQATQgghJwF/NP/tQycUry6ELgilqgqhC8IwCLXZaiF0VWEeNF3otfSO+fLFSv1FJIQQctJhABNCCCEngYmV6CfTvSKELgjDYH1MO+/Rc48nnKu/goQQQj4BGMCEEELISeDlRmw/3StCrIIQuiAMqyq12VobibujMKzaNH/nqXt6nec9IoSQTwsGMCGEEHISGFkIQ+iCUKoghK4qzINKarbWpnBVhGFVmNe81G8d4nmPCCHk04MBTAghhBxvpOJebcTOdluheHWhVFUhdEEYBpXUbK1YrYowD8LwG892mXpeeCM87xEhhHx6MIAJIYSQY8z29m8cgeypTktLuvdCr+1Cj+3KgB2GQSU1Wy4ma7MwDMKwYvtWx4ib5z0ihJBPEwYwIYQQcoxJZcudI579py8UL/jtQ2fnqGdgwn+qE++oq9Rma1VitUkYVoX5Ztu3dL+5Z+N5jwgh5JOFAUwIIYQcY0LxwqU+2wd2r9iYPNttOdOFez4rqdlalVhtEoZVYb7Z192re6HHzPMeEULIpwwDmBBCCDnGLFoS53qs0KtGIXRBGAaV1GytSqyiMA/CcLPN3at7umOr+7nHFczWXztCCCGfHgxgQggh5LgSSxV3q18IXRCGQSU1W67Sq03CMAjDikr3Nrz5wD6+Eq2/doQQQj5JGMCEEELIcSWdK/eN+5rbFVvXqHFyR5XabK1KrDYJw6ow36ySu012mM73WLjzMyGEEAYwIYQQcozxhHMXeq0QuqoQuqCSmq1VidUmYVgV5puF0FV9Pdk16rb7M/VXjRBCyKcKA5gQQgh5HyrV7Xyxsr1dv3qIPF+MQO42hNAFldRsrYZM3VmYB2G4Wahc1eb560O2J3OB+utFCCHkE4YBTAghhLwPqWzZHcrlCoe/S60nlPv6nrO13Xu6E295F5viUxGGQRhWhNAFYbjm2S5T93NPJl+uv16EEEI+YRjAhBBCyPtQ3d4WK9UjsAn4N78ZX9Y2AkPoqiq1ubOX+mzf3HPoF852SVHjwC5ieTYLw6ow3yyELgjDzbaPuNfsiforRQgh5NOGAUwIIYQce9yh3OV+G+RuQyU19+v1Ifu57rcGMAZnszCsCvPNQuiqwjzYvnWl3/Lgpf+I/HcKQgghhw4DmBBCCDkJTK5GW9W9+1OpTRTmQRhuFipXFebB12NnO03dz93xdLH+GhFCCPnkYQATQgghJ4EJQwArtflu3nzovHHfcVE7uDR+q6YSnE3CMAjDio3E3VEYBmG4fevOE+eShTs/E0IIeQMDmBBCCDn2lCvbt5+4lNp8H68O2DpGPOe6LcpxsJTgbBKGVWG+WaVdm4RhVZivebHXMjDu5c7PhBBCjDCACSGEkGOPP5q/2LfbBtt3Uz/w1fUh+437jmuDdkxNFO+uCPPNKtWKwjwIwwZPd2x1j7pD8UL9BSKEEEJqMIAJIYSQY8+rjZhSnh/kmU7z2S7tKzbnG5vmFWG4WaVXUZgHYVi1Y+vWI8fUarj+6hBCCCGvYQATQgghx56ZzRYGsBKcTcIwCMOKUKogDIMwrNpR93yPqfeFJ188/FM0E0IIOWowgAkhhJDjTbW6/WIporTou6oEZ5MwrArzzUKpgjCsCvPg6+5t2DXqdgWz9VeHEEIIMcAAJoQQQo43Vm9mH2fr3U2lNpuEYVWYbxZKVRXmQRgGle7VvT5kHZkP1l8aQgghpBkGMCGEEHK82XSllSM2v1WlNlGYB2G4WShVVZgHYVhVid6Gpzu3ep67eOJfQgghu8EAJoQQQo431e3tYKzQNepRMnVHleBsEoZBGFaEUgVhGIRhVSV3m6zNfP/IMbcVq78uhBBCiAIDmBBCCDkJDIz7lF41qgRnkzCsCvPNGjNVFYZVYR6E0AUNk+e7TH1j7lK5Wn9FCCGEEAUGMCGEEHLssXozZ7t2/BiwUptNwrAqzDdriM+dhXkQhkEIXVWYb99qf+Y0uZP1V4QQQgjZCQYwIYQQcuyZXI2+Q7hqGodVYbhZpTxRmAdhWBVCF4Th117qM9+f8tZfDkIIIWQXGMCEEELIsefleuM8wEpwNtlI3B2FYUUlO5uEYRCGVSF0QRgGOza7Rl2heL7+chBCCCG7wAAmhBBCjj2ZfKXtmQub840Quqow3yzUJgjDqjAPQuiCMKz4Vfum+PWQZWwxVH8tCCGEkN1hABNCCCEngVVbEssTK1cV5ptVahOFeRCGQQhdVZhvVu9e3TOdW93PXZl8uf5CEEIIIbvDACaEEEJOAoVStX3Y/bo/IXRBQ6aqKrWJwjwIw6oQuiAMN2vs3obfP7IvWeL1V4EQQgjZEwYwIYQQckJ4+DKgtK5RJVZBJTibhGEQhlUhdEEYVoTobXiue6v3hatS3a6/BIQQQsieMIAJIYSQE8L96d0CWOlVo4bOvD5oPdN8Cw6rGodVIXRBGFaE3AVPtW+2P3O4Apn68yeEEELeBgOYEEIIOSE8wC3ASqwaVWpTvNpvCGDjsKrhXjsIoasK881C6ILSvbqXek0PeOojQggh7wIDmBBCCDkh9I/73q97m4R5EIZVIXRBGG4WQle1kb7i6Y7NrhFnPF2sP3lCCCFkHzCACSGEkJOAzZc5171n/SrB2SQMgzCsCqELwrAihC5o7N6GXw9axhaD9SdPCCGE7A8GMCGEEHLsKZWrvS+8WK26Sm02CcOqMA9C6IIwrAihC0LxGj3dsdnNzb+EEELeHQYwIYQQcuwxudO4+VepTdQ4rArDIISuKsw3C6ELQuvuaG3zb6D+5AkhhJB9wwAmhBBCjj1PZoP7Clexkbg7CsOqELogDDcLoasKlbubtc2/Dm7+JYQQ8h4wgAkhhJBjz8h8CGoThdAFYVgVQheEYUUIXRD69q1y8y8hhJD3hgFMCCGEHG8KperDl35ozroQuqowD0LogjCsCKELQtbu0zPc/EsIIeQDYAATQgghxxuHP3umU0lZCF0QhkEIXVWYbxZCF4SgfVdvPuDm30+deDK9uGpxuPg2ICcHeUu31vpyyU4wgAkhhJDjjcOfedOfELpgY2w3IXRBGG4WQlcVUvY9PNu51TVs5+bfTwdp3dHJpc++vPWnf/F3f/SDv/m9P/7R7/zhD/+v/89/bVRu/OFf/eSv/uNXMsYqJscReZ//3/5f/194Y3+gdqe/vnSiwAAmhBBCjjGV6vaTmQCGLqjEKgqhC8KwIoQuCBH7IXLz7yeCdOyZaz0SvXru/l/+Hz/YpzIs9/rbz65INteXRciRRwL4nd7n+5EBvAcMYEIIIeQYk8iUrgxYsXgbKrHaJIQuCMOKELogtOuHe7Zzq3vUnsmX68+cnEQkXH/4Vz/RN2HBCv07KXeXeJYS3t7eri+akKMKA/iAYQATQgghx5h4unR1wNbK7hVhvlkIXRCqtYV+/8g2b4rWnzY5cSyuWqRXpVphPf4DlQV+2/ao/jMIOZIwgA8YBjAhhBByXKluby+a46c799e9IoQuCMPNQuiqQq+21rOdm92j9nyxUn/m5ATxkdK3oaTFH/3gb262P67/PEKOGAzgA4YBTAghhBxXMvnyjft2KNUdhNAFYVgRQheEUm21G7rfP7Jy8++JpP/hxP/9//1vYN39Y6hncCyRqv9gQo4MDOADhgFMCCGEHFdS2fKFHjP06hshdEEYVoTQBZVSba317tXl5t8Tiaz0/+1nV1q+3r+3v/fHP1pYMdcfASFHAwbwAcMAJoQQQo4riXTpYq8FwhVDVxXmm4XQBZVSba1N3duQm39PHrLG/2/+l5/CKvvBKKXR92C8/jgIOQIwgA8YBjAhhBByXIkkCk1bgCF0wcbYTkLoqiqx2loxehvWNv/auPn3JLG4avlv/4f/GdbXD1KJjdNXu+uPhpDDhgF8wDCACSGEkONKOle+3GfB0AWV1gUhdEGlVFsr5m6z2syNe+bptWD9CZPjj8MVOJgP/e6t9AZPkkSOCAzgA4YBTAghhBxXMvnypd0CWAldEEIXNDTqxxBCV7U+ebpjs3vEFk8X6k+YHHNkRf+//9f/G6ypH6LcF5ocBRjABwwDmBBCCDmWVLe3XcHs+R7zO6UvhC7YKM+PJoQuCMOb1wZMYwtcjTs5HNbnfndTqoPHxCKHDgP4gGEAE0IIIceScmX7/rTvdGcLuleE8my1ELogDL+xa9jmCWXqT5gccz778hasox8Ff+cPf8hzI5HDhQF8wDCACSGEkGNJqVy988QJoasKoQtCcLZaCF0QhtHLvVsPp1z1Z0uOOWeu9bR8Fb9V/ulf/B0/DEwOEQbwAcMAJoQQQo4lmXz55gM75G5DCF0QUrPVQuiqwjxYH+t8ZnP4uGnuJCDr97/zhz+EFfQj5Wdf3mIDk8OCAXzAMIAJIYSQY4nDn7nabz1K3Ss2EndHYRhsGj7ftdk/aq9U2SQngaO587PR3/6DP2cAk8OCAXzAMIAJIYSQY8nsZmyf3Ssqtdlam9pVEYZBGK7b/sRicsXrT5UcZxyuwBHf/KvLjcDksGAAHzAMYEIIIeT4kS9Wukbch73JF6u1WRhWhfk3nu3c7B62yHOsP1tynPnbz67AqvnR9Lf/4M/ZDORQYAAfMAxgQggh5PjxfDEErWtUSc3Wir2qCPMgDDfbti7efmBZ2IrUnyo5zhyXzb+6f/kfvuRGYHLwMIAPGAYwIYQQcvy4N+WD6BWV1Gy5Sq82CcMgDCvW0lc8077Bzb8nhuOy+VeXG4HJocAAPmAYwIQQQsjxY2jSe4Dpq8RqkzAMwrDi6+5t+PXg1tiCr/48yTHn9/74R7BefsQ9fbW7/tAJOSgYwAcMA5gQQgg5fgxMaAGs1GZrVWK1SRhWhflmle7VPd2+3jNsiacK9edJjjOLq5aWr9Z/bP/8Lz/jXtDkgGEAHzAMYEIIIeSYUa5Ue1+4leBslUqsojAPwnCzSvGCV/s2H00768+THHOO/tmPVHk+JHLwMIAPGAYwIYQQcswwu1Pnu01KeX64Sq82CcMgDCsqrdvk67HuYas3lK4/T3LMOXb7P+v2PRivPwFCDgQG8AHDACaEEEKOGWv2hNKfH6IhU3cQhlVhvlkIXbB5+HzXZv+otf4kyTHnOO7/rMtjQZMDhgF8wDCACSGEkOOErJkPzwWUCn0Pm+JTEYZVYb5ZCF0Qhl97+6F5xRqtP09yzLnZ/viYBjD3giYHDAP4gGEAE0IIIceGeLo4NOk93QEt+k5idirCPAjDzULoqsK8wdMdPPvRieLMtZ5jGsAiA5gcJAzgA4YBTAghhBwPosnio5d+pUj3LzZnszAMwrAihC4Iw2Bt5mrfxsisu/5UyfHnr/7jV7BGfoyMJVL1p0HIx4cBfMAwgAkhhJDjweh88EzHlpKmb1UJziZhWBXmmzVWrioMqxqGu4YtPPzVSeKHf/UTWCM/Ri6smOtPg5CPDwP4gGEAE0IIIceASnW7b8yj1OkeKrXZJAyrwnyzhnDdQRhWhfm29fOd630jVnmO9WdLjj/H9BDQuiMTi/WnQcjHhwF8wDCACSGEkGNAKlu+ed+mZKqqUpsozIMw3KwSrijMgzBs8Lt7piVzpP5UyYngWAfwt22P6k+DkI8PA/iAYQATQgghx4B8sdL7wq30qlElOJuEYRCGFZVkbRKGQRhWPN2x3vPMksoU60+VnAh+5w9/CGvkx8jTV7vrT4OQjw8D+IBhABNCCCHHgEy+fH3QqoSrqARnkzCsCvPNKrHaJAyrwjzYXvdy78bTl6768yQnhT/6wd/AGvkxkluAyUHCAD5gGMCEEELIUada3Z5cCb9DuDZN7ijMNwulCsKwKsyDr7u3YedTiyvAg+6eNI51APc9GK8/DUI+PgzgA4YBTAghhBx1SuXq94/sbw9XTWPlqsJws1CqqjAPwjCodK/u2c71nmEzD3918vjTv/g7WCM/RjIeyEHCAD5gGMCEEELIUUcCuO2ZA4OzSQhdEIYVIVZBGAZhWFWJXqM3BjcXtsL150lOEH/72RVYIz9GMh7IQcIAPmAYwIQQQshRp1yptu8cwBC6qjDfLJQqCMOqMA8qrdvk67HeYUs8Vag/T3KCOL4B/N/8q3+3vc1dEsjBwQA+YBjAhBBCyFFH2wL81BjAULmqjcmdbDTqbsI8CMMghK6qYfhSz8ajKUf9SZKTxc32xy1fpz8Y/7v/6X9lAJODhAF8wDCACSGEkKNOJle+cc9a608IXbC5VEFDee4szIMwDELlqsJ8zfYnZqs7Xn+S5GTxMdbpD8b/9F8vM4DJQcIAPmAYwIQQQshRxxvOXR+0KLnbUIlVUCnPJmEYhGFVCF0Qhg2ead/oeWbi4a9OML/3xz+ClfJjIQ8BTQ4YBvABwwAmhBBCjjpPZvxK9OoqvWpUac4mYVgV5kEIXRCGFU+3r1/rWx9f8NSfITmJHMePAf/2H/x5LMGTcpEDhQF8wDCACSGEkKPO41cQwEqsGlVqE4V5EIZBCF1VmG9Wurdh9zMzT/97sllctRy7vaD//C8/4/7P5IBhAB8wDGBCCCHkqPM6gJVYNarUJgrzIAyDULmqMN+ssXt1z3Zs9Axz/+eTz+/84Q9hvfyIy/2fycHDAD5gGMCEEELIkUYqsRbASrI2VIKzSRgGYVgVQheE4WYheo1e69uYXPTWnyE5uRyvvaB/+w/+nNlADh4G8AHDACaEEEKONMFY/tYjG4arqARnkzCsCvMghC4Iw4qQu+CptrWuZyZ/JFN/huTk8jHW7D+en315i/s/k4OHAXzAMIAJIYSQI82WK/UO4Soah1VhGDRW7o7CfLMQuqB0r+7ZjjXu//zpIFUJq+ZHUx7+ihwWDOADhgFMCCGEHGmK5WrvCxek5g5C6IIwrGqsXFUYbhZCV7WRvrpf92+8XPXVnx456cjK/bE4HxI3/5LDggF8wDCACSGEkKPO8KwfmvONELogDKsaK1cVhpuFylWF7m3Y/ZT7P39aHP2NwP/Nv/p33PxLDgsG8AHDACaEEEKONFuu5NV+E8Qnhq4qzIPGylWFYUUIXRByFzzXsdbH/Z8/MY7+RuDTV7vrj5WQA4cBfMAwgAkhhJAjzYMpb1N/QuiCxklVY+XuKMw3C6ELQuju5o3B9Zk1rpl9coxMLLZ8Fb9V/uV/+JKbf8khwgA+YBjAhBBCyJHm0ctaAEPogs2luoPGylWF4WYhdFUhcfe2+5kpFMvWnxv5lDiap0T67/6n/zUaT9YfIiGHAQP4gGEAE0IIIUeax698mLsNlVhFjZWrCsPNQuWqQtnuR33/5/oTI58Y29vbf/oXfwer6Yfrb//Bn88v8w1JDhkG8AHDACaEEEKONI9f+bF7RaVXmzRWrioMK0LogtC07+SNwfXZ9UD9iZFPj1gi9Uc/+BtYUz8spX5774/VHxkhhwcD+IBhABNCCCFHmsEJT2u6V4T5ZiF0QUjZ97Pn2VY0kas/MfJJcnQamAe+IkcEBvABwwAmhBBCji6eUPb6oAVKdQeNlasKw81C6KpCxL635zvXB0a5uyk5/Ab+7T/48xt3H9YfDXkvpNn6H06cudbzt59d+eFf/eRP/+Lv5Hf6O3/4w9/74x/JZbnlr/7jV599eetm++PFVUv9PmQXGMAHDAOYEEIIObrMb0WhV5s0Vq4qDDcLlasK+frh3hhcX9gM1p8Y+bSRBj6szwNzz+cPQWpWoldvXWm2t2abPiPD0smjk0v1pZBmGMAHDAOYEEIIObosW2IQrprGylWFYUUIXRCqtYV2P93i8Z9Jg+3t7YM/LvT/+G/+d5vDV38EZN9IoX325S3p3v1E727q9/3hX/2EbQYwgA8YBjAhhBBydJnbNGwBNlbujjYmdxJCF4RYbbWrZ9pXe55tVqrb9SdGSK2Bv2179N/8q38H6+4fyf/0Xy/zfL/vip6+v/OHP4QX80NkBgMM4AOGAUwIIYQcXV6tR7R8NVauanPoghC6qkqsttZV3cvdqyOvHPVnRYiBA9sU3PdgvP4jyT6QKut/OPHf/g//M7yMrVKS76/+41cOFw8LzwA+aBjAhBBCyNFl0RzD3G2otC4IoQsqpdpa693b8M7DTZMzWn9WhDQjDbywYv7L//AlrMS3Vlm+/KD6jyR7srhq+e//9f/W8ipTlR/x2Ze3PvHfCwP4gGEAHyfsdvtIjV/84hc3btzQL8fj8fq3CSGEnCzSufLdp/Zj3b0Ne59tZnOl+hMjZCc+dgb/9h/8OQN4P5y51tPafZ7f6p/+xd99yr8aBvABwwA+6kjfnjp16k/+5E9+67d+65/twu///u//9V//tSRxPp+v340QQsjxxxXMnOnY2Gf6QuiCSqm2Vsxd8Hzn2uDzrfqzImRPJISEvgfjH6OEv217VP8xZCekxP72sysHsOFX9Y9+8DefbLMxgA8YBvDRxe/3/+hHP/rn//yf1zN3H/zu7/7u3//938sd64sghBBynHEFMue6NiB0QQhdVSVWWyu2brP1sa8H1mbWvPVnRcj+aJTw6avd/+m/Xv4f/83//uGHy+Je0HsgGfZv/pefwit2kP7OH/7w0/ycNgP4gGEAH1Fu3LixxybfvZE7yt3rCyKEEHJscQWz5zp3DWAIXbARnx9HCF0Qhte6nm56gzz6Lnl/9BhuICv37xcM3At6Nw69fnXl1/oJNjAD+IBhAB9FfvSjH9Vb9gOYmpqqL44QQsjxxOJJne/aPD7dK8K85un2tZ6nGzwBEmktf/oXfwdr/PuUe0GrHJH61f2dP/zhwoq5/sg+DRjABwwD+MjRkvoVfvGLX9SXSAgh5HhiDGAIXRCas9VC5arCfJOXelafTtvqT4mQFnGz/fH7NcOf/+Vn3AgMHMxpqPavNPAndcZmBvABwwA+WvT29tb7VeG3fuu3/uzP/uzHP/7x3bt39eM/y+W///u//5M/+ZP6RDPy3fpCCSGEHE/M7tS5zg1oXRBqs9VC6IIwDNbHbt/f2LSH60+JkBbx3s3w23/w559UXL2VM9d6Wl5fH+4f/eBvPp3/TsEAPmAYwEeIfD7/L/7Fv6j3azN//dd/vcehreRbv/jFL+C+DGBCCDnWhOOFb+9ZIHcbKrXZWhuJu6MwrNo03zO8GU/xJAWk9fzwr34CK/37lHtBN1hctRzwGY/2r/x+P5EGZgAfMAzgI8SlS5fq8drMyMhIfeJt9Pb2NjL41KlT9VsJIYQcQ1ascYheUUnN1toUrjsJ8yAMa57rWB0Y2aw/JUJaCveC/nD+P/+/v4cX50j5iRwQiwF8wDCAjxA/+MEP9HY18h4bcu/evfujH/2IJ0MihJDjS7my3T3qPL7d2/Ba79rLZU/9WRHSUj4kG7gXtHA0d342+nt//KNP4T9VMIAPGAbwUSEej6un/P0X/+Jf5PPcbYwQQj45nIHMpZ6tw05fGAZhGD1ds/PJhsufqD8rQlrNX/3Hr2C9f5+evtpdX8SnisMVOLI7Pxv9FPZXZwAfMAzgo8LCwkK9eg382Z/9Wf3bhBBCji3b25r7p1zZ7nhmV4KzhWKsNgvDqjDfpN69DbufrJbKlfoTI6TVcC/o9+azL2/Ba3I0lUo/8b8pBvABwwA+Kux4/GceyIoQQo4v0rGFUiWdK2dq1m/dB4l08cY9s5KdHy7GqiLMgzDcJHSv7oXO1QdjpvqzIuQj8CHl8CkXgrxux2Lzr660+sluYAbwAcMAPircuHGjXr0GLl26VP82IYSQY0WhWFm2xD2h7Lo9YXIlveFsOleqf+9tpLOltic2pT/fW4xVRZgHYRiF6DV6vXd1fsNXf1aEfBy4F/R7cPQ//Wv0xJ+5igF8wDCAjwo7BvDf//3f17/dIux2+y9+8Ysfv+bBgwf1b7wvssBTp07VF/fjH29sbNS/sTt+v1+e7F//9V//yZ/8ye/+7u/Wn+o/+2f/8l/+yx/84Afy8Kampuqj+6O3t7f+43/8492OmK2fKUp+ovwU+Vnyc+Xyv/23/1Zu3P/RwmRSP/Hy7//+78tCfuu3fksuy2O+dOnSRzrkmPyC/v2///fyU4TG8b3lgn6LfEsGPvBT4vt59eRHyK9Mnqn8UP2T6vpjkBfw7t27/Jg6ITuSL1ZWrXGnP2PxpMzulMOfXjLHkpl9NXAiXfy2NVuAMVabhWEQhlFoXVCf6Xi04f3/t/cmwa0cZ77vW3qpjfudZS/cNxzut9Ci+8bpu/Ki/ay7U4Rsv7Ozb0gvQmHfhWx3tLWz5bfQSpZsWTo680xwBDjP8zzP8zzPJIh5Rr+vKpM4hS8LIEiCIED+f/EPuFD1oZAF8sj4MbMy9xzyqgC4Gspquy4mD//y01/f2lHQ//reb9inkeW52XcCQ4AzDAQ4WyCTEXpjhGxNHk4HpvNskUTJw+eH7Fc94cjIiDysQPW/+tWv1JeokF+RmlKD5SsTo64dxfyZnJw8TR5LALWK2iZfYEaKJ0mlwalAl0BvR4ItT30W77///nn/aiA489OjK6LfkOQtoR/op59+Cg0GwEgkGj12Bjb3PVsHnqVN596xz+MLza87dg69siIpVFzavqYYaep5q6lmYcVqWH1cmOiysGJb04wn5X5vAC4GRkGflwv/yeAac7Pv2YYAZxgIcLZA4iF9Ip4kPnleSFFU+aQ9F9Y20h55FgOJGkyulYr6Grlz586ZXcp//OMfZfUpxm7MZ8+epfimVJaoP5xUPMWTkCheslN9Z2fnTNNOBGlwco1XSf7p0bUYu+iTQ5Vp/F0F4AZw4gosbDjHFo9nVk/Wdtz+YHhjz0NKTG4sKxLj9oWsrRcQYO6fSlg9CyuOCxNdNayeghWAQcbAKOhzkSvTXxnz/R99AAE+VyDASYAAZxGm/Wz/+I//eF6rSQI5kjyvAbJEeficxAblxiALksfiUUUrRc7soE6kcGT7phebHPZRkI7++Mc/lsdSg1Q50UDiM7HZbOf9GwGDfoXO9e5JPr1f/epXclfK0LvDgQEwQsY7v+4gDR6aPZxYOt498oYj0WAoIg8nRusBbktdgLl5KmH1LKyYh4kuCys25oF1smd0Q14SAFfJhbs0f3D3l7dwFPRPfvEH9jnkRFq6RuUF3DggwBkGApxFJFKONDqw6VzT5Hjy8Hkw7bI2vWmZnEoePj9nts1U4cjf3nvvPfn8nMQUjj5z1fBTgTzwArcEk3vL118OUmiLxSJPehZp//Qudu0A3FTIdV2e4N6xj9R3c99D9isPnMXhif9h2Zxiqmq4c8aHFbOwYh4muiys2CSWibya6fnVA3lJAFwl5A8XntP4tnnCVbhWZvL7P313U/9aAQHOMBDgLIKUMlEHIJlYWvrWyG1MB7VeQFpSHP9MZzZ9x3fffZc8jXRLDMCemZmhbTHTkqzQuYAA19TUmPobuRmd7eOPPxbzYCXi7t27dNpE9kvXQif/1a9+JebBSgS1SjQvRT7//HP5SjOowXRCI3QhyfuKU7wlmE4lX3BKok+PoE+GLpyOmv5AY2DxagAY/gCZ7/m+tJEtK75qjGKbcWHFalh9XJjosrBik1gmYrE2TtudmB0AZAiMgk6RXLwBWOQGj4KGAGcYCHB2oQqJkU8++eTy0yzRSeTpDJCAycMpo/qh6ZRdpne02mw2edgMks9YI8m45N4EqJ+YqmfUVNYp6tOnNU7kkF9++aXp1bH7e+lnQZXycDzUBnoLWXcWIyMjiVry6aefJur8p/PTRSXycNqfSgNS+fTeeecdKmO/eDv6hNiyQgEDoQG4JMfOwH3r7LnEVQ+rZ2HFcWGiq4bV8xi8V+SrfBLgKXk9AFw9F/a6m31zqUou3gAsAgE+VyDASYAAZxckLcn7J8lPLrk4MMmJPJcBU3dNgumoZlOLVoWKbEoeSwqJ38cff3ymSiX/kwFBCp1IBUlok/ejxjAd2i1INHQ5xR9Top84GXgqvbj08kQj58+8fZo489N7//33k/zNRZ1EWkA/OFkBALgQ/kA4fhIsRTjjEiszDSvmYaLLwop5FO+N5dviiea+ZXk9AGSEf/q3XzEHSDG3ShV+9tGf2eXnUG7qasAQ4AwDAc46kvQHxiCr/PLLLy/cG2xqXKks4RuDDEe+zIA6jppaKI8ZSKVnMnWSK9yZsm2xWGRpYtjMWCqmA5hT/JuC6WvfeeedRB2/ppj+OOi36MyR7ck/vVQUOlH70/tTBuC2Mbt28k3JDLdNHia6LKyYh4kuCys2iWK8ccmfeFExNbW4J68HgIzwH589YA6QYm7VKOicFuCRiQV5GTcLCHCGgQBnIy0tLaQQUiYSQzWkKBe4fdd04G6STk4VtV/X9GbdGmVx4/N2NZ9JEoU7034Fpvf6xjjTfgnyfNO/WZwpsWSJ6idJpHgHb4xE3chnjmy//KdHb236u3reSwAAGClpXeXC+TZMdNWw+rgw0WVhxSZhosuS/zbFjTP7x255PQBkhNbuMYyCPpN/fe837PJzKDd1ImgIcIaBAGcp5E53796VMpEUUi9ylXP1BpMzq8JGHigPn4Xp+GdTUVSHyIopptJIIoVLpfdSkOg+XoIOyaKzMB2HfKYEmvY/n3nbsymmpyK7Tt4Te/lPj6Bi+TIDlxyoD8Atp3lom5unFia6LKw4Lkx01bB6Hia6LAbvjaWkYSr1Wa8BSBcYBX0mF/6IsiHP8+vkZdwsIMAZBgKcvZC6mA5tNeUdfaai5LZjxHSNXDJbeTgpaqtIp03fmgxQVpyS9sGxpgp37949eTgFdnZ25MviOVeXuNrXTSSf64sw/RvHBbr0CfpUTXtik/9ML//pETMzM/KVBs6l0AAARnHLisE/meiyxMrMw0SXhRXzMNFVo3ivyN+LJmo65uTFAJBBLjwK+gYvscPIaQG+qYPVIcAZBgKc7YyMjPz4xz+WVnEW7777boq38pouCJzK3EUkWuqo3UTKZHoP8Jnjcs+FqnBndnuqqP3h5x2qvbKyIl9pIHkvqOmHc+ayT0kw7YlN3omdlk+PUD/Ai/VjAwAIjy/0unZREV0WRVbjw0SXhRWbhIkui2K8cbFMPLKND09tyesBIIOMTi5iFHRyLrxgcjYEPcCpBwKcBAhwbtDS0pKiBr/zzjtsyR9TTD02le5Z065Otj6QEdN1etLowKrCpT6WO4Z6G/B5RdTUZqlt8rAZpiPJUx90rWI6v3fyVXnT8ukR6k/5vN3IAIAYXn/YUr+sGG8siqwawkSXhRWbhIkuCxNdNaeVhXVTW3sOeT0AZBaMgk5OTt8DXFrTKS/jZgEBzjAQ4FwidQ1OZfiu6fjqM0ftqje7Ju8zTDSKm/ZfbKwvIy0Kpw5FvkBP7Hl7QU3nT07yp4RUUEdBJ/800iXA6q/lBT5AAAARCmt9UPPrjq8K0ua9FFbPE1Nc0zDLVcPqLRO2ximPNyCuCIAMc+FR0B/+9ovb0An8k1/8gV14DgWzQKceCHASIMC5R09Pj+kdvIwz+4HVG3SJ5B13JLqqYiW/29Nut6tdzQIyRlLEc633o5IWhUuLv9H7yhefklyATX+I51qMSkVtAyGPmQEBBiCriESjdlcgEIwcOwN/K5w+03spTHRZWDGPIq48THRZWPFpvsqfsDZMyksCIOOsru9iFHQSPvrdX9iF51BuqtRBgDMMBDhXIX1VrcMIaeeZXazqyFWS0iQTSpuOfz5zrmPTsb5G3nvvvVSGbZuSuwJs+uO7wP23Rs57TggwANlDKBx1+0IeX4g2JpaOvypQfNUQJrosrNgkirXGhYkuCytW8m3RREP3zeylAbnChUdB39RVdoxcuIc8G3JT/0IBAc4wEODcxmazmXb6CUgsZV0CTEfhJln59t69e7LoFFJoeSwpX375pTpCmEHGTu1Jot+m5K4Aq399oE9AHrso6g+ISNLHDgEGIHvw+sNHDn8oHKGN/IZlrqx6mOiysGKTKLIaFya6alh9fL7Kl3lkHR+exgxY4DrBKOgkvCioT7trZSY/uPtLCHDqgQAnAQKc8/h8PhJdqR0Kye/pNV0BKJG60BupEksGJQ+fRU9Pj+mEWAx6i08++SR1Dc5dAVZHhl9+kWTTO64hwADkBOFI1OUNOtzB1uGdr4viBj8z0VVjLDaJIqtxYZarhtXHJ+a9seTVTC2tH8qrAuA6uLBO3IZR0FfhWpnJBx9+BgFOPRDgJECAbwKkpqYryhLJJwEmTOXZdOy0xWKRhw2c6w5e0lqSW9PlahkkhylOB5W7AiyLDFxeGtVPg4AAA5ATRKJRcuD+6QN9+ivprkx0WWJl5lFklYeJLgsrjg+TXmNKGieP7B55VQBcExceBX1T5xk2kqNLAd/gHw0EOMNAgG8I5Jam/avf+973kt9Waqq1pssUqcNrLyY51FQ6v9r/qZLKusS5K8Bqd/p5Fx9WoXeU5zIAAQbgWvAFwkOzh1sHKakg2a/XH/b4Qt0Te+SuTHRZ4izXNIqvxoWJLgsrVsJ0l+VLy3hJ/TiZvLwwAK4JjIJOQo7eBnyDjQ4CnGEgwDcHm80m5SOekZERWWEG6bHaJauamOn45/v378vDF4Lc2/SeVSNnroubuwKs1tMPQh67KOqFEPKYGRBgAK6OqRX7g9K5xU2nfJ4A+qrtD4adnqDDHSABnl6x/7WAG68It1w1iqzGxWi5pmH18WGiy0LeK/K3/PHK1ml5bQBcHxgFnYSy2q6cGwX97z//zxv8c4EAZxgI8I3CtFu1paVFHk6A6Y2jbD0etaOYfPi8E1aZsrOz88knn6h2LaD9yVcGyl0BNu2xT95dfyam55THzIAAA3B1TC7bH5bNLW+55PME0De6SCTq9obsrgCZ8MjcoSrAXHRZFFmNi1FxTcPq48NEV01MfUW+KxlrHViW1wbAtXLhgb7P8+vkKW4oF14p6hrz2RevIMDnCgQ4CRDgG4XqIUSSWZ0FpgsCf/rpp/Kwjnqr8Jl3F58L0mBTDyeSTw2VuwJs+sM61z3VKucdVg0BBuDqmFqxPyqbW905Q4AFJMBOT3Bl2/Wscj493ksxWq4aVhwfZrlqmPfG8qxsfGpxV14VANcKKRNTghRzs0dBt3aP/bf/8b/YJWd/brbOQYAzDAT4RmE6ojiV2aTUnkOjCNntdtWsLrxybxJMl2UikvSL5q4Amwp/ilN/mUI/JnkWA8nbAAEG4OpoHtr+a+HUwoZDPjcjHI4GQxFt/mdP0OsP9U3tn+29FMVX42K0XDWsWAkTXRamu2oKaye39k7k5QFwrWAUNIM+kP/47ME//PPP2PVmf27w/M8CCHCGgQDfKExHwPb09MjDiTE1z9jY6WfPnsldp7zzzjuXHKybiE8//VS+h4EktzHnrgCrnyqRyrxfiTCdzyx5/z8EGIArgr6rlbavkay+rFk4OEn2X0u3N3TsDDjcQfp2NzJ/FCe6LIqsxsVouaZh9fFhosvCLDdJShsnnW6/vDYArhuMgo5BivXz//f/Y5eZE/n+jz4YmViQl3FDgQBnGAjwzcG0A5BIZVSt6YLAMRlTxz9fxtOSYzoeO8lsW7krwGT1ss7A986atTsJpv3/yX/6EGAAroj5dcfXRdNCXDf3E04E7fIE7S7Nfv3BcDgS7RrXpoDmUWQ1LkbFNQ2rjw8TXTXMb5Pnq/xxa8O4vDYAsoC/PrJezCtuWJdjjg57Fvn9n7672d2/BAQ4w0CAbw41NTVSPgzcuXNHHj4L1XJFNy+5sTr++cyJtS6DOis1eZo8ppC7AkyYTlp25j3bppj+mJLfPk1AgAG4IiaX7eSu4lbelW2T24DD4ajHFyLvFeobCkci0XgBVmSVx2i5alhxfJjlqmFmm2L+XjRW0zkrrxCALODCXvH9H31wfHLGFO45AX0COTrsWYR+ELdB5CDAGQYCnBWQZ5JSXnJQsSohROpdtaYDaG022/379+WTUy7mSKmjCnCSxZByWoA/+eQTWWrgTGs1xbT790yXhgADcBWQzVZ3bwj7NQowiW4wFHG4tdt9nZ6g3Rlwaasfad2/ontjZO7wsl2+rFgJE10WJrTnzcOSsYHJDf1aAcgWbvMoaNKqHB32HMtt6P4lIMAZBgKcFQjJJPEjIbmYBqsmI0i9q5beVzVP0irVbdgE0ellZmZGvo2BJBNu5bQAr6ysyNJ4ztsJbNr5LzrwZUUCIMAAXAXLW86/F03HBFhMBE3f4Q5OfPt2ny8Q3jrweHyhE1dg79hLAqz3AGvf8IZmD5mvvo3Rck3D6uPDRJeFeeyF86ZqYn51X/8MAMgWXhTU385R0Dk97FnkX37665vRD38mEOAMAwHOCsiUpDfog5bJh8+lwaadt8R5JUSdl1gdVUskX5g3Bl0CNYAu7VxL+5ia/M5Own/DOS3AhDrynKCPPfXpoKnS9Mf0+eefy4rEQIABuApG54++LpyKCfDs2smRw0+uu7bjIgEm9d3c99Aekl6HO0Aa7PaFAqEIvdBEgI2KaxpWHx8mumqYwV4yJfVTR/aENzwDcC1cRi1y1L7oknN62LPI93/0wfD4vLykmw4EOMNAgLMCowAL3nnnHdLRM1WzpaXl3Xffla+Jh6QoyeTJpphOQMVIfYCu8WyffPJJEomNYWryyVUq1wWYfsSm+kp8+umnZ/4dhCzX9OUpth8CDMBVQKJ7v2RG3Mpb2LRMurtz6N068GwfenaOvKS+tL2y7QxHoqS+dleA4guE6YXTK/a3+mq0XDWxMrMwy1XDxDVdsTZMBEPahQCQVfzkF39gbpBivnpYIk+RO5BK5fqwZxFbdYe8pFsABDjDQICzArXrNQb57XvvvUeicv/+fdJdAWkPKWUi9RVcbKCy6UJKRpLcjsugdsrXnHLv3r1EHZvkgepfAQR0HllkRq4LMEEfqXyBAp2Tfo5qFzp9XHThiX5YpMQp9rpDgAG4CshvvymWU0C3DMuvIA53YPfIS8Z7eOJ3eYIbe+6IPveV2xvy+EI+vzYbltYDbLRcNYrrsjDRZWG+mt58lT9qbRgTFwtAVnF7RkG3do/9n//Xz9lV5GI+++LVbbj1NwYEOMNAgLMCdaKpS5KieqmYLghsJJWOXIEqwDHIskiQSPupnbRx9+5deUDhzHG8N0CACdOB0AzSWmqVep82gwpSHz4NAQbgKtg+9MYEuHlwW+y0OwMr267Z1ZOVbefesXdx00H2S95LX/J8gTDpMT0d1ibBUqRXRHFdY5josjBTTXfGRP5eOFrdNi0uFoCs4jJ2kSsWQdd4A4Y9i3z42y9ulf0SEOAMAwHOCnw+n6pPF+bC9kuQ38qzmEGeJutSIPmpUuH999+X50rMzRBggorlyy4B2e+5xr1DgAG4CtZ2XN+UxAR4S+z0B8Kb++6FDcfSpnN1x+X1ax2/FLdXmw2LNuj73uDMQRq9l6LIanoj1VfkfvFo68CiuFgAso2fffRnpgcpJidGQZM+3Yxhz5Tf/+m7WzLxlREIcIaBAGcLdrv98gpE/nOxVWSNJOmNTDIbsymXuaK7d+/SZyJPlJgbI8CEei3ngtqc4vxkMSDAAFwF3RN7unxqiQkwoY951pb/pZAPk/c6PUF6pPgCWlfw2yHQ8aLLYlRc0yimmt7EeW8sj6yjIzOb8lIByDIuPAr6X3766yzvjbwxw56//6MPvnpYctv6fgUQ4AwDAc4uxK2wiWZFSgK9hF6Y+vjkJCSaU5re4lxzUwtIyFUzTM67775rs9nk68/iJgkwQb8A77//vnx9ytBbp/6JGYEAA5B2jp3+x2WzMVk1CjB9ryMHFtvBUETYr8OtTYLl1cdCa0OgDaKrhokui2Kq6Q03XpZXlVgDCWQvlxGMrBUJuqgbM+yZ7PdWzXrFgABnGAhwNkIeS95I+nTnzh3pEwkQ94Xev38/lc7S1Ll37558AwMX0LkYpGd0zjMv51zqK2hpaTGaJ30gF5j9i5zf2LZ33nkn9bm+YpBMGv9yQSc8b4d5jJGRkU8++eTMCcnoLeiHcjH1FaTl0yPoSo03J1/sAwTgZrCw7jAqa+PAVvhUeo2Q7pL0kv1SfIEwyTCVjSQQYCa6LIqppjdcdFm+soyLFNdN7B445OUBkH189Lu/MENIMdk5Cnp1ffeKhj2LnlhK2pUsUf7lp79eXpXTJdxOIMAZBgKc7ZALkaWQD5NfGSHpPe8qR6ljOi9x6lMrJWFmZobOI69BR8xufa61gm8P9LHQhyM/KQO0s6enRxYBALKJhQ2DAOdPtA5vx3p9VRzuoEdfBNjtC5EAj84fvX1ttg51Fol5byy2hgmn+9yjhADIGBceBf2Du7/MtnG5VzfsmVw0tvruyMTCBx9+xgquIjk323bagQBnGAgwMEHte7xz5448BgAAIDHz6ydCfUU6xnblAQX6vkcCfOIKuLzBQDBCBtw1vptz3huLrWEsHInIawMg+7gZo6DFsOcr6ptVJ6AiL/3qYckP7v6SVaY33//RBxBgCHAmgQADTovZ8kUXGxkLAAC3jbVd133rdEyAW4eTjesLR6IUnf/aPvQ8LJ1hrmuMYqrpDXddFqa7PPmjZY1YBBhkO7k+CvpKhz0/s9QmslDaX1rT+e8//0/2qjTmeX6dfLNbCQQ4w0CAAcf0BuCrG24NAAA3iUgk2jayExPgJD3AjIMT3/2SaSa9FMVU0xsuuixcdOMTK/t74WhtBxYBBtnOhUdBZ0MXZWaGPSeBPoGRiYUPf/sFfRrsDJfPLVz71wgEOMNAgEEcOzs7xpmcBD/84Q/lYQAAAGfRNLAlBVifBEvuPYsjh/+BLU6AFVlNb95arhomuiysmPJd8Wjn4JK8EgCylRwdBZ3hYc/JIU0l6NP46mHJBx9+lq7R0bd8FDQEOMNAgEEcptNfff755/IwAACAs6jr3RCzWFGaB1Od2nRz3/1N8VQ2ey+F1cfyyDo6Ppeq6gNwjeTcKOjRycWfffRn1pi0JPmw51TQXViDFJp0q7Smk/JP//Yr9kYpZmRiQZ739gEBzjAQYBCH6dI7aVleGAAAbgmj84d/K5gUAtw7uSf3nsXChuNvBVdnv1xZWZjosrBilq8sY68rx5bWD+SVAJDFlNV2Xcw0rqWL8kqHPV/RykOfffGKvVeK+f2fvsv8J5wlQIAzDAQYvMV0+qsf//jH8jAAAIAUGJk7/OupANO23HsWM6v2rwvTLsBcVlmY6LKwYhby3liwCDDIFcg0/uGff8ZUIcVk0iiyatjzubiwy93mUdAQ4AwDAQZvMZ3+6tmzZ/IwAACAswiGIhUda6S+X+VP2NpWfIGwPHAW6RZg7qvGMNFlYcVqjOorYmsYwyLAIFe48CjojHVRZvOw51S48CjoW+tsEOAMAwEGEtPpr2iPz4fvNAAAkCqr2y5xKy+lb2pf7k2BNAkwl1VjmOiqYfUsTHqNsTWMYhFgkCtk+SjoXBz2zPiPzx6wt04xWbLcVOaBAGcYCDCQmE5/de/ePXkYAABACsyvO4T9UlK/ATgUjsysXEaAuayyMNFlYcUszHVNoi0CPCqvBIBcIDtHQefusGfG6vpuNv+JIQuBAGcYCDCQmE5/VVNTIw8DAABIgYWNtwKc37BIZisPJMUfDG/uu+9bpxSzTR4uqyxMdFlYsRouuvGJlX1dMFbdNimvBIBc4MJdlFe3XO3o5OL//f98yt4uLcnMsGcGRkGfCwhwhoEAA42ZmRmpvAbu3LkjDwMAAEiNpU2nsF8S1K/yx6dX7PLAWRw5/OcR4Lf+qYaJLgsrVsNEl4UVU74tHG3omJGXAUAukG2joK9u2PO///w/MzPsmYFR0OcCApxhIMBAw+fz3b17V4qvznvvvdfS0iIPAwAASI2NPbfRVDtGU/0KsrrjSmEZJC6fxjDRVcPqWZjosrBiY74rGu0aXJKXAUCOcOEuypaudA74vzHDnhkX/hMDGfstHAUNAc4wEGAAAAAgbSxsOIzK2jSwKQ8YMP12t76bRIC5c7Iw0WVhxSxMdNWwep680YclIwPjq/IyAMgRLtxF+a/v/eazL15RXhTUk+a1do/JM56fGzbsmZETy01lCRDgDAMBBgAAANLG4iYT4C15wIDPH/YH+fJIw7MHf9UHThui2GZ8mOiysGI1THRZWDFP3mgsT6zD0wsmlwlANkPieknloJfH8rOP/kxGfS4ZvnnDnhkXXm7qFo6ChgBnGAgwAAAAkDZYD3DPxK48YCAUjrDJseyuwHfWacMLFeE0hIkuCytWw0SXhRXzGLw3ltcVo0tr51jwCYAs4cKjoBNFyDCZ8OjkonwPM27qsGfGhUdBf/DhZ7dtFDQEOMNAgAEAAID0EAxFqrrWDB47PjBtYob+QDgS//XO6Qm+qJrjthkfJrpqWD0LE10WVmwSxXtjsVSNrW4eyisBIHe48CjoM0My86/v/eZFQb18JwPkxv/9f/5vVp+WfP9HH9iqO7JHHS8sdXQhWeLwGQMCnGEgwAAAAEB68PhCzypmjQLcP2UiwKFwhAxYPtGhr6w13WTOinbqYaLLwopZmOiqYfU8iu4a85VFS0nd2P7R7fq2Cm4G5KJptw5jhAaPTCzI99M7RW/2sGfGhUdBP8+vk6e4HUCAMwwEGAAAAEgPJMAvq+eNAtw3tSePGfAFwg53IBSOc+CdQ8+3xZNG+WSiy2KsNA0TXRZWzKO4LotQXxFb/Zjd4ZGXAUDuQNZx4YmaUg+JDXkgyfZtGPbMeFFQf7FLvrr1lrMTCHCGgQADAAAA6eHI4X9Y+vZW3r8VTMysmqwDHI5EA8FwMBSJRKK0TY+0kyr/VqBpLRNdljhNNQsTXRZWbBLFdY0xem8s1rphj9cvLg2AXIGM9L/9j//FnOHqckXqm23DnhmXGQUNAb5kIMBJgAADAAAA6eHA7hNzWT2vnPsqf/zrwonxxSN57BT6Vuf0BAMhbRIsf1DrCiYZDoUjlroF5ros3FTjw0SXhRWbRHFdY5jxsljrhsKRuDm9AMhyrm4G5kwmO4c9M37yiz+wZqeY0ppOeYpbAAQ4w0CAAQAAgPSwc+i5XzJFAvx14aToBG7sf7sOsBjz7A+E7U6/WAaJNNjtDUai0dVtJ9PdWLipxoeJrhpWz6O4rjFMdNWIMmvtoH59AOQGf31kzcDI56tO1g57ZmAUdCpAgDMMBBgAAABIDw53QJ/MWVNfYZjd42+XQSLdFZ29Lm+QvJf2hCNRX0Db0zK0dS7vpTDRZWHFPPGiq4aJLoux8uv8kfLGUXGBAGQ5pBn/7++/TLtpZDhZPuyZgVHQqQABzjAQYAAAACBtzK+ffGediqmmcRmkSDQa1Ec+h8NRsQwSCTCFtPmhbToT3ksxuKsaJrosrFjk7wUjte2T+vUBkO1c3bpHGUtODHtmXHi95dujcBDgDAMBBgAAANLJwvrJ47JpIZytw1tyr75KsNgQvRqkvto8WNGoPxhuH97+unDiraYqYaLLwopNooirMUx0WVgxy7eFIw0dU/plAZDV/PWRNdf7fj/74lUuLpBLzWYXkmJ+/6fvbkknMAQ4w0CAAQAAgDTTNbYjzLNp4O09wPRNzh8I6wOhNRP2+cPkwDraysB5dQtvffU0THTVsHoexVeNYaKrhtWziJpHJcM9w0viAgHIWlq7x3L6vt/cGvbMwCjoM4EAZxgIMAAAAJBm+ib3xJDm5oG3PcD0Tc7jC1G8/lAwpN0J7NdvCSYNnlo+Zj3ATHRZjJUmUWSVJaa4pmHFLKz4iXV4eHJNXiEAWcnq+m5Oz/mci8OeGRgFnRwIcIaBAAMAAADpZO/Ym1+/KAS4ZeitAEeiUdJdsl+3N+jza13BYr/DHYjdNsxEl+Wt4iaK4qvGMHdlYcVqWL3IM9vQ9MLbXm4AspD//j//N3ODXMn3f/TBVw9LcnHYM+PCd1/T5ctT3GggwBkGAgwAAACkk+7xXWG/lK6xt19BhADLJwZIgJ+UTTPXNYZbrhpFVo1hysrCitWwepantkEIMMhmLrwMz7VHDHuWl5HjjE4uYhR0EiDAGQYCDAAAAKSTjtGdmAA3D0o5pO9wib7FkQA/sE4x6RXhosuiyKoxzFTVsHoWVszyZd6IyIuyoel5CDDIUsgrLjz49npzA4Y9MzAKOgkQ4AwDAQYAAADSycTi0V8L5IJGfVN7YmcorK14JLYZPn+4vH0lXd5LYbLKwopZWLGamPqKWKqGVzcO5JUAkGVceP7ha8yNGfbMwCjoJECAMwwEGAAAAEgn24eeb4onhaz2nwqwETJej0+bB0s+p28/rsCzipm3ipsoiq8aw0yVhRWrYfUszHtjgQCDrIWkIudmfr5Jw54ZZbVdF3O8Dz787MaPgoYAZxgIMAAAAJBOljYd354KcKwHOIY/GCYBFvcDG7/VxVZOMokiq8YwU1XD6llYMQvTXTWWqhEIMMhOcq779+YNe2Zc+O8RN97lIMAZBgIMAAAApJO1XZcQ4Pslk8tbDrlXxx8Iu71B+SQeEuOanvVc8d5YJQQYZC05d/fv8Pi8bPoN5aPf/YVdcop5nl8nT3FDgQBnGAgwAAAAkE7GF4/ErbwPrFPz6yfGsXvhcDSSeCzf2MLhmd5LicmnaVgxCytWw0SXhRVTdAHelxcAQNZw4WmHrzE3XvMwCjoREOAMAwEGAAAA0snajutF1SwJ8F/zx9uG364DfCYD03vMV41h5snCitWwehYmuiys2JiS2uH9o7hebgCygVyc/gqalyg3fjEkCHCGgQADAAAAaUZfCljrBK7vXY+cTv5M39+M3+HY17m9I+/zihlmrRQmnGpYPQsrZmGiq4bVs1ABBBhkJ7m4+tFtWPMWo6BNgQBnGAgwAAAAkE7oK2zb8BbZ75eWsa8Lx9d2XbQzHIkGguFQOEIblGBI2xD1tJ8elzYdqYsrxVishhWzGBXXNKyexVgJAQZZSC6OfxZp6RqV13BDeVFQf7EfzYe//eIG/3UAApxhIMAAAABAmtncdz89XdZoeUtbz9MfDIuuYLc36PGFKHqHsD4tli9E+1e3nX/L124AZrbJYrRcNaxYjdFd1bBiFlYsAgEGWchfH1lzVIA/++IVxvqa5mZ3j0OAMwwEGAAAAEgzkWi0qGnpVIA1PyT79QXC4UiUjNfl0Rw4GIrQntg3usWNk68LxphzxsJEVw2rZ2HWysKK1bB6YyDAIAu58Djba89tWPP2J7/4A7vqFFNa0ylPceOAAGcYCDAAAACQfiaXjr7KH/+maGJr301Pvf6Q0xMMhbXlf0l96ZEiBj8L1nacpgLMRJeFFbMwWVXD6llYsZJhirV2wOP1y2sAIDv42Ud/ZjKQK/nB3V/eeAHGKGgVCHCGgQADAAAA6efY6f/KMlbYsEC6S0/d3qA/EKbE5sQS0Nc50mB67J/a+2v+WwFmossSKzONYqo8rJ6FFZtFU18IMMha/vW93zAZyJXchnmwMApaBQKcYSDAAAAAQPoJBCM13WsVHSsub5AcWCz/q357ox0kwIcnvmcV07p8JotRU02jmGpcWDELKzbLW++NBQIMspBcnAI6luMTbdaAm82Ff0A3VeogwBkGAgwAAABcCbtHnpG5gwO7LxTWOoFNETNCr247meuyMFllUUw1LqxYDatXwqXXGAgwyELS7hKZzG3wlguv0nxTJwmDAGcYCDAAAABwJZy4AjuHHo8vJO74lXtJevU7geUTnfVdFzNeEWaqLIqp8rB6FlashLsuy1d0/rwRCDDINlbXd3NagG/8SkgERkEzIMAZBgIMAAAApJ9AKEIC7PQE5XMDZL9kxfKJzvz6SereS1FkNS6smIUVm4W7rjHCe2Ox1fZDgEFWcRUukcncBgEmMAraCAQ4w0CAAQAAgPQT1AXY7vKLSbCS4/IGmwY2SpoX82rnnlfOvKiaeVk1y8SVophqXFgxCys2C3ddY5j3xoIeYJCF5LQAj0wsyMu40fzHZw/YhaeYrx6WyFPcICDAGQYCDAAAAFwJpL4ujzb5czh+5mdTolHtfmCfP0QvcXu1jM4ffFs0fqa7Gi3XNKxeCXddY5juqrHWoAcYZB3/8M8/YzKQQ7kl3jI6uXgx5buRK0VBgDMMBDir2dnZefbs2ccff/zjH//4zp07/8cp77777nvvvff555/39PTI0hTw+Xw2m+2Pp1gsFrvdLo+dB3oVtUqe5Y9/rKmpkQfOwvjuLS0tcm88dMl0XXS9dI10pXTVtH3v3j3aSYdk0VlQ5aeffkov/OEPf0gneeedd2ibPrH79++nfhKVXG+/Cv3+iNYSosGCf/zHf6Q9v/rVr+gdR0ZGZPX5OfMTo5PThxN7a3pfcZnG38yVlRVqpDzLeX7fEkEn/PLLL+Xp/vjHmZkZeQCA9JFk1qtzUdmxovjq2zDRZWHFSrjrsjDRZYmVQYBBFpK7yyBRbsMs0AKMgo4BAc4wEOAshb6jk35873vfE2KQBHIG0oNUVJZOKF9zCrmHPHYe7t69K19/CtmaPJYYshpZfQqzd/IQao88lgC6BPpk5AvMSPEkFzD/XG+/EfLS999/P5XfLgH9xOkl8sUpk/wTo0tIcqWkxLEytZ2ffPKJOHoB6PNXT3gZyQfAlFSGPadCz/jOVxajtWphosvCis3y1nLVMNFlYcUUCDDIQn7yiz8wGciV3IZ1gGNgFHQMCHCGgQBnI2QOqcuJ4M6dO2d2ZP34xz+W1afQHnnsPJByy9efQkomjyXmj3/8o6w+xdgl+OzZsxQvmcoS9QF+/vnnKZ7knXfeOW9HYq63n/D5fF9++aX640sRcuZziXeST4ws1NjhbIqopDarnwntufCfAD799FN5FgMQYJB2QmGx7u9l2dhzfV0wJsSViS6LwW8ThburMUx01bD6WCDAIAv56Hd/YTKQK/n3n//n7RHgstqui1nfBx9+dsM+JQhwhoEAZx2qNqTImd1i2SnAZDhkVnJXypBwitMKdnZ21KtLDkmU6aDcROR6+8nxxIDqy0BnSH0MdqJPjOw3FQkXJyFMP172AaaO+tZ37tyRxwBIH6S/iUZBkxqnPkB6a9/9jX4bcJIoosvCldUYZrlqWD3LVxBgkJW8KKhPu05kJr//03e3R4CJC9+tfcMGikOAMwwEOLsgQ5Dfys/PmTabhQJM9vjee+/J5+ck1muXolCpvPPOO5fUuVxpP7Xz8vYrSP13xvQTs9vtKV6sPIs+YFvuMnCxX92enh75egOpDOAH4Lrw+UMvKmeY8YooosvCZZWFiS4LK2Yh740FAgyykKvQicyktKZTXsPt4MJ99c/z6+QpbgQQ4AwDAc4iSGaMM13FePfddy0Wi5AHKpuZmaHtZ8+eMfXKOQGuqakxtUcx59PHH3+cfJTs3bt36bSJ7JE+STo5NSy5+FGrRPPOJKfbT+8iXxDP9773PWrqJ598Quehy6HfKzFt1b1795Jo6v379+V5k6J+YnR+009MhRomz6Lbu+m/i9T/eBED459BzhGORBv718/jvRTuq8Yw0WVhxWqM6itirRk4srtkcwHIGi48wdL15rZJC0ZBCyDAGQYCnEWYzgmUfPIhEhuyF1F5poVmmwCrVkNnJtWXL9Ah+Ulye63pHa2knez+WLvdTpXycDzUBnoLWZeUnG6/KsCk3+SxSe6kpdOa6iJBLZRFSVE/MXUwM30y9C4kxvR24s869LsktFyeRSf2S27k888/l4dTxvTTlscASB/0rezMO4DpOMltojJ/IBzRV06i40Mz+6mpL5dVY5joqmH1LEx6jSmpGdw/dIhmA5A9XHiCpWvMrboBWHBh8bths4VBgDMMBDiLUIWKFEIeSwrpzccff3xmR1a2CTCDTpLI5UgIEzkkI8lwVpIrWRTPhfszGdncfhJdWa3/0Ek15YGzMB0zTKRyhjM/MZLPM2duE9DvtnyNgfO6K7VZvtLABSwagDMhfXV6gvJJAshvqSYQDMvnBrz+0LHDT4/i6cTioeK6xnBZNYZZrhpWz8JcVw3VQIBBdnLhrsVrzGdfvLptAkxgFDQBAc4wEOBswagoMVLp3EudbBbgM1XfYrHI0sSQIsrqBJDtyFIDF+7PNJIT7b93717q6hvj448/lu9k4Msvv5SHE5P8E6PfoiT9zyp0mfKVBlL0Z4HphVxgHDUAyaGvry5v0OEOsC+yEXoevyfRN13y51gPMNE5uq1ILyXOVNUw0WVhxSzMctUYiyHAIDu5CqO46txOY7nwjGUf/vaLRP8VzTkgwBkGApwt1NTUyK/kp5y3g+tMslaAz7RHgfq+Rs60R4KMy7QndiXp2ryCXG//hSFFVN/0/fffl4cTk+QTo4/ivG02HQSepMNcRR1hcbHffwDOhPSVBNhnkFgiRM8MT1Onb3I3dfVlosvCitUw0WVhxSIQYJC1fPbFK6YE2Zybt7RPimAUNAEBzjAQ4Gzh/v378lv5KWKSpDSSnQJ85upNMRLdB0uk0iEpoKbK1xjo6emRhxOT6+2/DGrv6w9/+EN5LDGJPjHS6QvMO2Xq4fSrKA+fhen451T+6ADABaCvZKS7Tk+QTFjsiUSjHl8otvqRWCQpxa9uw7P7l/ReCqtnYaLLwopZCqsGtnaPZFsByCZyqxO4pWtUtvv28ZNf/IF9GinmxnxoEOAMAwHOFtSbLd95550bPwT63r178nAKkALJl8Vzrm5AtaedSD7TmCDX238Z1MmrUjHPRAJM+2XFOTFdEDjFQd3q+GfS6fT++wLACMktGa58oj8lGXZ7tRuDab/LGzx2+k1vABaQHouQJTcPbjDnjIVZrhpWz8JEVw2rZxE1lsrB1Y092W4Asoxc6QS+td2/AoyChgBnGAhwtmB6D3B6Z+jJNgFOfQbmGGof4HkHiqvzIROpzCOV6+2/DOokzHQh8lhiTAX4MuMaTBcEJrOVhxNDPyZ1/PO5/ngBQFogm6XHQEjTWuG3Yr8KVdBR8b1uZG7/m6JRRT656xrDillifpsorJ6FFeeVDy7haxbIVsgrcmI9pNvc/UtcWP9uzChoCHCGgQBnEaYrvqbRgbNNgFMfvxpDfevzXoLpHxpS6ZPM9fZfBlOVlccSo76KtPlc01YxTD02lYESpt3mtFMeBiDjGL+w0Tbprj4gOu5rnM8vh0zTY3HT/Kl8ctc1JuaoicLclYUVs7DiWJ5Z+6fn10WbAchCLty7mLH8/k/f3ebuX8GF/05xMzQPApxhIMBZhOkstQTtT8tctTdAgO/evStffMoFLkHthr0N7b8M6RLgC3xiDNN/I2eOAKfPR5aecoHeewDSSDAUodAGqa/bG3R5g8Y7hAk66vIE3b6g2FnRvsxcl4XJKgtTVhZWrIbVszyz9kGAQZbzr+/9hrlB9uQHd395fOKUDb3FXHjd5puxdhQEOMNAgLMIu92udnAJyHnoS/wlJ/u9AQKclku4ne2/DNkjwKbrEicfzEyi+84778jSU1KfugyAtCNGNvsDYbJc8lt/MBwIhsORqN4HrB2i/V5/iJRY7KQ9MytHf7OMMumlMFNlYaaqhtWzsGIlQyKPivt7hua0CwMgWyET+Id//hnTgyyJrbpDtvJ2c8tHQUOAMwwEOLswnavWyHvvvWexWGT1OUmLfRG3UyBvqgDb7Xb6rXv27BldIEG/YNQkhvqOhHx9YtLyiamodwp873vfo6uQhxVMxz9f9bzZACSBjJfUluLzh8h1heKSA9M2PYpDJMCBYIS0mLbp6IHd+23ReHZ4L0WqLwQY5BAtXaNZOBAag5+N3OZR0BDgDAMBzjq+/PJLdYwr486dO59//nmSL/2mkMnI159Ce+Sx83A7BTLX288YGRmhK1LXN0odeaLEXJEA02++PJ2BJAsa3bt3TxadksoaTgBcHWS2voDW5UsbFBJgocHkutpGRHtK8Qe0nmFx6MDu+6ZwjJmqGsVU48KKWVixWeK8N5bvCvubOibktQGQxXz1sCSrHPjD335B/+Bl48AlRkHTT1aeImeBAGcYCHA20tPTYzohFoM8+ZNPPkldg9NiX8TtFMgbI8AtLS1qMy6APF1irkiATVeTSvQx+nw+9c9J1DB5GICMI3p3RTdvLOS6pLmyQq8RAkySTI9RfVXh4qYFpqyxKKYaF1ashtUr4cZrzJdvBr8t6G9oG5NNByC7+dlHf2aScF35l5/++sjukM0COqOTixeTwB/c/WWud6RDgDMMBDhLIa0luVXvXVS5c+dOivPZpsW+iNspkDdAgMkGqVK+5tLIkybmigSYeO+99+QZDZhOFGexWORhA5e8lx6AyyC6f/3BsJj4irw3EAzTBj1SqICkl+Lzh0h9Y3cC0351NWDFVHlYPQsrVsJdl4XUV+Tv+QOVDQP6xQGQ7ZAm/eQXf2CekPnAfhNxa0dBQ4AzDAQ4qyEN/vzzzxPNjGUkldVQ02JfxO0UyFxvP/0uqXNQJ4JaZUR9R0KeNzFXJ8CmWmu6YJg6/pkuRx4DIOOQyp64/EJ9hdxSSHTFo+gNppAk06OQZNqvjYGORvPr51IT1zjLVcOKzcJd15iY98bytWWgvL5fXiEAWQ/9a7rwUNu05N9//p+w30Tc2lHQEOAMAwHODegbv/pVnvHll1/K6gTQV39ZesrFZOB2CmSut1996xj0q2Wz2VpaWhKttqVeOyGPJebqBNh0Yud3331XHj7FdPzz/fv35WEAMo7bG7Q7/RSPT1v66MQVEIpLrqvPeqW5rhj2LPqBaYO+rJMM02vre9cUU40LE10WVmwW7rrGMOk15m95A7ZqzCoHcgn6Z/U8vy7tvpFKfv+n77DoURLKarsu9nP54MPP6Mcqz5KDQIAzDAQ4lyA/+eSTTxJNkUX7Z2ZmZKkZabEv4nYKZE6339Rg6Rfm888/T2WJ6WwTYMJ0QWD2+692FNMln3fqOADSCHmtzx8iAT5x+R2ugO+075dC+0mASXr1HmCtN5iOiq7gYEibKHpzz/XYNqFYKxddNaxeCXddY5jrqhFlJZWd8goByB1GJhYyuTbS93/0wTNLbU5LWgYgD7zwDyWn/7IAAc4wEODcg4zF9Ns/cffuXVlkBmmSrDtF7TRLhVsokETutt+0v5RUsKWlRVacRRYKsOmCwJ9++qk8rKPeKvz+++/LYwBcH8KBnR6t79cteoD1CNelR92BtW1RT1YciUTXd50PSsaN7spEl8VYaZY40VXDRJeFFVtrej1ev2gtADkEKdNHv/sL04aryL///D+XV7flu4KkXPgn8jy/Tp4iB4EAZxgIcK5iuhgMQbYjKxRUAb6YkNw2gRTkbvtTv2M2EVkowIQ6U7rx/Ha7XR0rQR+FPAxAUrQu16uEnDYQDDs9AYrLG/TqU175tXmwIrSHrDisa7Cs1plYOPg6f4TclYkuS7zlmibOXVmY6LKw4lhsNX12h1s2FICcIhqNjkwsfPjbL5g8pCukvi1do+j4TZ3bOQoaApxhIMA5zKeffiq/1xsYGRmRhxVUASZDkMfOw20TSEHutl/9uRPnmgk5OwXY9G9AsW7tZ8+eyV2nvPPOO0n+PASAESafVwQ5sMsTdPv0eIMkwOIm4ROXn5RYFp2ysu34tjjhUsCK5arh1moME101rJ6lpLpv//BENhSAHITEiTT1wlMQm4bUt7SmE+p7Xi6sgt//0QcQYGMgwEmAAOcwpqNAk8zxk8ptk2dC4qSOp4UAp8i1tF8dCUw/QXksNbJTgHfMFgSOTYeuXnUqM6UDIIgNP75qyHjFLb5hfapneojoA57JwMmH6VF0DlPl4Mwek14RRXRZuKwawyxXDavnoQI9lor+1Y09cUUA5C70b5CU9fd/+o5UirlE6qHXkvp+9bAEk11dmFs4ChoCnGEgwLmN6qJkHfKYArmxLDJw5tzRRkg5VPsiIMApci3tV4cKn/dNs1OACVO39/l89Iuqjn9O/Z5nAE5c2jhk+eQqEborn8RDSkyhZrj0lrQOxa0DrIguiyKr8WGiy8KKeU69N5ZXpX0Ly1ui2QDkOtrfonQT/uyLV//y018zqUgUqiRzHplYIO+ll8tzgQvxoqD+Yjb44W+/yNEPHwKcYSDAuY0qwEmE1rTHOPV5sOx2OxXLl8UDAU6RLBFg2iOPpcb7778vX2lAHktMBgTY9PZmm82m/q0n7W8NbjahcMTj03tmrxufPlEWmXBN92oK3ktRfNUQJrosrNgk8d4by5Oinum5NdliAG4KughrkNaSDz/PryMlJsX64MPPyHUpXz0sof0tXaNUICrlK8HluIWjoCHAGQYCnMPMzMzIb/cGkkzzQwYri+KpqamRFYlJYr8EBDhFrqX96psSqd8NSyeXr4lHHk5MBgTYdILre/fuqZfMJogG4EyCIW3JIvnk+ohEoqIZDWesA6zIqiFMdNWwep543WX5a97go+LenqFZ0WAAbjDCcmPIveAK+Nf3fsN0LsW0dI3KU+QUEOAMAwHOCuh7PH1lJ9O4/NREyZd1NXUhMtvki6OOjIyo0mUEApwi19J+U4NNcei76WsFsiIxGRBgQr2zXR38TJz3XncAwqfmeb2IZgSCkerOFUV6KYqsGsIsVw2r54kXXTWkviIPCvtaeyZkiwEA4NL89ZH1Vo2ChgBnGAhwVmAcnPzJJ58kl1iB6eDPM23K9DZggswkkXuTKamdbAwIcIpcS/trampknQGyxOROSEfv3r0rq82QdYnJjACbDuxnJF8fG4BsRtwGHA5HBqd3/2rRlkE603spTHRZWDFPvOWqiXlvLN8WDDS0JVyAAAAAzsttGwUNAc4wEOCsoKWlRX5VP+XevXuJRiaTmSTqlztzmh+73X7nzh1ZHQ9ZLrm3zWYT+j0yMkKOrd4+SqgzD0GAU+Ra2u/z+dSXEPQT//zzz9Wx0PQL8Omnn5r2oxqR1YnJjAATpr+lRs410xsA2UYoHCEB9gfCr6tnuKzGh4kuCys2SbzosjDpNeab/P7y+j7ZXAAASAcXXpUqF8UPApxhIMBZgSrAMcgZyJE+/vhjkhzaSNIpRzIjT5cUdX3Uc0HvorYWApwi19X+M3/ByHjpAj/55BO1hQL1TeWpE5MxATZdENhIKkMqAMhawpFoMBQJBMMF9bNcWfUw0VXD6nniRZeFua6ar/TYarplcwEAIB38x2cPmNGlmM++eJVzncAQ4AwDAc4K6Au6/Kp+Ud5//315rhRQu3BThOSZXg4BFuR6+1Pke9/7Xk1NDb2FfH6KPG9iMibAyf/50G+7rAMgByH1Ffa7tuN8Vj5pFFdmuWqMxSaJF101THRZhPfGYqvuDgav/5ZpAMCN4VaNgoYAZxgIcLagCkbq3L17N/ksVgyfz3deB75z505sSDYEWJBb7SeS39NrCv3cR0a0W/uyWYCJJL/PSeZFByDLoe9wLm/Q7Q16fMGG3tW/5cu7f5nosrxVXNPEW64aJroszHtjsdb20hc42W4AAEgHt2cUNAQ4w0CAs4hnz56pbpOcd99912azydefB3LgVO7zFJD8GAUbAizIrfYL6Hcs0U3gDPrdoN+Q2B3CWS7ApnPCEXQV6k3OAOQKmgB7goFgOBKJ1navMNFl4aKrJl50WZjosjDdVVNU1be1cyjbDQAA6eDCo6C/elgiT5EjQIAzDAQ46yChvXfv3pmWcmH1NSLm00o0yTPt//jjj9W5gnd2doxrAlNTU+lkI202mpvwK3ksZeiNjJ8MtfAC8xuRmBnN/5a0PwYJ4eeff57oh07QZX7yySdsVnD6ZTO+hH4x5IHEpOUTSx36VyPfyUDqfxoAIAuJRKN2p9/rD4VCkSQCzEWXJV50WZjoqmGiy/NmQORVae/C8qZsNwAApIPW7rGLaeG//PTXuTUKGgKcYSDA2QuZZ01NDdlOjPv375NUnGut4BSh05KJybf54x/FTFfoOrvZ0M+Xfsokz/Kn/sc/0rYY8JyL0C+wtF4DiaZSByDLIfWNRLT4A2GRmq5lo/Q+KZt4VTXFXdcYxXVZmOiycNFlOfXeWB4V9QyPL8rWAwBAmrglo6AhwBkGAgwAuAmoiyHduXNHHgMg1wgEwycuv8Pl9/hCwVDE6w/FeoBJbh9axys7looa5uKMVyTectUw0WXhoqtGUV+R7/L7WrvHZesBACBN3JJR0BDgDAMBBgDkPC1m6zxd6YhrAK4apztw7PSRAPuDYXLg+t7VmOXeLxp9UjrxTeFIbI8WxXWNYaLLwi1XjWK8xvw1b+Cb/L7qxgHZdAAASBNltV0XM8MPPvwsh0ZBQ4AzDAQYAJDzmN4AnLvDuQEgwpGowx1weYJef8jtDbJFgJ+UTchtxXWNYaKrhosui+K6xpD3vo1lwFbdKZsOAABpgszwH/75Z0ztUszxiVOeJeuBAGcYCDAAILfZ2dkxzgom+OEPfygPA5CzRKNRMQW0PxAub1uM2e+Z3kthosvCRZdFcV2WOPU9ja2qE0sBAwDSzke/+wtTuxTzPL9OniLrgQBnGAgwACC3MZ3+6vPPP5eHAchZotH/cnuDvkDI6w/JIdCnfvugePRF+WTsaSxMdFm46KpRXNcYZrwstuoe+g4nmw4AAGniNoyChgBnGAgwACC3Uae/InZ28N99kPNEItETl7YM0u6Rp7pzmfz2ftFIXs30I+vYw5KxV5VT2eC9f6UCPUWVfVs7B7LpAACQJi4sh9//0QcQYGAKBBgAkMOYTn/14x//WB4GIJchAXa4/G5vcGPXqS16ZBDgVLyXwkWXRXFdY7joqjlVX5HXtt6FpQ3ZdAAASB8/++jPzO5STK6MgoYAZxgIMAAghzGd/urZs2fyMAC5jBDgQDBsd/or2haF9Kaivlx0WRTXZeGiyxLvvbE8LOwZGJmTTQcAgPTxoqD+wqOgW7vHKKOTi6vru1l7mwYEOMNAgAEAuYrp9Fe0x+fzyQoAchkSYFJfjy8YDEXqulfIex8UjzLXNYaLrhrFdY3hossSr7tq7hf01rcOyaYDAED6uIwf0gtZ/vW933z0u7989sUrEmP5BtcNBDjDQIABALmK6fRX9+7dk4cByHGi0ajbG3S4/C5PoK57mRS3fXijtGXeKL0UbrlqFNc1houumnjR5Tkt+9rSX16DlZAAAFfCP/3br5jgXT7Ch0mGXxTUy7e5JiDAGQYCDADIVUynv6qpqZGHAch9otH/cnmDTl2Avy0czq+dsdRMp6q+iusaExPXhDFarhpWrKe0qgMrIQEAroK/PrKmXRFjoTOTYH/2xavrmjQLApxhIMAAgJxkZmZGKq+BO3fuyMMA3BTcugDXdC4VNcySA1/SeynMWnmMlquGFcfHVtN7dOyQ7QYAgPRxFYqoht7iPz57kHkNhgBnGAgwACAn8fl8d+/eleKr895777W0tMjDANwUwpGoyxucWz2q61kpa1v4e8EwN95YFNc1hskqj9FyTcPqWd70U/LKepZXt2S7AQAgrVzFKGjT/MM//yzD00dDgDMMBBgAAADIaiKRqNMTqO1eLmmae1E5mU7vpRgtVw0rZtG9N5YnRV1jkwuy0QAAkFb+47MHzPGuLqSjP/nFH45PnPK9rxgIcIaBAAMAAADZTiAYLm6cK6iffV4xkW3eG8uD/J62rJlVFQBwkyBFvPBqwBfOP/zzz0YmMvFHPQhwhoEAAwAAANmOPxguapzTRkG3zjPXZeGyymK0XDWsWI0ivcb83dJfVd8jWwwAAGlidX33v//P/80ELzMhLy29+vntIcAZBgIMAAAAZDXhSPTE5bfUTj8vn3hTPcWMV4SbKovRck3D6lkU1zXmb3kDsdiq2sORiGw3AABcmtHJxf/2P/4Xs7tMhtS0pWtUtuZqgABnGAgwAAAAkNVEolGH21/fs/J1/hDlHN5LMVquGlbMorgui1F9RUqru05OXLLdAABwOch+/8//6+dM7TKfq3ZgCHCGgQADAAAA2U4oFClqmMmQ91IU1zWGSa8xRVW9G5t7stEAAHAJssR+Ra70fmAIcIaBAAMAAABZTTSqzQJdWK8JsBDUJ6VjeTVTb301FqPlqmHFahTXNYa5rhIq6H9a1DU2MS/bDQAAF4Wc8Lru+02Uq3NgCHCGgQADAAAA2UskEnV7gw6Xv7hxNmaqfy8YIh++XzR8Kq5n5fSF5lFc1xhFdNVo6ivyXUFvc/uwbDoAAFyUTC56lHrIga9CLCHAGQYCDAAAAGQvJMAeX3B58+SJbSymrA9KRv5mGfybJd5y1cQU1zSK67Ioosvy1ntj+bulr7SqXTYdAAAuxF8fWdMuhOnKzz76czQalQ1NExDgDAMBBgAAALKd3okto7vWdC7Zmufyqqe48YoYKs2juK4xiuiyxBmvmrLqDo/HJ9sNAADnZHV99x/++WdM57IqaZ8QCwKcYSDAAAAAQFYTjkRLW+Z1cZUprJt5VTn5TcFQbI8Wo+KaRnFdYxTRZYmzXJO86RMpruze2tmXTQcAgHPyf/8/nzKXy7b807/9Kr2dwBDgDAMBBgAAALKavSPP3/PjXPfrvMHviobf7mGiy6K4rjGK6KqJF12WU++N5UVx59TMkmw6AACch7Larqwd/GzMVw9LZIvTAQQ4w0CAAQAAgKxmfu34resaw0SXRXFdFkV0WeJFl0Xx3lge5ne1XeWCmQCAG8zPPvozE7nszPd/9EEaDRMCnGEgwAAAAEBWc3TitTXNpeq9FMV1jVFElyVedNUoxhuXvL6/W3rLqzEPFgDg3IxOLuZE96/I7//0XboGQkOAMwwEGAAAAMhqQqFIffcyt1w93xQMvaiYkE8V1zVGEV2WeMtVw0SXJS8upZVtwWBIth4AAFLjo9/9hVlcNuf7P/oAApyjQIABAACAbKd1cC0mvbHcLxourJ95VDJS1DDzbcEgM14RRXTVxIsuCxNdlnjvjaWksnt371A2HQAAUiD7J39Wky7JhABnGAgwAAAAkL04XH67098/uc3sl+T2fuHQw+Jh2nhiG/1aWxP4XOobL7osTHTVKNJrzCtr19z8qrwAAABIgWxe+zdRPvztF2npBIYAZxgIMAAAAJBF0NepUDgiNlzewNDMbufIBgnw/aLhmPpSHpWMfJNv0uuriC5LvOiqYaLLorhuXE7LHhZ0tXWNiMsBAIBUyJXpr4xJ1yhoCHCGgQADAAAAWQTZ7+aec3X7ZG71aHHjeG7taHrpYH7t+HXVRMxyHxQNF9ROfWMY9qyIrpp40WWJKa5pmOiqia//e15veXWbvB4AAEiBf/q3XzGFy4k8z6+TF3AJIMAZBgIMAAAAZAvhSHR9xzGxuD80vTM0s7uwfkwaTOmb2Hqgj3aO6W4Weq8xpVXtHo9PXhUAACQlt+Z/NuazL15dvhMYApxhIMAAAABAtrB/7GkZWCMBXtqwkwMvrh+Pze9NLOw3969+fSq9qalvvOiyKL7Kw0SXhRXH5+s8LUUVXavr2/KqAAAgKbl4A7DIBx9+BgHOOSDAAAAAQFbgD4SPHL7x+b2+ia2R2d2pxQMtSwcL68fDM7svyscv670UxVfjwkSXhRUrEeor8qSoc2RsTl4YAAAkJRdvABb5wd1fQoBzDggwAAAAkBW4vcFwJHri8mvjn6d3Jhf3Z1YOV7ZOyIGb+1e/KxqOie6zsrH7hUOxp3oU1zVGkdW4MNFVw+rjY/TeWL7L765p6JEXBgAASfnJL/7A/C1XkpZ5sCDAGQYCDAAAAGQRm3vOnrHN6aWDhbXjxfXjiQVtOPTc6tGryomY7hbVzzT2rnxTQA6suK4xiqzGhVmuGlYfH2a8amwVLcFgSF4VAAAkJkdnwBK5vGpCgDMMBBgAAADIIrb2nGS/ixvHk4v7JMDza0exqbDuFw59bRksa5l/VDKcVz35qnKcG6+IIqs8THRZWHF8mOWa5E2viK2qa3fvUF4VAAAkJqcFuKVrVF7GRYEAZxgIMAAAAJBF7B25yX5nVw7JeEfn9kZnd0dmdzd2nTuH7m/yB74tGGwbXHtsHSHRre9e4g6s+GpcmOiysGIlXHRZTr03lpclHVMzi/KqAAAgMTktwKU1nfIyLgoEOMNAgAEAAIDswh8IL2/a24fWSX1pY2XrJBAMb+w6vrZolvv3fHnH79PS0RflY5f1Xgqrjw8XXRbFe2N5mN/V1NovLwkAABKTdv3LZNADnHNAgAEAAICsIxqN7h97vL5g7KnLGyiomxLqK6PIalyY5aph9fHhoqtGMd64UIGlr7yyVbQfAACSkNMCPDKxIC/jokCAMwwEGAAAAMgNOobXyXuf2kYeFA0xX40LE10WVhyfOMU1DRNdlvhiW1X7yYlTth4AABLwD//8M+ZvOZTLqyYEOMNAgAEAAIDcYPfQ/W3BwHeFg9/mDzBx1cJEl4UVK2HuysNEl4UVnyavtHNufkW2HgAAEvCv7/2G+VsOBQKcc0CAAQAAgNzA5QmUt8wxceWiG5/7hYPPy0b5SwxhysrDRFcNq4/Pw/yu5jbcBgwAOIOfffRn5m85lONLj3OBAGcYCDAAAACQMyyuH8fc9buiwYfFQ8x430av+bul/37BYOwlsTBTNQkTXRZWzEMFeiy9pZXN4UhEth4AAMz4j88eMH/LlfzLT38djUblZVwUCHCGgQADAAAAOYMmwKeK+6B48FGJIsCK6xqjmKoSJrosrNgkp+p7GltV+8HBsWw9AACYUVbblXYDzEw++PAzCHDOAQEGAAAAcoaVLftDVXopiuuyKKYaHya6LKzYJHHSawxWAwYAnElr91iOCvDz/Dp5DZcAApxhIMAAAABAzhAIhut7llJXX8VU48NEVw2r54lzXZ43PZSH+Z2NLb2y9QAAYMZVGGBmkhbPhABnGAgwAAAAkEtUtc9f1nspTHRZWDFPvOiq0dVXJq/HVt4YDIZk6wEAwIyPfvcXpnDZnx/c/eXlxz8TEOAMAwEGAAAAcgb6rtU6sPp3Sz8z3melo49KhhVTVcJEl4UVmyRedFmM3muIrapza3tPXgAAAJiRi7cBp+UGYAICnGEgwAAAAEAuYXf6SHeZAP/dwkw1Pkx0WVixSeJFl0UxXpYXxR0jY7Oy9QAAkIB/+rdfMYvL8rR0jcqmXw4IcIaBAAMAAAC5RDgSbe5fEd6rmGp8mOiqYfU88aLLooguy9/zekUe5HfVNHTK1gMAQAJyazGktCyAJIAAZxgIMAAAAJBj9E1sKrIaHya6LKyYJ1501Siua0zMe42xVeA2YADAGYxOLubQKOi0zP8sgABnGAgwAAAAkGP0jG0o1qqHiS4LKzZJvOiyKK5rDDNelqLy9tW1Ldl6AABIwM8++jMTuezMD+7+8vjEKRt9aSDAGQYCDAAAAOQYfePxPcBMdFmMleaJF10WxXVZmOuyiJrHBe2tHQOy9QAAkACyypzoBP7si1fpGv9MQIAzDAQYAAAAyDEmFvY0cWWiqybOctXEiy5LvOWqYaLLwoq/zuspxShoAEAKkFsyl8u2pLf7l4AAZxgIMAAAAJBjbO467hf0c92NhYsuS7zoqmHuGh8muiys2BiMggYApEI0Gs3m6aC//6MPmjtHZFvTBAQ4w0CAAQAAgNyjrnNB9d4zFkMyWq4aRVmNYaKrhtWz/D2v50lhe3dvepYMAQDcbFq6RrN2IHR6Bz8LIMAZBgIMAAAA5B5zq4cPCgeE98byonz0UfGQcY+eeNFlUWSVxWi5algxC3lvLA8KeksrGsORiLwAAABIzEe/+wszumzIBx9+lt7BzwIIcIaBAAMAAAC5RzAUmV46eGwdVnQ3FsV1jVFklYWJLgsrVhPz3m8svd/m00u07ZLKto1NfCcDAJxNNBr9yS/+wKTuevP9H31wZHfI9qUVCHCGgQADAAAAucrk4v43lv5zeC9FkVVjmOiysGI1Me+N5XHJwIuyYbH9pLCtuzfN984BAG4qWeXAZL+26g7ZsnQDAc4wEGAAAAAgV9k/dn9XOEDe+21+/zf5Se1XkVVjmOiqYfUsMd1Nnm8t2lzQGAUNAEiR4xPnv773G6Z2mc+V2i8BAc4wEGAAAAAgV9k5cGnTQef1PisdflwyFGe8IoqssjDRZWHFLMxvU4mtonV370C2HgAAzuLaHfgqpn1mQIAzDAQYAAAAyFVIgLnxiuiC+sw29KRkMOarxjDRZWHFapjWitDbvakcZTtZnhW29Q2My9YDAEAKkANf11jof/npr5dXt2U7rgwIcIaBAAMAAAA5STT6X9v7zoq22YfFA0x9Rb7J66XEnj4sGnhqHWKua0ysMlGYzRrzvHToVcVI7HZf87zp/javE6OgAQDnJRqNfvbFK+Z4V51///l/XtGsVwwIcIaBAAMAAAC5SiAY3txzPLEOMVNlEX77oLCfHDimu8awehbusWZ5XDwQm+2Z5023MbbK1oODI3kBAACQGuTAIxML//Rvv2KmdxX5/o8++OphyVWseGQKBDjDQIABAACAHGZ2+eC7gn6mrLG8KBv5xhLnuvT0VcXoN5a+tHhvspwa77eWntflw9+c7nlZ3Do4MiFbDwAA54E0+KqXCP7wt19k2B4hwBkGAgwAAADkMB5fcGh6S3FXzXUfFg28KB1+XDxI249LBsmTaeOpdah9cOV56TB7iTFcZc+VN91PSwYeF/cL3aV8k9f9pmLkuW1QPL1v6SyvapKtBwCAcyK6gklTmfJdPv/+8/8cHp+n88t3yhQQ4AwDAQYAAABym4n53VNxjevsfVDYb22cIgem7We24W8tfaLsZbl2s67YNoar7Hlzarx1nfM17XOxpzJ5b2OrbMEoaADAZSBNJb56WHJ5dfz+jz4gnSapztiYZwYEOMNAgAEAAIAcJhiKTC3ukd/GvLewdqKkYaqgdqK6fW5m+cDaMCX8NvGM0JcLE9033Y+L+/OqRuVTg/fG8rK4dWJqTl4AAABcAtLg5/l1v//Td//y018zCUwe8t5///l/0mvJe+kk8nTXAQQ4w0CAAQAAgJxnYe3wvj7CuaF70ecPub2BY4fX6fbT9ujMtrhJOK9q7HXFKOWKvJfyTV73g4I+bVuRXmO+y++sqG6WTQcAgEuj9wdHSWVLazpJhslsKT+4+0sKiS4JIT2SIX/w4Wd09KuHJaK/93q9NwYEOMNAgAEAAICcJxgMV7TOVrfP+QOhYCi8vnOye+g6OvE6XP79Y/fIzDZ57zd5vY+KBspbZrjKnivxxsty39L7umKY6W5c3nSJlFY2Hh3bZesBACB9CBlOgqzLGiDAGQYCDAAAAOQ84XBk78jt8QVpOxAM7xy41rbtG7uO/SP3scPr84dWNo/zqkaf2YYeFQ9wp00xiu7GhYkuy6n3xvKyuGVialY0HgAAbjMQ4AwDAQYAAABuApHI224NtzewvnOyumUnE949cDk9ftJjst9vLIrWnhkmuixMdNUo6ivywNJeXdcimwsAALcYCHCGgQADAAAANxBy4L0j17HDe2j3OFz+jd2Th0X9XG6ThIkuC7NcNYrxGvNNnna3cGl5g9Ppls0FAIDbCgQ4w0CAAQAAgBuIzx/aP3Zv7Tt3DpwuT2Bt2/44lcHPTHTVMNFlUVzXGOG9sbyxtk5MYhQ0AOC2AwHOMBBgAAAA4AbiD4TWd05WNo9PnD4SYI8v2Du+HhPd1xUjlW2z31p6Y3uE3z6zDj4u7n+ru7Ew0WVRXJeFqa/IA0tneWVjOByRLQYAgFsJBDjDQIABAACAm0koHHG4tLt/j068xw5vx9AqiS5J74uy4ZqOuTeVozHvjaWxZ6GiZebtHia6egpqxmxNU/Kp4rqUkvpxS9UIbTDj5XnTZS1r3trelc0FAIBbCQQ4w0CAAQAAgJvM/pF7fefkwO5Z2jgqa55+XDJga5yKKe6Dwr6HhfrKvXoauhfKm6djrmsaTYAbJ43Gy1JYM/a4uJ/rbiwkxqd5mt/a0tYnGwoAALcSCHCGgQADAAAANxmfP7S569g/du8eupp6Fsly71t6LFWjwnhfV4xMLe6Vnipxcf1EeUtiAd/LLZEAAEw4SURBVFZc1xguumoM6htLaXm9x+OVbQUAgNsHBDjDQIABAACAm0w4oi0RvLplP7R7JuZ371t6yUVflg2R9L4oHXpQ0DcwsdHctyQU11I9+rpy5K3xiiiuyxJnuWrijZfFYm3GVFgAgNsMBDjDQIABAACAG442Ida2fefA6fYEGroXRGevrXHyqXWA/PZbS4828RWTXhHFdY3hossSL7pqvs3T8sDSXl7ZgKmwAAC3FghwhoEAAwAAADccry+4ve/cO3R5fMH6rvlv83tKGiYeFPUJy31eOng/v/et9F7Ie+9ber61nD6NF10W4b3GWMsxFRYA4PYCAc4wEGAAAADghuPxBuxO3+6B88Tpq2ideVE2NDKz9bJ8WOjuw6I+UuKLeW8sr8uHO4dWLFUjTHdjYdJrzNOC1pa2XtlWAAC4ZUCAMwwEGAAAALj57B+7t/YcOwfO0dnt8pZpS/Xog0LZA2xU3Ni2MUbRNcmp4hZUjz4r6Y89FWGuq+YbPZgKCwBwa4EAZxgIMAAAAHDD8QVC86sHJMAOl8/rD04t7jH1pTwq6rM2TBj3cNFliRddNUx0WYT3xoKpsAAAtxYIcIaBAAMAAAA5htPt9/lD0WhUPk9KKBzZ3D1Z3bbvH7tPXD6PN7Cyefyt0tl739L9tKSfNmKK+7i4v6xp6n5+T2yPTLzoGkMnuW/hrmsM895YHljaKyobZIsBAOA2AQHOMBBgAAAAIDc4snvIXRfWDrtH1gYnN8fndg7tHnksMeFw5OjEc3Ds3tg92TlwOlw+0uDmvkWSVaMAc8vVZ4d+WNT3dk+867IIvy1tnCCLjuluLEx3TfKm01begKmwAAC3EAhwhoEAAwAAADmA0+0n723uW2rtX+4YXGkfXGnpWxqY2PAHQuHIGWsIBYPh9W370sbRscPr8vjd3sDeoctSNaKq7zPb4JuKYeMeJrosTHSfFPd9l99t3MNFl+VNZyxPC5o7OvtkiwEA4NYAAc4wEGAAAAAg2wmHIyMz2639S51DK28zvNIxtDI8syW6gpMMiI5Go3tHrtWtY20iaJePiumxa3g1TnT1lDdPPxK9vorrshgtVw0XXRaD9xpjK6v1+fyy0SAr+eyLV//0b79CECS9Yfp6+UCAkwABBgAAALKdY4e3bWCZdFd4rzFtg8vNfYtzqwey1IxINHri9K1sHi1vHK1t23cPXXanb2Zp71sLv79XG/OsuK4xTHRZuOiqUaTXmHxry9T0nGw0yEr+47MH7Hs2giBZGAhwEiDAAAAAQLaztHHU2r/M1FekfXBlZGbL5QnI0gS4PH6y3wO7++jE43T7HS4fSXXv2Npb+1Vc1xgmuizcctUormvMt3kyj/LbKirrZYtBVgIBRpCcCAQ4CRBgAAAAINtZXD9sG0gkwMtjs9snLp8sTYzXFzy0e7b2HHuHLtJgnz+0unX8snTwSXH/fYu5ADPRVcNFl0VxXWNi3muMraxhawvf27IXCDCC5EQgwEmAAAMAAADZzs6Bs7lvsW1Qc+Du0TVtLDTZrz4iumt4pbRxcm4l2RBoQTgS2T10kQCfOLXbgNe37XTagYmNZyX9BdWjpup739L1qmywonnqUWGvcXYrLrosiuuyMOk15hmmwspuIMAIkhOBACcBAgwAAABkO4FgeGn9aHBys6V/qbptpn1wuW1gSTySwZLNhsNnTARNON3+uZX9pfVDrRP4yHXi8tFpx+e2SXfvW7qf2wa+s/TEFFfkQX6PpWqkoHrkTcXQ05J+LrpqFNc1hrkuDxXosZXWYCqsrAUCjCA5EQhwEiDAAAAAQG5Avrq8cTQ8vUkGu7p13D+xXt48tbRxJA+fRSQSJeml165sHJEMuzx+rz84Mr2VVzFcVDv2zNrPVjAyhosui+K6xnDRVXOqviIFtuapqVnZaJBlQIARJCcCAU4CBBgAAADISTz6cr6RJMsfmUEWTep7fOI5snt2D53kw7aGie8s5urLRZdFcV1juOWqiffeWB5Z2ioq6lLp0waZBwKMIDkRCHASIMAAAADA7SISiR7aPUcnnhOnz+MLjs1uPy3pS5f3UrjossTrLo9eYyuvX1hYls0F2QQEGEFyIhDgJECAAQAAgNtFIBgmAd4/ch3a3V5fcG3bXlA9crb3UhTXNeat4prGaLmmMRQXVfbU1LbI5oJsAgKMIDkRCHASIMAAAADA7eLE6Ts4djvdfrvD6/YGaLu8eUoo7lNr/7eW7rfGK6K4rjFGcTWP0XLVsOLTWEvrsB5SFgIBRpCcCAQ4CRBgAAAA4HZxfOLZ2D2xO70Ol+/EpY2C7hldI9H91tL1onRQWxP4+rw3lif5zXX16ATOOiDACJITgQAnAQIMAAAA3C4Ojt1r28f0KOLy+I9OPNOLu6VNk2d6L4WZKo/RctWwYpN0xGIrRydw1gEBRpCcCAQ4CRBgAAAA4HYRCkf2jlzb+44Tl4/s1+Hyub2BQ7unsmWKua4xiqnGx2i5pmH1PG+9N5anBegEzjogwAiSE4EAJwECDAAAANw6wuTAh7oDO30kwB5f4NjhreucZdJLUUxVidFy1bBiHi69LLbS6oODQ9lokAVAgBEkJwIBTgIEGAAAALiNBIJhcuCjE4/T7fd4A8FQuH1gSUjv46LehwXdiqzGh4kuCys2CXddY+6f5kVBQ3tHr2wxyAIgwAiSE4EAJwECDAAAANxS/IHQ/pHL4fLtHjh3D52jM1vFtWNkpy19C6WN4/G+ehomuiys2CTcdY2Jea8xpWU1JycO2WJw3UCAESQnAgFOAgQYAAAAuKUE9U5gst+NHTs9+vzB2eU90tQnxb2PCnvixJWJrhpjsUm46xrDjJflZVFjV1efbDG4biDACJITgQAnAQIMAAAA5DChcGRt237i9MnnKUMv3N53HNo9xyeeoxOP3ekNBMOkwXWds9/ld711Vya6LLEy83DXZWGumyhlZdUnJyey3eBagQAjSE4EApwECDAAAACQk0QiUfLV2eX99sFlcmC5N2Wi0ej6tn1169jp9u8fuQ7tbofL5w+EaKfW/ctEl4WLrhruusYwvz0zr4sbu7pwJ3BWAAFGkJwIBDgJEGAAAAAgJzlx+oamNrpHV0dnt8LhiNhJNnt04nF5AqTHYk8SNPU91u4BPjh20wY9Hp94dg6c5U2TZLlPinqfW/uv0XtjeZDXbrNV+Hx+2W5wfUCAESQnAgFOAgQYAAAAyElWNo96x9a6hlfaBpa297Vpouixe3ilc2i5Y3B5c/fsMcOBYPjQ7iYNPrR79GidwG5vYHhqg+yX8iImwFx0WbjrGsNs9rz59k075U1x/ejohGw3uD4gwAiSE4EAJwECDAAAAOQk/kBocf2QsrXnOLJ7Zpf3qlqnyX4ppMT94+vhiOwWTkQkEj12eEl66Qy7B07adulLIvWOrj4q6CEBLmua4LNhxYW7LgtT2XNFeG8s371pKyurQifwtQMBRpCcCAQ4CRBgAAAAIOdxeQLVbdOtfYuiB5gEeHnjUB5LSjAYJgE+tHu29x1Ot58E2OsLjs5uPS3pfVLc+7J04L6FSa8Id11jmMqeN0x9Y8kvaRxDJ/B1AwFGkJwIBDgJEGAAAAAg09gd3qMTj9sbWFo/XN44om3SzujZN+0m5ODYnVc5XNcx29q/qA+BXiKtlccSE4lG6X239hzUnhOnNzYpNL22pn1GkV4Kd11jmMeeN0x3We7ntT/IayuzlaMT+HqBACNITgQCnAQIMAAAAJBpVjaPhqY2Zpb2SFZ7R9eGpzcX1w53D5ypzFxlij8Q2tw96R5e6R1d7RpeGZrcsDu98lhi6FXUksNj94nTt3Pg3Nl3bO2drG0fkwbXdhgFmLuuMcxjzxsmumpIfWMpstZNTkzJ1oPrAAKMIDkRCHASIMAAAABARiHtnF7cJekdn9ueXd6fWtwdm92mrG3bo5fpBdZXNgoEw063PxSOpHIqKrE7vBu79q09x8GxmzZIwrW5oB3e0dmtypZJ5rosTGXPFWa5aozeG8tjS3NFWVVsymuQeSDACJITgQAnAQIMAAAAZBSy04n5nf6JdVLf0dntyYVdeko+TOYpKzKL3ekVw7CPTzz06HD5KGTCdZ0zL0v7HxV2p9F7KUx0WZjx8rxpL7bVLy4syqaDjLO6vtvSNYogSJbH7nDJf7RAAQIMAAAAZJoDu3tkZotCAjw6q220DSxt7WlLGV0LXl+QtFxskP26vQHa6Bldae6db+yee1U2cM3eS6EaPY/zmivLq9EJDAAA4GJAgAEAAIBMs7R+OKb1/e6Q+o7NbQ9Pb04v7vr8IXn4+nB5/LsHTnr0+oO7h86q1qnWvoWhyfX8qiEmtCmGia4aLrosp95rTJG1bn5uQbYYAAAAOA8QYAAAACCjRKLRqcXdoanN0Zkt8t7+8bXu4ZXjE488fK043b751X0xQzU16U35wOOi7vKmiYcFXcxsk4dZrhouuizxxsvyMK+1orwW00EDAAC4ABBgAAAAIHOEI5HVreOBifWR6c3hqc2phd2phZ3ukZXljSNZca1Q85zassBul8fvcPn6x1afW3tJaPOrhsTGmWGiy8JFlyVedNV8lydjKakfHhqVjQYAAABSBgIMAAAAZA6Pdm/tKmV8bntifmdocoM2ekZWaTtyuSmg00UoFN47cpH9Ot3+4xPPzNJufuXQ67KB7yzcdY1hosvCRVdNvOiyxLw3lgeWtvKyaqcTs7wAAAA4HxBgAAAAIHOQ5Pr8IXLLkenNzqFl8t6x2a3ByQ3akx3+q62l5PMHnW5tLmivL7h36Hxp62O6GwsTXTVcdFniRZeFSS/Ly4L69vYu2WgAAAAgNSDAAAAAwDVAerlz4Jxb2e8eWdnaO5F7swZtLLTb5/b4I5FoS+98Jr2XwlyX5X5em0hZec3u7p5sMQAAAJACEGAAAADg2vAHQrsHTpJM+TybcHsDZOmBYHhn3/GspCcV9eWiyxJvuWqY6LLEvDeWZ/kNtbUNsrkAAABACkCAAQAAAGAC2e+J0+d0awOhG7tnmesaw0VXTbzosjDRZWHSy2ItrVteWpEtBgAAAM4CAgwAAAAAjj8QWt+x7x5qawK7PYG+0ZXvLCbdv1x0WeJFl4WJrhrmuiyi5rGluaKsKhyOyHYDAAAASYEAAwAAAIATiUadbp/d6XW6/S63f2ff8aZ8IC3eS4kprmmY6LKwYkpBScPkxJRsNwAAAJAUCDAAAAAATIhEood2NzkwCbDD5Zta2Hlu7eGua4wiuixMXFmY6Kph9bE8zGsttZX7fD7ZbgAAACAxEGAAAAAAmBAIahN0kfo6XT6Xx+8PhJq6Z7n0iiiuawzzVRZmuWpYvRIqaHtdVN/b0yfbDQAAACQGAgwAAAAAE3z+oGa/bk2AaSMUCq9tHVnrR9LivRQmuiysWInmvYa0ltoqTuxZt5oUAACAbAMCDAAAAACO2xsg3T20u51uvz4RdCAQDIfCEXpqqx+tbZ+21Y0y441FkdW4MNFlYcVmMXrv2zzLb2iqb5atBwAAABIAAQYAAABAHNHof23tnSxvHLo8mv3So88f9HgDdCgYDHcNLZU1jrX3L7wp6zdqsGKqcWGiq4bVK4nTXZ43rRSbtXp7a1tcAgAAAGAKBBgAAAAAHH8gtHfktDu8xyeeE6fX4fK5PYFINEoavLFz/Kig81G+lqdF3YqpxoVZrhpWryRedNXo6ivyOK+psqI6HA7LawAAAAAUIMAAAAAAMIG8d3nj8ODItblr3zlwyPuB3f79I1dZw5gQ1McFnXnl/QZffRsmuiysWEm85aoxeK8xRSU187ML8gIAAAAABQgwAAAAAExwewLL6wcLq/sHx26S4SO72+sLeH1BtzcwMbf1tKiLTPWBpeNRfqfRXZnoshgrEyRedFkU441LXtvDvJYyK5ZEAgAAkBAIMAAAAADM8XgDbo8/Eo3SdvT00eHyrW8fi47fJ0Vdr0v7aIPk9lFBx8P8DqPuGmNQXNPEiy4LE101huK8otrhoRG9+QAAAAAHAgwAAACAc+B0+7d27d3Dy5aKATLbN+X9pMG08bS4q6Ru+HFR53eWNHkvhYkuCyuWaS3DkkgAAAASAAEGAAAAwDmIRv/r+MSztXfS3DNLilvVMmGtH3ld3veosJNkuLpt8llJ99Oirof5HYruxsKUVQkTXRZWzPKm9bmlvq62HrNhAQAAUIEAAwAAAODcuL2Buo4pEuCyxtHajqlHBR3lTWOvbL2PCzotFQNvyvqsdSO0HZPeUx9WfNUYJrosrFiNobjEWjM9OSXbCgAAAJwCAQYAAADARRib3SQBflrc9aRIE92Y7j7R58d6aeslExZ7yE4tFf2PC8iBFWulGMTVPKyehRXrefimuRwDoQEAAChAgAEAAABwEYKh8Mj0xpsyk2WQXpf2PSvujjnqC2vPK1tP7OnbKOIaF1bMwoqVvCioa6xvlG0FAAAAdCDAAAAAwE3A7fHvHjhDoYze+BoKR6pbJ5n9kp0+yu94mK9tiNA27Yk9ZabKEyszDStW8iDvbWyl1TPTM7KtAAAAAAQYAAAAuBnMreyVN417fUH5PFOsbh491RdD0odAK75qjCKrcWHFalh9fIzeG8tjS3OZtdTj8ci2AgAAuPVAgAEAAICbgMcXOHZ49MV6M4rL42/rm69tnyyoGuDKKqLIKg+rZ2HF8WHGq+ZVYW1zU4tsKwAAgFsPBBgAAAAAF8cfCNkdnqmF7ebuWeONvs+Ku17beijCVF9au4trBmPiqiWmuKYxVpqFia6Sllhs1srlpSXZXAAAALcbCDAAAAAALk4gGD6yu3cPHLb6kQcW/b5fXVALKvsrm8fqO6Ye6ntq2ya7hxettUNxlmuaeNFlUUSX5a33xvLY0lhmLfX5fLLFAAAAbjEQYAAAAABcnEAwtLFzvLVrn1/ZbeicelnS/aSwQ8jqK1tPXlnfm7LeuvbJzsHFpu6ZhMOkKfGiy6KILguXXpY3hTVtrW2yxQAAAG4xEGAAAAAAXJxIJBoMhkPhyMGxq61v7qW1+1lRp9FdHxV0dA4u9I2t5Fea2a+hUo0iumq468blzduU2irXVldlowEAANxWIMAAAAAAuCyRaNTh8k3Nb72ydkt9PVXcN2V9hdWD1rrhyubx2M6Y4iaKIrosiusaY/DeWJ7kNVSWVWIgNAAA3HIgwAAAAAC4LOFIxOnybewc13dOv7Xc+Dwv6dY2FNc1RhFdFsV1WRTvNSavsLqns1u2GAAAwK0EAgwAAACANBCJRo/s7pq2SaP0vo3iusYoosuiiC6L4rpxeVvZXGqr2Fhfly0GAABw+4AAAwAAACA9hMKR1r65B5Z0eS/FqK9KmOiysGI9TywNFaXlwWBQthgAAMAtAwIMAAAAgLRx4vTmlffF/DbmuizxlquGi2tcmOiqYfXxyS+q7uvtl80FAABwy4AAAwAAACBthCOR8sZRYbmvS3vYjNCK6LJwWeVhosvCilneNJ+mqcxWvruzI1sMAADgNgEBBgAAAEA6WVrff1PW+7ignR6v33spb9VX5pmlrrK0PBwOyxYDAAC4NUCAAQAAAJA2otHoscMzOb/1pKDjoaVNcV0WRVaNYaLLworVKN5rTFFJ9eDAoGw0AACAWwMEGAAAAABpIxyOeLyBE6e3vX+uqnmsrGHkcX57Or2XwupZFNc15mFey2maS62l25ubst0AAABuBxBgAAAAAKQNl9tH9uvzBylzSzsdA/OvS3tS8l4KE10WVsyiuC6LQX1lnlrqK2ylHrdbNh0AAMAtAAIMAAAAgLQRCke8voDD5fN4AwdHztbe2UTq+zi/7UlBu7bNRJcl/lUmUVzXGCa9LG8KaxrrG3AzMAAA3B4gwAAAAABIM+FwxOX2kQkPjK9wXz3Ni+LO17ZurruxKPU8iusaw0TXLFSjpdhaOTI0LNsNAADgpgMBBgAAAED68fmDHq9/dHrNaK2PLK3PCjusNYMFFX1PC9u59IoY6k2iuK4xiuWqkd5rSFOZtWxjfV22GwAAwI0GAgwAAACA9BOJRl0e/96ho6l7mryX3PVRXutrW3dF40h+ee/DvNY0ei9FEV0Wo/HyPLE0lJVYnU6nbDoAAICbCwQYAAAAAOknHI44XF6PL3Bkd1c1jZLiWsp6KU8K2kmDn+S3PS1sfyruAU4exXWNUUSXJU50k+RlfnVtVRVuBgYAgBsPBBgAAAAAaUazX6eX4g8EA8FQ/+jyi+LO50UdBRV9lvLekuqB1t7Zlp6ZouoBrruxKK5rjCK6auL8NpUUlVT19fbJCwAAAHBDgQADAAAAIM2Q9O4dOhwuuR6Sy+0rqup/ZGkrrRtu6poaGF/p6J8rrhl4qA+Nvl7vNaSptKR0bWVFXgMAAICbCAQYAAAAAGlG3ABMAux0+zy+ADnw1MLWyNTawNhyY9dU78hSaf3w69LuJwXt5MBaLqu+Ro+9eHAzMAAA3HggwAAAAABIP4FAiARYWxPY6XW5fZFIhHa6PD6y3+qWsbzynle2Lkt575P81qeFbXXtEwUVvUx6KYrossTpa1qCm4EBAOBmAwEGAAAAQPqJRqPkvWS8chS0R1sW2OP1kwDry/++tdySmoHhydWhiRVLWY/Yo4iumjhrTW+KiitxMzAAANxUIMAAAAAAuBL8gRB5byAYIgF2e/0eb4AceG5p55Gl5bWt62lBm9DdJwVt5Q3D1trBx/pY6KThsprOvGk6TSNuBgYAgJsKBBgAAAAAVwIJ8NGJmwSYvNfl9rk9fnqcWdwuquorqOht7JzsHJij5Jf3vrJ2GUWXlLiqaZQM+XSPIqtpzFvvfZsnefVlJdYTu11eCQAAgJsCBBgAAAAAVwIJ8P6R0+PVvFdMiKVtOL2Tc5uvrJ3kwGX1w2UNw6X1Q08L2mP2S6FDrT0z+RU9XFbTGEV6WV7lV1eVVwSDQXkxAAAAbgQQYAAAAACkjUg0Sq4rtgNBbR6sE6fX4wv4A0FhwqFwxOsLTM1vPi/uELpLG7bawcf5Wn/vI0vr86KOx/ktRVV9L0uoQBHXy0dxXWMe5b1NYXFlZ0eHuBYAAAA3AwgwAAAAANIDGe/mzvHS2h7pbjQaJeN1kP16/f6Adhuw0+WlAiqjp06Xj8rKG4bzy3vJfm11Qw0dk9Uto83dU2X1Q1xZ0xLFdY0xeq8h2s3A87Nz4uoAAADcACDAAAAAALgskUjU6fatbx+R1h4eu1Y2Dk6cnkAgpHX/erXuXxJgYb/ilmB69PgCVU2jbX2zJL0d/bMNHRN9o4sDY8tdg/PPitqEtT7Obyms7C2q6qM8slzoZmDFdVkU6Y3LU0t9aYn16PBQXCYAAIBcBwIMAAAAgMtCuruwsru2dSjGPJMG02M0GnV7tO7fUDhM0ksOHA5HSH0poXCErLisfshS1l3VPNo7Quq71Dey2D+2RBvPi9uFvj4tbBscXx6aWKH9VPk4v/Wt2SaPIrosTHSVNMbyMr+63GrzuN3yUgEAAOQyEGAAAAAAXAoSXX2Es290am1z53h142B7z0476VA4EiElduujoMl6A4GQGP/s8Qbo6ObOkbV24HlRe2ndYGPnZFPXZE3rWHnD0JMCTXRflnTkV/Q0dEy09832jy6RCRdX98dZrmkU1zVGEV2Wt95rjKWwqq6qGhNiAQDADQACDAAAAIA0EA5HNnaOJuc2D46coXBE7NSGRru8Lo+PDJl2hsLhQFBzYG154GCYJJlUmUSXjLegsrdnaKGubTymsq+sndXNo6THRVV9ZfVDFY3DTwvl0GiTKK5rjCK6arj0GvNYnxCrtak5HA6L6wIAAJCjQIABAAAAkAaE9AYCIdH3G4Ok1+3xk/eSIYcj2hBoEmAKKTFVnjg95L2dA3NjM+trmwdj02u22gHhtOS9JL117ePWmgFb3eDj/Lf3AD+2tORX9DwtaLOUdjHXZVFEl4W7rjHkvYY0lpRU9HX3yKsCAACQm0CAAQAAAHC1RCIRt9cvxj/To0efBEsbEa1bMZnwwsru+vYRCfD8yk59+4S41/dJfmtZ/dDg+HL/6NLQxErsxmBKXdtY38hiU+dkSXX/86I2Jr0URXRZuOuyxKuvzBOLNin09OSkvCoAAAA5CAQYAAAAAFeLJsAev8frd7p8Wl9wKEwOTN5LIQH2eANkv9t79tWNg6n5zcbOyZjrinuAe0cWa1rHaNtS3vPG1mWt6a9sHC6s6HlV0vHa2vGSiq/Se2Ohgqd5dWVW28b6urwwAAAAuQYEGAAAAABXSzgS0Se+0u4DJt0lGdYGRZ9Oi+X1BeaXd8h7RyZXB8eXSXdjk109yW99ZGnRFkB60/S6pKOqabi2ZdRS2vXYEnfTryK6arjrGsNEl4UVP7PUlZVYD/b35bUBAADIKSDAAAAAALhywuGImAorEon6A0GSXrE/EAyRDA9PrlS3jPaNLpIDT8yuVzQOCwE+9dtma01/9+BcS/dUe+9MTctocVVfauob564sTHTVsPpYnltqyq1Wp9MpLgEAAEAOAQEGAAAAQCbweANOl5cc2OMLiGWB6ZF2Uo5P3E63j0yYJJmUmJ5WNQ0XVvQ2dEyUVPe39U5T2vtmyuoG80q7alvHiqt680o7Fd2NhSsrCxNdFlbM8tiiJa+wuqqiEgsjAQBAzgEBBgAAAECGINd1OLVlgR0uL23Qo5gOmhI8HQ4dCkciUW3xpJmFre6h+f7RxYGxpabOyRdF7S+K28hvnxe15dk6iyp7Cyt6LGVdT/Nbnhe2XrX3UoT6xlJQXNnU0IiFkQAAILeAAAMAAAAgQ0TJbN2+E6fX49VuAyYH1tQ3GCYNJvX1BzQTpgSCISreO3QMji1pNwaPLZU3DBo6eJteWzvIfhs7J7oH55o6Jworuh9bEhosE10WVqyGea8xJdaKro5OcWkAAAByAggwAAAAADIHWa7TpQkwmTBtUGgP7Y9EIqI32KObMDnw0tqeGPlMrvusoIUJMOWNraO2daS4qqehfSyvtIOLq+K6LKyehbkuj3Z+SoPNWj45Pi4uDQAAQPYDAQYAAABA5tBnvfKFwhHXqQDTnnAkIqIf9Xt9gUg0urqx/1If82wMSW9hZbettv9ZISlx47OC5tK6/sKK7jh3VVzXGGOlGi66aqT6yjzJqy+1li4vLsrLAwAAkN1AgAEAAACQOUhxnW6fmASL7Jd0lzbEekgkwrRfzIYVDkfIkwfGlp6+7fvVBDW/rLOsrr+iYfB5Uautpi+/vIuU+FUJeTLpKHddY8TLk4SLLotBelmeWepLS6y7OzvyCgEAAGQxEGAAAAAAZA4SXfJbenTo3b+ku+KmX4/X79LV16/PDk0bopgc+En8/b2FFd0kwAUVXfRYUt1bVjdQWNHDdDcW4wtNw0WXJd51lTSIvLDUVJSWntjt4hoBAABkLRBgAAAAAGQOctoTp4cUl3TX49X6gYUAB4NhNzmwR+scDobCpMF6gf/E4altGSmsfDvI+Wl+MylxSVVvcWVPvjYLdDOTXpFYvWm46LLEWa5ppPrG8jK/qqqi0uN2y+sEAACQlUCAAQAAAJA5SG7Frb/kvWLAM23rk0L7yI1DYW0sNP1PMKjNC02HSInHZ9Z6h+dbe6aqm4cfW6TfFpR359k6n+a3xIxXhIkuCxddNXGWq4Z7rzH5RZUNtXVYGAkAALIZCDAAAAAAMkckok1/5dCkN0DeSxsnTg/JsBBj0mB/QAyB9ulzY0WohgS4a3C2a2C2vH7AUtr5xtpRUtX7qrittLa/snGInp7pvRQuuixxlquGuy7LE4tMibWqp7NLXioAAIDsAwIMAAAAgAwRjUbJbOXdv3roqXbrr9dPokvx6yYc0CfEikSjlIDeFby4slPdNGyr6SurHahrHW3rnW7umqTHsvqByqah50WtTHdj4aLLEme5arjossS815B6a0l5b0+vvGAAAABZBgQYAAAAABkiEomS9DqcpwLs1vp7SXHJeGmLRJe2/YGQ/hgkH6Y9ZMJhzYWju/sn7b3TDe3j5L19IwudA7ONneNFlT2vre1MeilcdFniLNc03HWNUaQ3Pnl1cGAAAMhaIMAAAAAAyBAktyS9ZLYuj1wEmKLPg6WpLyUSiYh7g6nG7dHmhRZPQ6Gw7sD23uH5/tGFofGlroHZgvKux/ETRHPRVRNnuWq46xrDRVdNXv1pNAfu7+2Tlw0AACBrgAADAAAAIEOQxIYjEdow3AmsTX/l9moLI/kD2ozQwWBIzP+sdf8Gtc5feqSn4XBkRxfgnqH54cnlnqG5vNKOVNU3znLVcNdl4aLL8tZ7jamz2SoG+uDAAACQXUCAAQAAAHANkPQ6XV5yXYqf7NcfJB8mGSY3JtclE/Z4A7GB0HRUjIsWDtw1MDswttjYMZ5f1sld1xguumq46xrDRZeFGy/PU0t9KRwYAACyDAgwAAAAADJNKBwm7z08dtodHhJdMt5AIEQbLo825pl0l6SXQjJM0ktxe/yhMG2H6OjewQk5cPfQHDlwZePg0/ymLPPeBkM0Bx4eHJSXDQAA4LqBAAMAAAAg00SjUXLdE4fH4fQK1yUHpkddg/1iQiyKW78TWN+j9QCTNtNO0uD9I0ffyDxpcEf/dFl9//PCltTUl7uuMVx01Siua0y89xpTX2otnxyfkFcOAADgWoEAAwAAAOAaCIbCJLfkvWIlJG2EszbsWXNdYcJ0lA6JPeIQFYvFgenlh8fOkcnlps5xW21fcVXPi8KW5wUtzwqaFemlcNdl4aLLoriuMYruqql/ll9ns5bCgQEAIBuAAAMAAADgOiGndTi9J04Pea9LN14pvYEgGS/F59cmhaYIH9YdOOpweXsG56qbhl+VtJHl5pd1VjYOvSpuNarvE0tjeX3/GysVcOmlcNFlUVyXRRFdFu0e4FjgwAAAkCVAgAEAAABwzYgBz/qKv5FAUFsTOBAIhULa5M8U0l06oOmx20ePbo8/Eo1SzczCZkXDYGFFV56tgwS4s3+mqXNCGw6t++3rkjay3+qmIVtN77OCpmvxXmPIgUttZdOTk/KaAQAAXAcQYAAAAABcG/q8Vtpsz+K+X0199dWAgyHtdl9yXbFUEm1TJVkxRZsyOqCtluTzBydn1/uG59t6plq6Jwf09YHbe6del7Q+0e4HbiA3fpYv1ZeLrhrFdY1RRJclznXVPNPzPL+uzFYOBwYAgGsEAgwAAACAayMYDLs9PofTc+L0ON1el0fr4yXLjUajJLr6wkh+l9vndGlzZdFR2iYfpkd6STgcObK7egZnO/unuwdm+0fmx6ZWBscWW7snbTW9JL35ZZ3PC5q56LIormuMIrpq4kSXRXivMXBgAAC4XiDAAAAAALhm9Dt+tR5dslyK6PIlN6adYhQ0CfDxiZt0lzZIlcXOSCS6d3AyNL40s7BBAtzRN907PEcaXN82qncCK65rjOK6LIrossSJLguTXhbhwIvzC/LiAQAAZBAIMAAAAACyC7FKMPmwmAuaNuiRtsWwZ60rWO8TDobCu/t2YbwV9f2FFV0Ua02PpbSd624siuiyKKLLEie6apjrKqkTeWGpKbWWriwtywsGAACQKSDAAAAAAMgiIpGIdpevPyhGO1Nog9RX3CccjcoJsRxODz0lVd7aPbJW91Q2DjS0j+aXdTDjfVl0OgQ6XnSf5ze+LGx6XtAoniqiyxJnuWoU0WWR3msMHBgAAK4FCDAAAAAAsoVAIOR0eUVIfbUpr/QVgCkOl5ekl/aLHmAxdRZt+3yBxdWd4Yml/pH5jv7pmPpSiiq7Siq78kvbSXdj6ktCS3sq6vuLK7vyrK3xoqsmTnRZFNFl4dLLIhx4bWVFXjwAAICrBwIMAAAAgGwhHIloruuUDhzr+6Vtsl/RJ+z2iEmhZRexeLQ73INji5390609k+29kwWl7eS6L4uaSX2LKjqLKzpjAvzG2lrbPGSxtb0obFJ0NxbuusYooquGu26ikAOXWUsxJxYAAGQMCDAAAAAAsoVAMERyKyzX7dFu9KUNsZ+eBkNhbSC03utL+6mMnlIC+vJI23vHU3Pr/cNz9W0j5LfkuvRYVttLKSjTfJjyLL+xsLyzunGQHLi+ddgovaTKTHTVKKLLwv02lTzPr7VZS4cHB8UnAAAA4EqBAAMAAAAgWyDFpcdIJHJ47Jxf3t47ONnePSbRDYe1lYEj0Wg4EnG5SXw1Dab9Pn+Q9pMeuzy+aDRKGtw3PPeioOlNSWt+aXtlQ39FfR/lzelQ5+LKrtKa3u7BmcGxRToqduZZW54XNFqrupjuxqKILgt32nPluZZaW0l5Z0dHOKxdPgAAgKsDAgwAAACA68cfCJLLOpyeI7tzcWWnb2R+YHRhdGpldWP/+MRFR72+AIkuGS8JsBgCHQqH9b5ibU1gEuBIJErn2T88aeoYbe4ca+4cb+2eqG8bqajv13t3GwrKOmiPNky6e6Ksro+kt6iig1Ja28OMV0QR3fqXhY2Gp1xlzxXde+NSVFzeVN9An4L4QAAAAFwFEGAAAAAAXCeRSIQeN7YPp+bWxXRWMwubZL+zi5u0TY8Olzb3FT2S+uqPPm3uK31yLDEtlgidh9jdt49OLlPGppbHp1dId0mGXxY2kwC/LGpu75nsHpjpG55r75noHpju7J8iWy6p7Hpd0pLEe2OxVnW9KCAH5jabepj0shQUVdRWVnncbvHJAAAASDsQYAAAAABcD9okz3rXLonr5s7h3OLW4so2OfD4zGr/yPzo1PLQ+OLewQnV+PwBl8dHAkwbMe8NBLWVgeko7dGVWEtAuyVYWzeYPNnp9pL9VjbIHmCS2/zSto6+qYHReXJgCm30DM5Yq7tLa3sKyztsVV0l2oxZHa+Kml4VNr0paX5Z0Kgbbz1tPM8nB+ZCm3qY6yqpFckvrKgsLT2x2+VnBAAAIK1AgAEAAABwDYTDEfJYbfSy23vi9EzNr88tbU3MrpED0+PY9AqFTHh+efvgyOH3B0mSSXRDYW0eLOHAYiC08F5yXVJiOhWdlk4ejWrDoUmwSaFJcSvq+/KsLaU1PVWN/QPa4Or58ZmViZnVobGFlq4xMt58W6uturtvaLapY3RgZK53aKZ/eK61a7ylc6yiriff1lJZ3/uysKGwrO3FOTVYEV0W6b3GvMmvqLCVHuzv658TAACAdAIBBgAAAEBGiUSjelettsav6AQeHFuYWdhYWNmeW9ykbZLhlY292cXNydk1XVZXfX6to9jl9rk8PrceehU9kglT6DxiD52NnpIG02MwFKad9PLmzrGa5sGWrvGugelBXX1X1nc3dw5394/nl7fIgfuGZ8l123smhBvTnomZlZ7B6bqWwfae8aqGPhLg10XayGeLrSXFfmBFdNVw7zXmdX5VudW2sb4uPzIAAABpAgIMAAAAgEwjemgjkUggGNrePRqbXlle210kAV7amppbn5pbm5xdpacjE0td/dPLazuksk6XNveVNrBZv+NXk+dgiJ46nB59PqxImM4W0FZRoqMOl4dcms7T1DEq7ux9XqANga6o75tb3NjZO9o7sK9t7q9v7k/Pr/ePzLV0jnX1T/UPz/UNzZIP057mjtGm9pHCsjaSXia3SaJYrhruusa8yK+L5XV+dZm1dH52TnxiAAAA0gIEGAAAAADXgMvj29w5nJpfH55YWlzdIe9dWd/T+oGXtX7gsakV0teh8cXh8cWl1R2X23tw5BDqq4121kP2q/f9arf7kgCLcdFUIHqG9w9P9EmwpvKscoIrMZEVaS2dkNR3a+eQMr+8RZmhZowviIxMLA6NzVNZbfNAXfPgi4L6VHp9FdFl4a5rjNF7jXmVX1NqLRsZHpYfGQAAgEsDAQYAAABARolGo/5AcHJujbKwsk3+OT2/TgI8u7hJajq/tEWPa3rf7MjE0sTM6sjkMgmw6O/16R28McsVe4IhOfL59E5gbZpoeiPaqGsdep7fINRXpKqhf2JmZXV9j7K2sbewvLW8trO+tb+5fbC9e0RKvLa5p3c+L45NLfcMTrd0jpZWdxWWtZHlviigU6XNeynMeFn0As2Bezq7sEQwAABcnrmZGQgwAAAAADJKKBQ+PHbOLW4K1yX/pI25pc2ZhY3x6ZWF5W2yX9pP6ru8tjs2vTI4tmA/cZPikuvSoxBg0l3NeF1ecRex6PsVAqxV+rVFg0mDqxv7rfrczraqrrKanpausb6h2Zn59cWVLbLf1fVdetzY2j86dlIOjx27+/aVtR3aOU/tmV/vHtDuBC6r7bZVd70oqC+p7BCTYCmiq4a7rjFMdFlY8XNLjdVa0dbcgiWCAQDgMkyMjZVbrRBgAAAAAGQUUlbS1MnZVTLexdUdepxd2CAfpo3p+XVS38WVbdqYnltf39wfnVomB6bH7d0jfbSz7PsV6kuWS/YbDIXIjYUP0yF6i2Ao7HB5qPLY7ursm+odmqltHmzpHBsYmRd3F5PfrqzvUki/SYbp6cbWwc7eMTkwvdHaptY5PDa11DM4XV7bQ8b7uqixqLydzPZlQX286LIwd40LE101rN6Y4pKKuppan88nPkMAAADnoq+np8xqtRUVQYABAAAAkCGi0Wg4EgmFiQiJ7uDYAqnvqjYOeZsUd3Zxc3ltd3J2bX55a3x6lR5p//D4EoV2Hhw5SGvpDCS9oo+X/Jak1+sL0Nm0/l59OmjaQ0dJiV36dFn0plu7R+V1vTVNA9WN/U0dIyTAJL2b2wf7hyck2GNTy90D0+0946OTS6TBS6vbZMXrW/vzy5u0hwS4oq63sKytqr7XWtlhKWkur+0mGc6Y9+qpESkoKq8qr3A6neLDBAAAkAr0fzntzc3luv1CgAEAAACQOTQB1qdr3tw+HJ1cJt2dX9oiuV1c2SbXpe31rQNtaPTylpgCmjI8vjg0tkCySoobCGiLIfn0NYHpVOTApLhCg2mDQg5MT8W22EkvISvu7JssKm9v6dKmeiatJcUVM2CRCdP527rHGtqGqYYyNDY/MrE4Mb3SPzLXPzzb3T/VPTCl9wN3t3SOtneP17cMltV0vcgX/cDMVHmY6LKwYiXSe43Jyy8vs1qPDg/lBwoAACApwWCwqa6urKRE2C8EGAAAAAAZhQSY7PXgyEFyu765T6I7Pr1CDjy7uDm3tLWyvjcxs7qwsr2xfTg9vz42tTwyubS0ukO+S+orRjVr9/fqyx15vH7xKHRXjzb9Vcx+6ZFsmd6RXkVm29g+PDAyt7K243B6dvaOSGt7h2b6hmYs1paC0taXhQ3P8+ubO0ZJdCmDo3NUPDgyRy/s6JkgSW7vGe/snRweW6hu6FNkNS5MdFlYsVm49xrzpqCi3GpbnF+QHygAAIAEeNzuuurq0uLimP1CgAEAAACQaaLRqN3hHh5fWl7T7sJd3djrH5mfnju9+3duXR+KvDMwOt87NDswMr9/eBIKh4XrBkNh4cCa/eoDoUlx6ZAISS/JLRWQ+DpdHhJgeqH+NGA/cW3tHB7ZnbQzGAxRGZ1278De1T9VVttd1zJIelzT2N/VN9nZO1HfMkjbFNogQx4jCdcatjYxvdw/PFNW0/VKuxOYWWvahjqb5kX+27wqqCorsfV2dWNqaAAASMTR4WFlaalRfUUgwAAAAADINIFAaHJ2bXBscWpujTR4en59bmlzbXN/fnmLfJgceHJ2lR4Hxxa6+qe3d4/8ZLl6fy/prkM3WxHaFsOeY3tIfWPbdNRHL9G7jukpObM/ENT8WZ8xSyi03eEi356aXV1Y3iTLnZlfI9HtH55tah+mdPRMkACPT5EAU8N21ze1mbFaO0drm/oLy1qFuDLLVWNQXNNw12Uxqq8h1SXFZXU1tbglGAAAVBbn57WbfgsLmf1SIMAAAAAAyDShsDZLs+bAowsr63sz+mhneiQZXlzZFvNU0dG5xU0yZKc+l1UkGtWcVu/g1Xp6XR4yWE1ifQHSWqfLQ6FDpNZan/DpLFnCcoUPU+S4aF+Ador6w2PHxPTKytrO7t7x7v7x/oH92K71FZPuzi2skxgPjc71D89MTC8va/Nj7UzNrtBTcuPS6k4muiyK6LJw0WVRjDc+VGCpsRSUV9hKtzc3xacKAAAgHA73dnaWG276ZYEAAwAAAOAaCIa0Uc1kudr0y8tb2jJI83rH7/z6gtYTuz48vjgxs+pyy4V/IpGINqNVIBiJROm1tEESS2fQ7gfWFVdIr357sPZUnzFL6xym/cKZaafd4To6doptETLq2YX1gZE5rRmLm+ub+zt7R2TC9Li2sbu8tj08vkDG2z88SyY8qKe9Z7yovK28tvtVYQOTXooiumq46xrDRZdF915jXlsqy0qs46Nj4lMCAIDbjMftrq+uNk55pQYCDAAAAIBrgKQ0Go2Siw6NLcwsbJDxismfyYRpz/j0itbN6/SQ0Eb0uaM9XrJb7XZfst+QLs8OvdeXJFb0A1Ol2KD9JL3BkPaUjtIb0SG9i1j2AFON36+5NBmyGA69uLI1OrnYMzA1MDK7srZD9ru6sUvS2zc03Ts4PTKxQBkam6eQADd3jJAAF9haisvbzqO+3HWN4aKrJt57jXmZX2OzljU3NgaDQfnhAgDA7WN3Zye5+opAgAEAAABwDYRIaqNRUtn9w5O1zX2S3onpldHJpcnZVfJPslbtvl99jV8qpkexoBE90iEyW6G+4lHcGHy6X7sNWPQPa93F0WhQXzdYVNI2ibE4iainnRSyanq6ur67vXtITz1e7aZi/abf/fGppd6h6f7hmZHxBZLk1q7R8trufFtzWryXwkWXJd51WUh9YykqKq8sLcMKSQCA28nUxESim35ZIMAAAAAAuDai0Sg9kugeHDlOnO6jYyeprDikrWAU0eyX0GeB1u74JY8V81qJvlzao3f2alM9O5zaXcEkt1R/KrraaklUJuyXLFdINRWLPYdHDjEvtHY0QDIeFkocOzmdam1jd3B0juyXHHhgZJa2qxt6s8d7jcnLxwpJAIBbRzAY7Ghr0+xXcV3TQIABAAAAcG2QlJLByifxCDcWkPFqchsMkZeSvopHYcJCa8V4Znokj6VdVCxkmAqEA1OojHZqnuzxkR7THrJf+4nr9KhcUphCJ3frO+mcewf2qdnVmfm1sclFSt/QTGPbUHF5m2K8sXDXNYaLLku86Kphxquk+nVBZam1FCskAQBuCSd2e21FBVvpN3kgwAAAAAC4NsKRiBjkzCD7DRkUjrb17lw/RXTPkqPSC4UA+/xahzBt6AarrwPs1W7u1WQ4qPUDC8Wl1wrvVXNsd5443EJ66VT0cpJkOhWdkLZX1nYmZ1YGR+fIfkl9C8taXxaoPcDcdY3hoqsmXnRZFNFlqY5PVUlJeT1WSAIA3HQ21tdTuemXBQIMAAAAgBwgGAqLNZC8WqeuNuEzqSn5qujXpQ16FAJM20KVxX6qFForOodPn2pzYtEGhc7gcLrp5Nq2PtG02E/vFdT9WfQhT0wv9w1N5xU3pu69FC66LPGiy6KIrhqmvm9jyS/DCkkAgBvM8OBg6sOejYEAAwAAACAHEF4qzJbUlPRVj+axJLrBkNRUUUN7tF5cLXKmK3qJ1ldMD1pHMVm0dhJRL18l6j0+ve9Xr9ffkQQ4Go3Sdt/QTGVdT1FZ61V7L0URXRauu8a8Os2b/Ioya+n4GFZIAgDcKHw+X1N9fdmF7JcCAQYAAABADhAOR8hRyXKF0FJEZy+JcSSiLZJEEcqqH5Ju7PdrKx7RHjpK9isehd8KT6Zt8RI6D+10OLUllMh4SZLpDFRD9eubexMzy5X1PWeqLxddlnjLVaOILgt3XWNi3mvM6/xqm7W0pbEJKyQBAG4GG+vrFTYbc9pzBQIMAAAAgBxAl1J/KBQmIxWKSzJMVkwhd9X6b/UeXVJW0mDNb3VbphcGQ9oiwIfHDiHMpzf6aqIrBDjmwMKK6S1CYX2p4dMB1XsH9q2dg8WVLVtVx6vCOia9FJJbS0mDtbItTneNiRddFkV0WbjrsjDpVYMVkgAAN4BgMNjX03OxYc/GQIABAAAAkBuQl+ruqg1X1mVVuxlYuKtfv7OXdgaCoUhE6ysmH9ZkOKhNnUWiK27xpdeSP1MZbZAJU4T9ku7GZoEWgk01eplHOLCYrKu7f7Kkoo2pr8jLgtrXRXWxpzLxosuiiK4a7rrGMMtNHkt+eWlJCYZDAwBylKPDw6ry8gsPezYGAgwAAACAHCAajYrBzMJ+KUJohaOKkKaKW3xJZcl9qV5XXI8Y3ixcVzxS7Ccuu0OugRQMhaiAVJleFvNeCmmz1qNMGh0K7+wd5duamPeaJ1501Siiy8Jd1xhmtqnndX5VqbWsqb4es0MDAHKLqYmJy3f8xgIBBgAAAEAOQA7qIRv1a6Od6VFb30if1Er09IpbdklWyXi1yaLFkObTqaG1l5zeHkwR2kwvpMhtXarpELmuOBXFqy2kFKSacDhCTxvbBrnosiiiy6KILgt3XWOYzZ4/VSL5BWXlNtvM1LT8WAEAIItxOp1N9fVptF8KBBgAAAAAOQDJLYmuPgmWTxuxrPfKaj29eg+t8FtdXDXvpUohtPRIh6iWqsXLqYCcVu/m1WT4yO60n7ioSJxBdPZGIhHthf6Athyx/nRlfadnYLKrb7yqvruwtNlS0vCyoDZF9VVEl4W7LouisueK9F5jXudXoisYAJD9rCwtXXK+K9NAgAEAAACQA5CakqBqfb+BUDgcpg2tizZI2xEyW73DVpNeUmISVtrW7Fc3YTpExeSxwofpJXrXbkiTXn1MtfZafcYsKqaX+3wBMl56XFrZ6uqfGBiZ6RuaHhqbIwGurO8uqWitqO0qKm8pLm8pKW8tLmthuhuLIrpquOsao6jsecO915jX+VUFBaUVttK1lRX5+QIAQNYQDAZ7OjvLr8B+KRBgAAAAAOQGwmbJfklnhd+K4c30KAYqi15cKtNtVrublypJZWlPMBjSpFcfMk0noUe9T1hMKC1mhBY3FUuRprOtrO9YrI2ij/dVoTbHVVFZc3ltp7WirbSq3VLcQMkrbmDeS1FEl4W7rjGKx5433HWNIe815k1BZZmtrL2l1efzyY8YAACum4P9/crS0rKSEiau6QoEGAAAAAC5gd8fFPf3kq+KAcxkvLQdCodF/zC5Kz1SyGJ1ldVv4tXvGaayQDDk18dRxxyYRJc2hPdSNVWKbSomzabK1fWdls7h2Djnl/m1xeWtJeWtVfU9bwrrjdKrH32bN4V1rwpqjXuY6LIoHnvecNdlYeprTGFRGbqCAQDZAP2Hd2JsrPzK1FcEAgwAAACA3CAajZKakqOSy1LE+GfyVVJi2iabpUMkvbRHaC3tEU6rvcQfjEQi4UhEaHCsvzf2SNEHRQfIsbUtvYxCm8Nj81X13VV13ZV13daKtnxrI5mwqffGUlrVnldUr29z12VRVPZc4aLLwlxXSaXIm4KKshJbZ3t7MBiUnzUAAGSWo8PD2srKtCx0lDwQYAAAAADkDOTAmtZ6fD5fgOyXHklcyXIDAW1QNKksbevjn7WFfwOBoLZ4kt45TJWhUJie0qu0l+i2TCF5FuasvVbvEKanYoi12KYXBnW7npheKi5reVNYb6tsL63qKKtut1W1Kd28xnDXNUZR2fOGu64xiuiySO+NT0VJcXllaenuzo78rAEAICOEw+GxkRFtqufCQiarVxEIMAAAAAByhkgkqt36qzuw8FgyXnr0a3NBh0RfbuzOXtqpzxRNNdrE0RTaQ4eEQmvGS6XBINlybCfpLkmyps365NL6ht7bHAgeHJ1U1WlTQBfammyVbQXWRhLgvGLRzZsT3kth0huXNwVVloLycmtpf28vuoIBAJlhd2fnSu/4VQMBBgAAAEAuIXp0yVd1y9VEV482yJlkWPT0+nTRFYOZqV6MaY7os0PTRlBfQJgKaD/toW06gybAXr82TFq/o5jUl3yYNsT9w3RO+4mrvXuU7FcxXhHuuiyKyp4r3HVZFNFl4a5rDHlvfCpLSirQFQwAuGrov8W93d0VVz/mmQUCDAAAAIAcIxgKkawKASaDJXcVGizMNjbfFRXoNdqkVqS9ZLaktfRaslnaKWyZHFjU0GtDYW2pJHJlocS0TU/oUfQMU+XM3GpxecvN8F6Kor5vYykoLyuxjo+N0YcmP3QAAEgfaysr5SUlmez4jQUCDAAAAIAcgzw2HI4EAkHdY32krGIAM23THpJVOkTuSopLT+kQhQRYM16/psdiJi2huEfHDvuJizaoRvQGUxmdnLYptNNFZfo5xZ3AswtrbwrrzlRfRWXPG+66xiiiy8JFl4W5Lg8V6MnLr7SWlNVWVh0dHsrPHQAALo3P52trbq64mjV+UwkEGAAAAAC5CokuuStpLVkrxe+Xo6NJVkUPMO2kbeGuQpVpJwkw2a+I9nKf1uVLp4r1Bov9YpseQ/rsWVRDj/Ta7v4JpruxKB573nDXNUYRXTXcdY3hosty6r0sloKyMqu1v7eXvrPKDx0AAC7KzNTUtfT6GgMBBgAAAECuIiaCJneNdflqNhyUkz+LblvSVwoV6AOntd5gCh0S26KGjtJL3PoCS7SHQtua/ep9v6LHmM5MR/UCf+/AZIG1gYz3TVFdga3xdWGN0WNLypvLq9uLSpuMO5OGuy6LIros3HWN4aKrJt54eQooFcXF2lrBM1PTGBENALgYTqezsa5Om+pZMdIMBwIMAAAAgFxF65LVByqTxApTJUmlvJVb/W5h8mR6GiJ7i0RIhk8cLvuJSyvQb/cVg5w9Hh+9nKJNghXUJr6ikzicbioi6dVuA9bPTCYs7Hp6dqW7f2JiarGytsNos6VVbSNjc129Y3VNvcb9ZuGiy6KILgt3XRYuuixGy1WjeW9c8grKbday2spKTI4FADgX9B/VibGxa+/4jQUCDAAAAIAchoSW7JRsVos+njkS0XTX4fTQU9JjYbmiE5i8l7R2cXlzZm712K5NEi16fWlD9PFKGdZnh6b99EgmTGeg12o6HdT6kLXoc1DTOQ8O7SXlzUWljTGtzSuqs1W2Fpc1vS6I6xaOD3ddYxTRZeGiy8JFl8VouaZR1NcYS0FZubW0vaWVPlz5AwAAgMRsb25WlZdnQ8dvLBBgAAAAAOQ2okuWpJc0lbyUfJV2Cll1OMlr6WBI2xMKkfpSlle3l1e3Do8dWzsHpLVCbsUGWa+4B5jORn5LrwyHw26Pdj+wZsI+7Y5i2qYCOrnW/+z1D43O5JfUK4prGu66xiiiq4a7rjFcdFmMimsaxXWTpKDAVm61jY+NYblgAEAinE5nc0ND+fVNdpUoEGAAAAAA3ATIVD0en7YasG7CovPWczoRNNnsxuYeGe/m9j458NLK5vrm7tTsCu0JRyJUqfX36oorOoFFbzDtpQ06A+0nDdYGQutPyYFFyIH3Do4LbW97gM3CXZdFEV0W7rrGcNFVY7RcNYrcppwKq7WssrR0Y31d/gAAAEAnGAwODw5qY54LC5l8ZkMgwAAAAAC4IUQicm0k0fEbG/msdQGHwqS7pL7kqwdHJ2sbu6vrOxTaoHoKvTYYDFElKa7o6XXrKwDHunxJgOkobdBOOrlTuz04EApro6DLq9uF6+YV1eWX1FfUdOQX1+eX1BWU1L8uSCjAiuiycNdl4aLLYrRcNdxmz5n8ChFLflm5raypvh5LJQEABPOzs6S+pcXFTDuzJxBgAAAAANwcwhFtXmgKCS35ajQapZ3aGGl/YHRigULGu7t/JOx3Y3PPdbpuMBky2axb6+PVnnp1B45EotqEWD4/Sa/o/iX1JRMWe6iAQht0ws6eURJgS3FddX1XZW1HTUNXSXmTtaL5TSEXYEV0WbjosnDRZYkpbqIwlT1XTr2XpaCgtMxqHRoYoA9I/BQAALeQ3Z2d2srKrLrd1zQQYAAAAADcKMhg3W6vNgOW3glMG6SpJw739NwKSe/y6tbG1t7RsWPv4NjhdJP0Ulk4HNHM2a/1GFMx+a1w4HA4TGego6TB2phnffAzuTTZNe2nePTZs+g8TpdnamapoKSeBLiipr22ofuNtjZS6t5L4a5rDBddFqPimoap7HmjSK8xeQUVloIKa0l5WYl1fnZO/hgAALcGj9vd0dZWlvXqKwIBBgAAAMCNggxWG7Gs36BLxBx1fXNXjHymo4fHJzu7h6KDV+vd9Wo3CZMJa4Olw5oDk+LSfrfH63S6aUM7EAzp3cV+rT9ZHwtN9bST9tAx2qCy2fnVsqrWAms9JWX15a5rDBddNUbLVcM89rxRXNcY8l4WS0F5qbW0trIKSyUBcEug//aNjYxU5Ij6ikCAAQAAAHDTCIY0gxXbZLYkwAdHJ2OTCzNzK/NL65vb+2S/ZLZClUVIX+klXp+f6rXuX682yFm7f1hbRUlbE5i2tXWEyZnFTr+27DAd8gf0O41PRXpgeKq4rOmS3kvhostitFw1zGPPG8V1jWHSq6agwFZmtXW2t2OpJABuNsuLi5Wl2h0QzDCzPBBgAAAAANxkxADm/YPj1fWd7Z2DxeXN8cmFianFE4eLDpEbk8pqvbj6ikdaR67XRz4sunbdHi/tpEN0Bu1RX2ZJjJcWzkxP6ZVefd1g2hbDrQ+PTjq7R/IKaxTppXDRZeGiy2K0XNMwlT1XFNdlYaKrpNyQMvqeWVZSMjI8jBuDAbh5bG9u1lVXa7f7ZuU8z8kDAQYAAADAzUfe3Ov1k/fu7B6SCTucbmG2wmPJYElfI5EoPfXrNwPTUU2OA0F6IA2mQ7RBR7UOYX10tFap2a+2MJImwKeDoqmWTj6/sFbb0J1IffOLa63ljdayRvGUiy6LUXFNw1T2vFFc1xhFdFmM3stSZi0uJQ3u7+1FbzAAN4O1lZXqioocVV8RCDAAAAAAbgXRaFSf51kTVwopK/mqZrleP4lsMKTNfUUmTHv0Yc8BeqQyocEkwKTEugnLubLInEma6ShtkzlTaEPT5EhELCBMpybTHh2fJdGNeW8slqKaIlt9cWkDd10WJroszGPPG8V1jVFEVw3T3bhY9Jmx9JSXnGqw0+mUPwwAQE5B/3VbXlysKi/PafUVgQADAAAA4BZByupwusVwZSHApLJksbRBO536qkhksE6nNjZa9AOLTl2tOKgV07Y4jzbymYroHNrqwZoKi23NnGl/IEBlZN07uwcNzT1MgLnoshgtVw3z2PNGcV1jFMtVw13XGIP3xiW/oKKoUBsU3dXRcWK36z8KAEAOQOo7PztbWVqa/esbpRgIMAAAAABuEWSkJLdHxw6Hw02iS9ZKdkvqK2791RzY6SY3Fl3EdIw8VlvuyKMd1aVXTo4lBFgXXu3mYYK26FR0NBKJkjPrL/STDNObbm3vF1nrL+u9FKay54riuiyK6LJw1zWG6a5ZqIZSRhpMX6PbW1oP9vfFTwQAkJ0Eg8HpyUn6B5tz01wlDwQYAAAAALcLcmBSXHJgUlbxlHxVmwLa63c43SSu9JQ8ltyVDNbl9mga7Ne6hbVDoZDWgaxPHC3kll5O+zVb1gdA04tpj3BgCkky+fPhoX1mbrmsqoUbrwizXDVMZc8bxXWNUUSXhbsuiyK6LMJ7WcoKC2xlNltLYyMWTAIgC6H/bI0OD5eVlFCYPd6AQIABAAAAcBshTZVbBsh4xX28JMPkt2SwYhQ0PVLoKdWIbaoRL6FjokB7WUQ7J51ZqDVB++mcpMf02rWNHVtFU8x7C0vqiijWOq67sTCPPW8U1zVGEV013HWNUUSXxai7pinTNdhabiutr6nZ3twUHxcA4HrxuN3Dg4M3VX1FIMAAAABAHFp/YCgsHiPRqC422uRJJDf0QP+jRZcdfade8PYlIe0xaHgMhcTR2KnEa7VTnW4YT6I/mpyEHqlGPJq1R3saa0+sOJVTiddqp9L+V5zq3Cc5bY/2P1r0p9nfHnqk0Mtjb0o7tXuD9aHLPl8s2nq/8RvaNr1M9P2e7tEmixaH3kZfMVh0JtPjwcFxeVWr8NuGpu7u3hETAWYee94ormuMYrlquOsao4gui1FxTaN5LwtpcEVpWV11zdrKivxHCADIOB63u7+392arr5aiov8fKhp+NZAltvMAAAAASUVORK5CYII=)\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:00.763Z","id":"83d252d0-e5d3-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-10-05T19:23:00.763Z","version":"WzU2MDksN10="} -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":1},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":2},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MjIsN10="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:\\\"Microsoft-Windows-Sysmon/Operational\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_sysmon_all_events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:00.763Z","id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:23:00.763Z","version":"WzU2MTEsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:00.763Z","id":"6bae6b40-e5cd-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:00.763Z","version":"WzU2MTIsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":0},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:00.763Z","id":"8fcbbf80-e5ca-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:00.763Z","version":"WzU2MTMsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_datatable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event code\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:00.763Z","id":"fb34c760-e5cc-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:00.763Z","version":"WzU2MTQsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_host_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_host_events_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Missing computer name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer name\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"split\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Missing computer name\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:00.763Z","id":"4ff18f60-e5d0-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:00.763Z","version":"WzU2MTUsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_event_code_reference","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"markdown\":\"| \\tEvent ID\\t | \\tEvent\\t | \\tDescription\\t |\\n| \\t:-:\\t | \\t:-\\t | \\t-\\t |\\n| \\t1\\t | \\tProcess creation\\t | \\tThe process creation event provides extended information about a newly created process. The full command line provides context on the process execution. The ProcessGUID field is a unique value for this process across a domain to make event correlation easier. The hash is a full hash of the file with the algorithms in the HashType field.\\t |\\n| \\t2\\t | \\tA process changed a file creation time\\t | \\tThe change file creation time event is registered when a file creation time is explicitly modified by a process. This event helps tracking the real creation time of a file. Attackers may change the file creation time of a backdoor to make it look like it was installed with the operating system. Note that many processes legitimately change the creation time of a file; it does not necessarily indicate malicious activity.\\t |\\n| \\t3\\t | \\tNetwork connection\\t | \\tThe network connection event logs TCP/UDP connections on the machine. It is disabled by default. Each connection is linked to a process through the ProcessId and ProcessGUID fields. The event also contains the source and destination host names IP addresses, port numbers and IPv6 status.\\t |\\n| \\t4\\t | \\tSysmon service state changed\\t | \\tThe service state change event reports the state of the Sysmon service (started or stopped).\\t |\\n| \\t5\\t | \\tProcess terminated\\t | \\tThe process terminate event reports when a process terminates. It provides the UtcTime, ProcessGuid and ProcessId of the process.\\t |\\n| \\t6\\t | \\tDriver loaded\\t | \\tThe driver loaded events provides information about a driver being loaded on the system. The configured hashes are provided as well as signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading.\\t |\\n| \\t7\\t | \\tImage loaded\\t | \\tThe image loaded event logs when a module is loaded in a specific process. This event is disabled by default and needs to be configured with the –l option. It indicates the process in which the module is loaded, hashes and signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading. This event should be configured carefully, as monitoring all image load events will generate a large number of events.\\t |\\n| \\t8\\t | \\tCreateRemoteThread\\t | \\tThe CreateRemoteThread event detects when a process creates a thread in another process. This technique is used by malware to inject code and hide in other processes. The event indicates the source and target process. It gives information on the code that will be run in the new thread: StartAddress, StartModule and StartFunction. Note that StartModule and StartFunction fields are inferred, they might be empty if the starting address is outside loaded modules or known exported functions.\\t |\\n| \\t9\\t | \\tRawAccessRead\\t | \\tThe RawAccessRead event detects when a process conducts reading operations from the drive using the \\\\\\\\\\\\\\\\.\\\\ denotation. This technique is often used by malware for data exfiltration of files that are locked for reading, as well as to avoid file access auditing tools. The event indicates the source process and target device.\\t |\\n| \\t10\\t | \\tProcessAccess\\t | \\tThe process accessed event reports when a process opens another process, an operation that’s often followed by information queries or reading and writing the address space of the target process. This enables detection of hacking tools that read the memory contents of processes like Local Security Authority (Lsass.exe) in order to steal credentials for use in Pass-the-Hash attacks. Enabling it can generate significant amounts of logging if there are diagnostic utilities active that repeatedly open processes to query their state, so it generally should only be done so with filters that remove expected accesses.\\t |\\n| \\t11\\t | \\tFileCreate\\t | \\tFile create operations are logged when a file is created or overwritten. This event is useful for monitoring autostart locations, like the Startup folder, as well as temporary and download directories, which are common places malware drops during initial infection.\\t |\\n| \\t12\\t | \\tRegistryEvent (Object create and delete)\\t | \\tRegistry key and value create and delete operations map to this event type, which can be useful for monitoring for changes to Registry autostart locations, or specific malware registry modifications. Sysmon uses abbreviated versions of Registry root key names, with the following mappings: |\\n|||**Key name**                                                                                          **Abbreviation**|\\n|||HKEY_LOCAL_MACHINE                                                                  HKLM|\\n|||HKEY_USERS                                                                                     HKU|\\n|||HKEY_LOCAL_MACHINE\\\\System\\\\ControlSet00x                          HKLM\\\\System\\\\CurrentControlSet|\\n|||HKEY_LOCAL_MACHINE\\\\Classes                                                    HKCR|\\n| \\t13\\t | \\tRegistryEvent (Value Set)\\t | \\tThis Registry event type identifies Registry value modifications. The event records the value written for Registry values of type DWORD and QWORD.\\t |\\n| \\t14\\t | \\tRegistryEvent (Key and Value Rename)\\t | \\tRegistry key and value rename operations map to this event type, recording the new name of the key or value that was renamed.\\t |\\n| \\t15\\t | \\tFileCreateStreamHash\\t | \\tThis event logs when a named file stream is created, and it generates events that log the hash of the contents of the file to which the stream is assigned (the unnamed stream), as well as the contents of the named stream. There are malware variants that drop their executables or configuration settings via browser downloads, and this event is aimed at capturing that based on the browser attaching a Zone.Identifier “mark of the web” stream.\\t |\\n| \\t16\\t | \\tServiceConfigurationChange\\t | \\tThis event logs changes in the Sysmon configuration - for example when the filtering rules are updated.\\t |\\n| \\t17\\t | \\tPipeEvent (Pipe Created)\\t | \\tThis event generates when a named pipe is created. Malware often uses named pipes for interprocess communication.\\t |\\n| \\t18\\t | \\tPipeEvent (Pipe Connected)\\t | \\tThis event logs when a named pipe connection is made between a client and a server.\\t |\\n| \\t19\\t | \\tWmiEvent (WmiEventFilter activity detected)\\t | \\tWhen a WMI event filter is registered, which is a method used by malware to execute, this event logs the WMI namespace, filter name and filter expression.\\t |\\n| \\t20\\t | \\tWmiEvent (WmiEventConsumer activity detected)\\t | \\tThis event logs the registration of WMI consumers, recording the consumer name, log, and destination.\\t |\\n| \\t21\\t | \\tWmiEvent (WmiEventConsumerToFilter activity detected)\\t | \\tWhen a consumer binds to a filter, this event logs the consumer name and filter path.\\t |\\n| \\t22\\t | \\tDNSEvent (DNS query)\\t | \\tThis event generates when a process executes a DNS query, whether the result is successful or fails, cached or not. The telemetry for this event was added for Windows 8.1 so it is not available on Windows 7 and earlier.\\t |\\n| \\t23\\t | \\tFileDelete (A file delete was detected)\\t | \\tA file was deleted.\\t |\\n| \\t24\\t | \\tClipboardChange (New content in the clipboard)\\t | \\tThis event is generated when the system clipboard contents change.\\t |\\n| \\t25\\t | \\tProcessTampering (Process image change)\\t | \\tThis event is generated when a process image is changed from an external source, such as a different process.\\t |\\n| \\t255\\t | \\tError\\t | \\tThis event is generated when an error occurred within Sysmon. They can happen if the system is under heavy load and certain tasked could not be performed or a bug exists in the Sysmon service. You can report any bugs on the Sysinternals forum or over Twitter (@markrussinovich).\\t |\\n\\nFor more information see *https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"title\":\"vis_sd_sysmon_event_code_reference\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:00.763Z","id":"7d3955e0-e9b6-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-10-05T19:23:00.763Z","version":"WzU2MTYsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_events_by_computer_timelion","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_events_by_computer_timelion\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(q=winlog.provider_name:Microsoft-Windows-Sysmon, index=winlogbeat-*, split=winlog.computer_name:40).label(\\\"$1\\\",\\\"^.* > winlog.computer_name:(\\\\S+) > .*\\\").title(\\\"Sysmon events by computer\\\").legend(position=nw).yaxis(label=\\\"Number of events\\\")\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:00.763Z","id":"35500920-eb66-11e9-875d-ef4cb6c5875d","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-10-05T19:23:00.763Z","version":"WzU2MTcsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[**Home**](#/dashboard/2ec4b730-eb6c-11e9-875d-ef4cb6c5875d) | [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) | [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) | [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T21:26:26.100Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-10-05T21:26:26.100Z","version":"WzY3NTMsN10="} -{"attributes":{"description":"Summarizes collected Sysmon event data","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":13,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":13,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Total number of Sysmon events found\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"legendOpen\":false}},\"title\":\"Percentage of Sysmon events by event code\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":60,\"w\":24,\"h\":18,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Count of Sysmon events by event code\",\"panelRefName\":\"panel_4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":60,\"w\":24,\"h\":18,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}},\"enhancements\":{}},\"title\":\"Top 10 hosts generating the most Sysmon data\",\"panelRefName\":\"panel_5\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":31,\"w\":48,\"h\":14,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon event code reference\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon events\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\"},\"panelIndex\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_76bd58e2-b637-4a48-ae79-4ca8abeab308\"}]","timeRestore":false,"title":"Sysmon Summary","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T21:25:33.236Z","id":"d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"83d252d0-e5d3-11e9-8f1d-73a2ea4cc3ed","name":"1:panel_1","type":"visualization"},{"id":"6bae6b40-e5cd-11e9-8f1d-73a2ea4cc3ed","name":"2:panel_2","type":"visualization"},{"id":"8fcbbf80-e5ca-11e9-8f1d-73a2ea4cc3ed","name":"3:panel_3","type":"visualization"},{"id":"fb34c760-e5cc-11e9-8f1d-73a2ea4cc3ed","name":"4:panel_4","type":"visualization"},{"id":"4ff18f60-e5d0-11e9-8f1d-73a2ea4cc3ed","name":"5:panel_5","type":"visualization"},{"id":"7d3955e0-e9b6-11e9-92c4-d918939a618e","name":"7:panel_7","type":"visualization"},{"id":"35500920-eb66-11e9-875d-ef4cb6c5875d","name":"8:panel_8","type":"visualization"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"76bd58e2-b637-4a48-ae79-4ca8abeab308:panel_76bd58e2-b637-4a48-ae79-4ca8abeab308","type":"visualization"}],"type":"dashboard","updated_at":"2023-10-05T21:25:33.236Z","version":"WzY2OTIsN10="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_event_summary_image","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_event_summary_image\",\"type\":\"markdown\",\"params\":{\"markdown\":\"![SysmonSummary](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABQAAAALQCAIAAABAH0oBAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAP+lSURBVHhe7P1JcBx7fucJ1mVm6qiLNDrMjNWh1SaT5lCHVlupTzq0prPmJDNlaepW2Sa1mazVh1pkLXWrVFkvU7m+hfvO9/j4+Ehi37mTAEisJPYdiH3f931Fzs/Dg0GP7x8AQTKIjd+PfQwZEfiFIyIQRPrnuYf7P/sNIYQQQgxsb/8mX6xWt7cLpar8j3ytVLeLpWq5sl0qa18bF4pl7VuNMbmL3LF294r+Vb+l/t3Xi9LvK19L5fqi9OU3xvSf3lgIPB6Z1OZfL0S+Ni7oj+fNot72ePRFaQ9AW4Jm7QI+noLyePRb4PHo9208HrmqPh65IzwebVE7Pp6aR+fx6MvZ+fHUFvX6pda+1hduWMgOj0dfMjye0puFaL+p1wsxLkq/V/3xqAvZ/fHoM8aFyNcdHk+5Pqb/dONCtn/zGxnW/5l4I/nvHjn/yzdrf3d55e8ur+7hf76+bnKn5S67LV8u68uU706sRL64a/qy3fx/XFnV/T+vrr3Fa3V/fGP9Z7c25cL5XqvFmzF50hMr0bGlyOxmLBQvyPL1V0B/NfRfvf4AarfUv6u/SV6/IPXXWXsr7vD6vLl7YyHaV/27jUXV7qsvp3H1zULqj2eHRe3weGoL2f/jka/1hdS+yrx81R9G4/HI1/q35B2if91pIdrX2nf1heg/WltCTX1RjW/JmAw37oiP5/UP0ucbD6NxwbgQ7etOC9G+Ghai/e06mo+n+uaC3GhcVOOO6qJkRr7KvfSvjSXIPeWCcSHaV8Mdm74aH49hIY0LcmNjUfpPND4qXMg+Xh/9644Lka/Ghez4eGBRjTu2/PHI7QxgQgghhBCyL5KZkvTk07nghV4rhK7q31/R/MnNDXcoV7//LnhCuQfTgfPd1s9ubOw3fV93r+6Pb2yMLoaXrcnptXru6sj6LiHHC3nT6u/bXKEiUVe7TYNv5lbBACaEEEIIIXtRLFVdwdyzudDpTvNbN/nq3duw7Zm7/Hq7MeCP5u3+7OhC+Jffb71f9/70u81f3THdfOicWosyD8hxp7q9nc6VE5lSPF3yRfLBWCGRLhXLVfkHmC1U5PJu/5TIO8EAJoQQQgghu7JmT319z/5fv1mH0AWhext+98hZX5ABmy8zsRL5ss3042/W36N7xR/fWO8b98lyHP6sYSPZcSWTL0vk1K8cSZheB0ChVJXKle6Vd7Vo92dD8YIzoF2IJosSxiX+FloBA5gQQgghhOzM2FLkH66tQeuCULyg3P3elF/W6fPFSq5Qka/ecP5UR/1Tvhi6qkr6/uqO6dd3TcvWpNRC/VEef/RPKh5l7L6sxZNhBn8k5M0s/zQkcSWAJXe3XGlfJC8N7AnnHAHtlY+liqls+eO9/pXqdiZX/kQCmwFMCCGEEEIQqy/T88IHrWsUQhfU+7bhP93c+PWdrV/d3pKvcvn/vPrOm3x/Iku4a+oc9UhLi/VHecSobv/mpCZENl9xBXPVPbe2R5LFqbXow1fB0cXwvClh9mSk2cR8UTtoln54qvroSadYrsJ/oNmuHdFK38O5sbVfbtTKM1/2hvMSuu5QTgLYE8rZfBm5Rf4NylezOyMBHEkU5eUtFD/Wf/SRB7bpTH8ivyAGMCGEEEIIqSOFE00WpV7+6btNKF5dCF0QulcVQxdUuvfzNtO3D53dz73SAPLAjvgKusTMyEJ4zZ6UTpSH+oGP9Qju2i0NPL0e80Xz9esG5Pm2D3t++t2m0Yt9NvGbe47bT1zfP3bdeuTqeeGd3YzPbcUlj4PxglRirlipL+I1oXhhxZZctCQC0QIkt7zC0ofJTKl+/TCQZ7rHfwiobm/nCpVwohiIFSSDGzemsmX9k7165WZre0Nk8hXJWgldcdOVkq/y2mozwZyMSfpavZkNZ8rhz0oJyxOXJesLbDnyjEqvH+2JhwFMCCGEEEI0/NG8pOZPb27+H1dwt2cIXVUIXRBDF2yO3l/c3jrTbbnQaz3XY302H8rmK3tveDxSyGu4bE1K2DiDuQ/8WK/0oTz3+pUjgAT9nCnxi9umdUeqfpMBqbvP28yN9P2nPf3Zra1ffG86223tfeGTt9zjmeCLpcjL9dj4SvThy+AXbWZ97Fy39clsaHQhPLIQHl0My8y9Kf+v7phuPXK+2ojJjVNr0UVzYsGckNc8mS3XH4p2zq1tyUhJx3TuzY0fiLYRu/Y+1PtWvwzIS6SHrvzuNpxp+SrvAcldSXp5PHJBstbizUjKyoVoUtuoa/ZkbL6M2ZOWR2vxZFzBnLSufJV5CeBNZ3rLlZavNl9W3lryvvrQ/6xCGMCEEEIIIUSIJIpftZuhe0UIXRBCF8TQVW1O33+4ttY16pUVfQk/bdtgoXJMt0pJpHz4I5d2CsYKUkpHp3mk7h6+CvqjO+yCLtV3qtPSSNwdle7dW5gHf3ZrL6/fc4wtRySJZzbjbcMeqeuff791ZcAu2Ty9HpPb665GJ1ejiXffhizvRnmO2UJFalYaVV4KyVH9w9vyXpWUle8mM1r9SujKSyTJqh/FSlLW5E5bfVrcihLAVq9WvJK7Ur/SvZuulFSuHrrOQE6+6w5qH/2Vu2/WbhdlTK7GUrUzPpMPgwFMCCGEEPJJI6vyowvhL9qa6hdCF4TQVcXQBZu7V/zHr9dvP3HPbcVL5ZOzfq/v5iqBtOPWwv0gFR2IFo74fwWQJJOu6x3z/fL2rgULoQvCMAihqyqhu4e/2Mm7T91PZoKPXgUfzwQHJ/19477+Cd/wfEh8Nlf7Oh8aXQxLu6ZzZelbrXKL2n+RkeiVvtXPVCQ5ql+Opoq+aD5S2+1ZGlhucYdyEr3SwPrey3JVXiJ98++6Q0tZ+a6WvrUNvFr6vv4qVWzzaYUs99W/yo2iXJa7yEJiqaLewMVS9RP5yG7LYQATQgghhHyiyBq8rOt/adjwC6ELQuWqYuiCSvf+w3XtqM5PZ0Oy9n/y9u0MxgvhhJYrUkQf+OykfCTG6leOGNJsZ3bZ9guhC8KwKoQuCKELQvHu4O29/OUdk3i+13Zl0P71fefNR67h+fCGM231ZbXtwPmKhLGYzGrKhUhSq99QXAtgGZDWld+XpKy0rnwrnChIJMtArXJTeu4umBNyQbJWLstrqAewtq3Ym9Gi15k2e7TDX+kZLAuUG+VtIO8oeTulstpPlH+/2UKlInnOEH4XGMCEEEIIIZ8cmXxF/7DlfrpXhNAFMXTB5uj9L9+sX+q3DU76XyxHVu1JaYb6YzpxSJno2+iK5Q/dcdXkzqzaU0ezc4Ym/Uq4YuuCMA9C6IIQuqoYuqDSukb17t3DKwP2zlHvsjUpNesN5/V9kuUXrSdxMlOSHpYAlne1KNUqAaxflWr1R7WjW2mh+3rDryxnzZ6S6HUEtC29Wgy76xmsh7FMSgB7wnm5XW7xhHO6Mu+N5OWC9HAmd+RPonXEYAATQgghhHxClMrVeVPiTKflwzf5YuiqKukrBTK6GE5mylxjPzHMbMYkO2vhiqELGitXFUIXNCbujjZVrqrSuiCELvirZr9oM1/ss13otUn8L1mSc1txeRFmt+L6Z4OlhF3BnBSvUzI1nJcAlje8vq1YGljfmVnKVr6uO1IbTi2AZV5uX3Ok5Ba5KhdW7dq3pIGtvowzmBNtvqy2wNonis2ejK8WwJGkdn5gMV88TseKO1wYwIQQQgghnwSSvrIO/e0D58Hv6nyu2/r1PYd0Qihe4Naqk4RE1/RaVJoQWtcohC4IoasKoQti6IJK6IIQuqAxendxy+itx86JlciKLekMageskvoNRAtaAGfL+v7wcovNp23R1Rq4tqVXinfJkpAb5d/msi0p3St3nzfF5atksMxYvBlHIOuLage1tvu1DwbLBbnRXtsvOprU9ogWa5ld4qeC9wMDmBBCCCHk5JMvVgYn/P/49Tq0rlGoXFUMXVDpXvFin21yNSqr/vIA6g/lE2bvU8juh+0POKRWa0nlyrNb8Z4XPulAKF5dCF1VCF0QQhfE0H3tr++YznRatK9dFmhdoxC6YHPi7mhT9xr99d2tL9vM/eO+8eWI9Kq283O6lM5p2349Ie0UR1uutC+Sl4KVuNV2eHZqDSyXJWslbkX9qsWjbRBetiZlxlw7PZJ+o1yWbJaFyFdnIBeMFWTJEtvawbfYwPuDAUwIIYQQcsJZs6cu9Fohd41C6IIYuqASveKNB84HLwOji2F2bwNpV8kYKZ/69fdCFnK4hSMPwObLdj/3Xe63Q/E2hNAFIXRBCF1VKF7w8zbt9MLy9VyPFaJXhNBVVUIXxNw1KtUNXh9yPJsLBeMFCeBMvhKI1g6C5dQ+8esMaAeC1hrYpfWtfJVb9FMfSfHqnwTWhmtfpY3lNRf1W2QJ+l2klqV+I8liNKWdhEk/Ppb8oPqvSkHfUFy/8gnDACaEEEIIObHIKvXdZ26JWCheXWPlqmLoqirdK/7yzlbfmE9WyuuPgBiIJovSLXIhW6iY3JkP2ZabK1SCscJH3Rosb57ptdjTudCLpYgoAbZiS7YPe37x/fts8oXQBaFyVSF0UaV1QQhdUAldEFsXhO41+vldU+eoZ24rLr+sWLrkCuYkbiWJ3SHtY72SuxK3Dn/WF8nruzc3PuIrr7a1dhBpeZ/IZUttw6+o7TL9+tBZYiiu7WIt7ytZghiIaYebln990rr6Rw2KpWoqW5bl6Afukttrv9sWox8JrH7lyMMAJoQQQgg5mchq8akOM0SvCKGriqELKtHb8KsOs82X0de8D5F87ZSt9StHCXlgUj5yQR5e75hPQki//T2Q3oilSh+pOqRnFsyJs931kxvpfftFm1lqsJG7DRuJu6MQuqoQuiCGLqiELgihCzZX7o5i6xqF1kXvvvFMl+XakP3OU/foYlhiWKI3EC1I68qbQVrXGci6aseLNnvqm3y1z/36ta3Boiecl2yubTTWDpQl0SsDUrOSwRLD8l1/tCBjMq/dt3ZA6VC8KG8t/fTR2Xzl3nTg8UxwyZL4SPUrVLc/dN/+g4QBTAghhBByApGV7Ev9toPpXt2LvVZZla//+MNAalDfPVguFEva2v9RQx5eY59waeCDr3R5AIVSVUIokihKOEl9SURJld2bCgxO+MUHLwMWT+bBdKDWrti6Ro2Vu6MQuiCELoihq6q0rlEIXVCpXFVsXaMYuqqG9FX9ot30Zbu567nn1UZMXvw1R8rq0/ZklsqVjpW4FU1u7UBZ+ud+5UbpXptP20FaKlfbQboWwPqkfFfCWH5lMiOXpahlaVK/UtfpXFn/pS9aEs/mQuMr0U3nCTzb9nvAACaEEEIIOVEEooWhSf8/XFvbZ/pi6IJK6KJXZQmrUr/SVPVHcEhUP/IBoqQo8sWq/AgxW6hITB6jnJDuld6Wxy/PYsGcuD7kON1pkZKEahW/aDND64IwD0LoghC6qk2Vq6q0rlEIXVUldEFsXaNYuapK6xr9vA093Wk+32u9OmgfW47MmxJmjxa98o9XP8KzJLHUrCSupK8krnxXetgZ0ApZLm84tYNFS/TKjEk/oLRHO1uSL5IPJ4qheFFqWS7IG7W6vb1sSz5fDM9uxT/2BxPkX8TR3PMCYAATQgghhJwcZP34l7e3WtC9IoQuWOte8dqgfcmSyO5+6J2TgaRuqVyVjJRnKurb3I7F6r6OxIm+k2qlsh2IFaSmOkY8X99zXOqzvQ5XDF2wkbg7CqGrCqELYuiCSuuCELqgErogti6IoQsqrWsUolf1izaz7s2HrqFJ/+Ckf8malKwNxgrBuLaJfsudlqv6B4a1/Z9rW4BlRm9jUd9rWr4rv9NkthxLlSR0ZV4aOJPXTritH/sqlSt/7DOQSb0vWhL1K80Y9304dBjAhBBCCCEnBH80LzEAoauKoQtC6IKvu1f8ybcbt5+4ZE29/uM/DSQiRMlIyWDp4fqtLUKWLIv9qJ3SWLg8hWK5uu5Ine22QusahdAFoXJVIXRBDF1QCV0QQhdUQlcVW9cohi6otC4IoQs2ulf12wfOR6+C4uOZ4MuNmDOgfQxY/28W0rRaEru0Q2HpHwaWr1avtulYildmJEGjqWIoXnD4tWNo+SL5aLIo76hIoqj+x5rK648MtApZWqG4878IeQxH5wDUDGBCCCGEkBPC8HwIWtcohi4IoatqSF/xizaTrIXrB9ohLeRjdPUeSLRIPt156n6n7hUhdEEIXRBDV1VpXaMQuqBSuarYukYxdFWV1jUKoQtC66p+2d7kpT5b13PvyHxYuleUxPWGtXMIy2V9z2e5oO8sLRdsPi2V9auekHbELFGGpYfldulnuWD8jIAkseRx/cqBIH8uMvn6J5MPEQYwIYQQQsgJ4dGrIESviKELQuWqNnev+MVd06NXgUP/xO8J5l23AGfylT3O/rof4unS1UHHftIXQheE0FXF0AWV1jUKoauqhC6IrWsUK1dVaV2jELqqELogdC/4Rbv5XI/1bI/15iPn88XIzGZc3+dZQjecKErEStxq+0I7tcNHy43Sxs5A/bzBG86UL5KXt4eEsc2XMR4cTn7pcsf6lQMhmSmtWJO7bSU+MBjAhBBCCCF7UaluR5JFWXdsnLTmY3+U7r15MvMmgDF0VSF0QaV7//H62tkuy8v1WOgDTt5DPgblSgv2ZV13pCQyIXcbQuiqQuiCGLqg0roghC6ohC6IrQti6IJK6xqFylU1Vq4qhC4o3bujZ7osNx44H74KmmunUJLilX+S8lVyt+7rvaO13aRr+0gnMqVArPB8MeypnYVLR/6y5Q+2ReUvZ7ZQMW6FPhQYwIQQQggheyErayvW5NxWfHYz7grmzLXVyqNZwE9ntQDG0AUhdEGle8XPvl2/88S16UrHUtzqe2JJ58pftJlOUPeK2LpGMXRBpXVBCF0QQheE0FWF4gUbY6c6LLceu57MhuZN8VVb0urLOALaeZL09H0TwD5ts7DU8u0nrmVrslCqtvajv8cOBjAhhBBCyF7IyqIzkE1lyw5/dsEUf7URs3oz9e8dMZ7OhjB3G0Loqird++Nv1q8O2PStRoe+0ea4sF07FdNR3UVgLyqV7bvP3PtMXwhdEENXVWldoxC6oFK5qti6RjF0VZXWNQqhC0LoqjbadUchdEEYNnqu23q53za6GJa/VHZ/1qJ9YDi9ZElop0dyp6WK5avZnZG/YNFk0RvOR1OlT7mBGcCEEEIIIXsRTmjnFCmVq5FEccWWXLQkZA3ySK08ZnLlNXvqwXTgbJf1w7tX9+e3NmWlWZ41y3c3pBj1C8Vy1eLNSGx4I9rBeBOZ0pHdSX5vBib8ELoghK4qhi6otK5RCF1VJXRBbF2jWLmqSusahdBVhdAFoVdBCF1VmAe/6qh7ttvSPux5PBOUt6LNpzWw/BOWP1bOgLZ3tHy1+WonUqpVcTp3+AejOiwYwIQQQgghuyIxY/FkoqmiJ6wdWkac2YxtOFP1bx82klmTK9HP75r+s5ayzRorV1UpXqNSMm7DZwWJkCtUAtFCKluWd8LMZvzFUkRy8flieG4r/mQ29MvbW2e6LGv2lITH0Tnf6buyRwAbK1cVQxdUWheE0AWV0AWxdUEMXVBpXaNQuaoQuiCUKgiVqwrzYKN7Va8N2ceWI45AVt6x+tmD9dNW60oGz5sSrmCu8HH+Q40s84j/9x8GMCGEEELIzkjJyLrjpivtCeVkDTJc2wL8ZCZ4dM58K4/nP19fb1X3iv9wbe3ntzbNniO6j/fBUyhWM/lKNl8ZmvJf6LVeGbCf7rR89u2G0Z/UHJr0y/zx3PSrUals37jvaGX3ikrrGoXQBZXQVcXWNYqhCyqtC0LoghC6IJSqKoQuCMMgtK7qqQ6LeL7H1vbM0zfmax/2PHgZnNnQDmHwakP7j3eBWGHBnBiY8EsMF1t9GjN5/2fy5SO+fzUDmBBCCCFkZyR0lywJmy+z7khJALu1k44URhdC3ki+PnF4yApmJFE81/16n2cIXVWldY1K9+r+9Ka253P9Z3ySuII5uz+bzJTFTVf6Yp9NquOb+w5j8cot0hJzW/Hx5ciqPblgSowtRZyBbH0RRx5p3WSmBEcAlnTpGPGc8O4VldY1CqELQuiqNjJ1RyF0QRhWhdAF9e7dTe0sSt0W8eqgfWIlIu9eeWOv2pKRZDGWKhnPjfTh7HG8gEKpehQOwcUAJoQQQgjZmXyxsmhOSPpuudLSwJI6m87UijWZKxzaPq6ZfMURyC5ZkkOT/s/vmrByVZXWNdroXvGrdvOT2aAnfAh7Pmv7TNYvHg4SuuMrUZsvO7ka/bLdIgUowSBKEenFe6rDrF/46c1NqQib73hvIc/kytFk0RjAyWzZHcp1PfdC64IYuqDSukYhdFWV0AWxdY1i5aoqrWsUQlcVQheEUgUhdFVhHoTQBSF0VWFe97tHzjtP3SML2vHtEulSyw9xp+8HIV3ti+QbC5cLDn82kiiGE4WW/8R3ggFMCCGEELIrEpyygugN56fXomv25KuNWDxdqn/vYJFHMrESlTXaf7y+Lr2KoQsqrWvU2L3if/l6/eZDZ+Dw9usulasHv0K8Yk32vPA9ngk9eBmU6P3s282ffrelVy4ogfR8Mdw+7LnYa12yJMKJ430uqGpV2/wbTb0J4GK5+nwpcmXADrnbEEMXVFoXhNAFldAFsXVBDF1QaV2jULmqELoglCoIlasK8yAkq6qxclVhGDzVYT7daZb3c/+4b3gu9HK9xUe217fxFkragQMbHwqQC3KL/EuXMG75rtfvBAOYEEIIIWQv0rlyMFZYd6Rk7U1W3Q5l28WyNXm609KSj/iCEjAjC2FJ0PpP+gRYtaWezoYkvSR6X4vR2/CXd7YmViLy+sRSJX/08Hd9NyIpCxty90muUImlivJ+1q/KcjK5ciBW6BzxSK/ut3tFpXWNGitXVQldVWxdoxi6oNK6IIQuCKELQqmqQuiCMAxCqapC6IIwrCrpu6PSw6MLYbs/25LDvmfzlUb37oj8FdV/kPZH9cD/+DCACSGEEEL2QlbTZC3tsBLRF8n3jfn+yzfr2Lqg0rpGIXp1f35r88F0IJk54Wc6yuQr8gTlZXw8ExqY8Hc/9+3dvT+5uXGp33Z9yPHNfYcE4aYzJWvz9WUdPaRY5KnVr+wbiZMd38/eSP5cjxUrV1VpXaMQuqBSuarYukYxdFWV1jUKoQtC6KpCrIIQuiAMq0KpghC6IAyrQu7u5tUBm/y1kRIOxgt7F+xuyL3k30ss9WbDr0oiXXIGsoXaf7iRsff7QR8CA5gQQggh5CgSThT7J3z/dGsTW9eo0rpGoXgb/tN3m12jnnlTvP6TjgDlynapdYfGkVVwmy8rTqxEb9x3Svp2jnp3614p3p9//2bn5/5xnyeUS2XLxdp/9Tj4tfP9o2860x9k46TE70e1ui1Lc4dyF3p3D2CldY0aK3dHldAFsXWNYuWqKq1rFEJXFUIXhFIFIXRVYR6EUgUhdFVhHoS+3b/XBu23n7ikhFdtyXf6b3/yRsrs+R+M8sXKqj0p7zRXMJs5pHMRM4AJIYQQQo4WnnB+cNIvVYC521BpXaOQu7oX+2xXB+yX+22dIx5XMHe4B6HZkVY9IHl23z1yGXLX6JvubXj3qfvygE0uXOy1ji9HDvEIZzsi+bH3x84Lpap+qur69f2h74MqX/XCT2bL0vySJRd7be/UvSKELthcuarYuiCGLrhL6J7q1A53LL9W+Xq229K4HYTQBaFUVSF0QRgGoVRVIXRBGAahZj/Q9mH3ijUZTe73DdbYvXlHgvHC5GpkxZqYWovKW65+aw2518EcIJoBTAghhBByhNh0pc/3WLF4dZXWBSF6da8N2udNCQkkWd1M58pHMH1bQr5YkSe44UzfuO9sjt6du7fhF22mn9Tqd9OZqi/rKCF9u+FMSdXXrytIwXpCOfn9vtPGalmsdHUio50CR146uSyvXiRRvD7k2Gf6QuiCSuiqYusaxdAFm7u34cU+m/zbudBrvfHA8e1DpwTwuR6LXPhEuleEdm2VpzvNl/ttEq7hBO4aLcm6/z8p3nBO/pWZPWm7P2t2pyF3tYNjtfSETLvBACaEEEIIOSrMbsX/4brSvaLSukaheHWl64Ym/Wv2pKROfeknkWptG+aSJXlt0HGh1/bz7/d1aKuf3Nz4p1ub0r3iT29uPJkJ+qP5lm99koeWzVcysuAPW3K2UNnj0NP61jZ5EaRjG3Hy1o1pMpDMlKV7daWE5aFuOtMXeqwQuiCELqhUriq2rlEMXVUleo1qcdtukg68NmQ3Fq8uhK4qxCoIoQvCsKoxU1UhdEEYVoVebbWmhhd7Lb0vvFOrEZM7rX82vlR+h/P6Sj/LP7RcoWLzZSSA9beu9g+kduHAdr5gABNCCCGEHAnmTPF//Lr5YFdK6xqF4jUqjefcfZvhicHkzvSP+7tf+D6/a95P9+pK9EpKne2yyIXLfbYv20wTK5H6Ej8YaV1Zjy+UtDCXq/mitqH1YP4bhHHTXLG2gXePMpFvGes3lS3Pm+Jnuiy/vIPFqwuhq6qELoita7QpcXdUaV2jxso93WW5fs9+ZdAmJdy4EUIXhFIFIXRVYR6EUgUhdFVhHlRKtbW+6V5V+efTNepZtSfr76e3IZ0cSRQb24rl7eeL5KOpotxu82YKRS195Q0sA/vP6feGAUwIIYQQcvgsW5Nvtv0qrWsUWldVMubxTLC+3BNKMlue3Yx/3mbs3rekr76912jvC28mV57ZjF3stRr3vZSV8kz+fQ7Pk0iXesd81wbttx67pCr1G2W1Xo/hA0N+miecl96Qx7BbTkiTx1Ja/Uquy4spk989ckH06kLogkrogti6IIYuqLRuw1Odu36ytyGELgilqgqhC8IwCKWqCqELwjColGprxdZVfDN8utO8Zm/64IC894Lxgn6EZyPyT0D+TRnfjXLZG85J+qYNh8KKpYpv3Q4sb1348PC7wgAmhBBCCDl8+sd9ELqqELrgf76+9o/X1x69CkrV1Bd6DKlWtd2G9wjGaLI4PB/++p7xg77YukaNxXuu23Kpzya5e77bKvXbWPOW9Wl9b8wGrzZi8+ZE/YqCrM1LMc5sxu9PB54vhidXoy+WInr6/tN3m+LPb215QvvdAv+BeSwFYvVl6ldq5IoVVzAnASxlmy9WMju9nslMWQJYnnilui1j8p6589Tduu4VsXWNYuiCSu4aPdttvTJg23EnZ10IXRBKVRVCF4RhEEpVFUIXhGFVY3x+BCF0QRiue6HHanKn6++qWtZOrESCsUL9uoKxgeFtKd+S9+He/xzkm2v2pNnwE98DBjAhhBBCyOGz4Uz97LtNKF5dCF1Qulf3Z7c2p9eiEHLHjlK56gzk4EOzsta77kit2JKDk/5TnZb9dK9oTF/xxn2HN5xPpEvJTCkUL+y2ni1BGE4U700FJLHmtuKN9XW5XapyzZF68DLw9T3H+R6r3ro7+rNbW5f67BLGNl82kixKtDsCWanNYlk7zI/8dLs/u2pLrtqTFm9mai1q9mQae4eqyCPd49c6uxXvH/cZn06+WM0VtOiVHydFIU8nkys3vi+Tcln/ALC82nJLoRYd0vBv7V5RCV0QW9cohq6qkru6Z2pHcj7fa706aD/TZdnxwM5Quee6rWe6rPL1qw5L48Y9hNAFYVgVShWE0AVhWBWas9VC6IIwrGo632NxBbP6u0tIZLR/YnJBf3cZkX9N+rm7dkTehMY83g13MCv/oOQtu8c/mb1hABNCCCGEHD5SLKc7zfvvXrGRvmLbM/f+NzkeZaT01uypYPzNFiRfJP/wZXCf23tF6N6GowthWZqsZMdSWvBJDO94wlIZ8IRz0qs3Hjh/+t3m2HJEwnt6LSaRKSUGoQv+7NaW6tf3nOLpTst3j1zfPnTeeuSShGvc5Wy3FtJXBuyS/fVHoCDvjcY+n/LwYL1fbtltu5nkhNSvvJiSu419vGVpUrzZgrbraamsbXOTVziZLfeM+U51Ws72WKF4dZXQBbF1jWLlNvt57UO8xtw1qsfttSG7ROYX7doxrvRbjOp9KyV5bdAhFy71268OOuTy5X67fJVX2FiqIISuKsyDUKqgsXJ3FOZBJTVbK4QuCMOqTfO3HzsbW2XlnbjbwZzhTSr/2CWS5b2905v3Lch7+70/Ws8AJoQQQgg5fPLFiqxWvmv3ij//fnN8ObLHdpVjh55n8oIsWZLD8+HTndb9pC/kLnpz8+GroF6Jsuosa94dI56vOiyji2HpWyjhYKwgt7cNe35WOxWQZHCjV3f0Z0r0gjAP/uyW5qZr5706pRBqm2rriSDPQK7qlwE9d0PxQqOWBXkxRbnd7MlYfZlVe/LVRkyc2YxtudPzpvi1Icf5XtuFPpvee/KatKp7RWhdo9K9Nx86L/RaJW7lMcibf8f0/fq+41SnudG6RvXubSg5er7HJhekeE93WoyZuqONxN1RGAahVFUhdEEYBg2R+TFsCtedhHkQht94rtsciOa1t1zthGT628+I/OuDbcLyZpY3bTRVlK/1mw4EBjAhhBBCyJGgb8wHrWsUuldXKs7uf7Pz4QlAUi0QLdh82aHJQAu6V7y5qXumyzq1FpWynduKbzhTkWTx/nRAOkr69lK/7flSxBfJu4K5vnGffuNbu1f8mdK6RmEY1LtX9xffbz2dDe24n3Olilu6nMGcRLuEbjJbllYX3aGcJ5R7uR67NmgXB8b98lzyxap+dKuJ1eiNB86rg/bG53v1XZ0vD9glfY252/D6Pcfnd81K7hrF1jUKrYu+TtwzXZaLfbbG1YaNxG343SNn40O/xuhVhVJVhdAFYVgVYhWE0AVhWFWpzdaKydosDIMwrNi+Jc5uxuQ9LFmr/5cm+ZKvHd55DyR95Z3c2KlB5vXdp43IcmrLaxkMYEIIIYSQI4GkrLTQfrpXt3fMe8BbTj420r1nu62/vG2SeoTQVcXQBV93r1FZrH7hV3dNksHyEyURRxbC/3RLy11JL2m//aSvLGcPYVjVmL4Nf/69tru1/jo0kJww/orl8oYjJQ3/RZtJQlce+fBcSByZD18ZsJ/utEhIy7N4PBN8sRSR7p1YiT6dC+nFK09Z79691fv2u0cuiUlD7jbE1jV6dcD+/WPX5T6blK32SV1N647pK57rsUryGW9p5K7q+R6rvDGMoasKpQpC6IIwrGrMVFUIXRCGVZXabK1KrDYJw6ow32ytexue6zI9m63vZyFIyr71POTyDg8YTsEtd1EPwF4qV/XzJLUKBjAhhBBCyJEgX6xcH7K/NX1/eXvr7lP3wIQvljrGR3sGZB3XGchd6rdD5api6ILNxauq960oNfj9E9eDlwHJTqmvD+9eEeZBKF7w599vSWi92oiZPZliWYuIJUtyaNLfPux5NBPcdKXXHalFS+JCj/Wbew69deW7zxfDz+ZCXaPe3jHf0JS/c9Rzvtd6/Z6jY8Rz95lb7ntvOiA3do565cIp7TS/WLy6SuiC2LpG9bi90q/V73cPNe88cfeP+/rHfJf7tX2SG4mr7fA8aL88oG31lcvyLOQCtK6qsXJVjZmqCqGrCvMglCoIoasK86CSmq1VidUmYVgV5ptt7l5weC6on8ooW6jY/Rl9i64krvZJdWUfh3SuPLsZC8YKjW9tOFNmz74O8gw7VO8fBjAhhBBCyOEjK4hPZoL/+PU65C54bcjuDGj7POOK5HEmkiz2jfn/6dZeeztj6IJK6IKN7t1RKFVVCF0QhkEIXVVJX6OnOi3dz709L3xfdVjkqoSu7tluq74hVFr3TC2Abz3SAl4a+MlscHQx/GIpMrkalfLUN/nqSgz3jfu+feiUC2e68QBXSuiC9cT9ok3r1cbVc92Wr9q1777ZtHvH9KWE7h3TF3fNUsLXhxznuq3SURf7bOd6rI0AbiTlx+5eEUIXhGGw0ai7CaELwjDY3JktV4lVFOZBGG5WaV309WTniNvi1U7NVShW9a278rVY0i7DIdyWLYmvB22uYFZvZsHmy3jCOxwQTgrZ2M+ynPfbL1qymQFMCCGEEHLIyJrc4KQfWtfof/l67b/eWJfOOQoHu9pttTOb145cpV+WNV19xXcPZIXY5M5Itp3pskDuNsTQVVVa1yiELgilqgqhC8IwCJWraoxe1Ub3NpTo/ard3D7ske6VItX79ot2070p/81HTklNUUK3Y8Rz44GzsbH3Yr/t8oC9bdjTiF5RCV3Veuvqyo8712PRL0sJy2P45p5DSk9P39O1C6fatQCWB/ndI5fMNKJXFUIXhNAFoVRVIXRBGFaFWAWNlasKw6pKbbZWQ6nuIAyDMKwIoQvCcM0LPZZNV+qtfwTC8cKDaX9iH6cud/gz6/akXEhly7HacbN8kXz2dTY3aOyALf+74yZi+bPDACaEEEIIOWT80bwkLkSvKNErLXF/OrDuSFlrW1QOHe3QSplydfs3ldqxlOu31lYrI8liLFXSt/BIDOu3q8i9ZOVVhjtHPZC7RjF0QaV1jULoqkKsghC6IAyrQuiCELogRK+uvsPzjfvOwUn/w1dByd3r9xx6AJ/qNP/yjrbRWL8qt99/GZCxa0MOY/FKEksJ7yN9m7oXlL690Gu7+9R954lbAvhKv/1Sn0283G+Tq1cH7BK3+keRpVSNxasLoQsaK3dHoVRBCF0QhlWhVEEIXRCGVZXabK1Yns3CsCrMNwuhC8Kw4rku0/0pn8WTDsYKuULFeDLqBqF4Qcq2fuU1jYhtICnrCeVcgazNl1m1JVasCVmgO5id3YxavWljBhujV/1xOgxgQgghhJBDZnotCukrfvvA6Qxk1U0ch0smX1+RlY4tFKvyNV+sSP1K8cbTJQlgfSC503lQBLs/e33IcanfJmEAxauLoQsqrQtC6IJQqiCErirMgxC6IISuaiN3v5AgvGv6qt3cP+6b24pvudLhRHFoyj++EpGV+3VHang+JJfvTwcevgo8X9I+A7xW+3jwyEJ9L2iJ5LM91nM91vO92mZhuSxxe+epe2jS/1WHpbl4dbF1dbVjSg/Ztc/x3jVL2Urxynvy2qBDove7hy4p3gs9Vm3zb+2IVsbWNQqhqwqhC0KpghC6qjAPGjNVFUJXFeZBJTVbK9ZmszCsCvPNQuiqwjzYPCwZ/M2QTao1kijKHwr5i2H8D2eZfNnuz0STRXlv65uLK9VtdyiXzr35AyJ/bfzR/NRq5MViaGjSe3XAMjDuebURlSSeN8Vu3LctmuPG+bfCACaEEEIIOWQkdM90WRrp++s7W/em/OrpQI4gss6aK1QqtTVXWQeVAE5myo5ANpIs6gM6qWzZ7MlImEluQfHqYuiCSuiCELoglKoqhC4IwyCEriqELtjo3oanOy23H7uWLMl8saq9trVa0P8rg1yQeCiWq4mM9jrLgLywEg9Z7Twy2nb1RLokl+XFlx5esSUljEPxgjecvzbk+PqeQ9p4eD78+ZvDO2uVe6nfdnXQduO+4/KATf9kr+6v72pHdZYUP99jlQuSwXJZ297bZ7vQa/v1Ha1doXWNGhNXVbr6q3ZtQ/FuQqmqQuiCMAxCqapC6IIwDCqp2VqV2kRhHoThZpvDdQdhHoThZq/2W20+/VPBlXCioP1RqG3p9YZzk6uRl+vR2c2Y2Z2OpYqZXPnepM+4WbhQqkroPpsLXB+0nu7YuvXILg3cP+bZcqXmtmJdo67J1fCyJR6MaYuVfxES1fF00ZjZAAOYEEIIIeTwyeQrJndaEmVsOSJJU7/1WCEZHJcAy1ciiaKshuo3bm//Zs2ekoiSVoToFTF0VZXWNQqhCxozdUchdEEYBqFyVSF0QYhesPu5V8JVXsmw4ZU0ImEsVSDFKy+vXJaXPZktS/rKcDonASDvpYy87A9eBuUdZfdnN53p20/cEm/6eXcblSue6jSf7jRfH7J/fU/L3S/aTOe7m85d9FW7+UynRTtic+3jvhKQxtBVhdYF9b49122V5TRyt2GjUXcTQheEYVWIVdBYuaowrKrUZmtVgrNJGAZhWFHp1SZhGIRh1Y66nSNusyetb+aVd6+UsCTx9FrEHczObEQfTPtfLIaWLAkJ4I5hl/St/lYv1Y6IvmJLjMwHH0z7+sY83z92nO0yXegxSQZProQTmZIs0xPKrdoS8pdzxZqIJArPZgMyry9BhQFMCCGEEHKYyOrdyUCeiKyMSoxJhuWL2nbI6fXY7ScuiSLoXhFDF1Ra1yiErirEKgihC8KwKoQuCKELQujuYO2jvOd6rAvmRCxVktcQTotarO0pKi+vvNryOm8402PLkbvPPLrfPXJ9/9jVOeodmPDfuO/Ut/ReG3K0DXsu9NqM3Qv++u6W1K+eu5ckkg0B/Mbm0AUhdEEIXVUoVVCL2w7z1/cdxtxtCMOqUKoghC4Iw6pKbbZWJTibhGFVmG8WShWEYVWYB193r9Fz3aae5+7Hr/zi3afOTWdK/lz4wrmzndoHhkfnQ/p/7nEFszcf2pOZUuNvYyCan1gOT61G5MZQvHC5z3zroX10IWh2p7SWLlXt/sz4cnh4LjC7GZV7yRJu3LPJd+v3b4YBTAghhBByaMgK3m4HdpbOKb3tGKqHTrXadDKSRLoka6iBaGF0MXy+xwrRK2LogkrrghC6IJQqCKGrCvMghC4IoauKoQvWurfhqU5tU600sORBpvlwYtFk8eYjl3Tvii3Z9dz7eZtZPbTVtw+cgxN+KV6p2dotWuK2D7tvP3Gd6pRbmtJX/O6hS+5ysbZj8w4qrWsUQlcVQheEUgUhdM90W+EWmAehVEEIXVWYB5XUbK1KbaIwD8Jws1CqqjAPwjCoRC9qGJYG1v9rzv0p35lO09UBq8WTTue0HZhXbQmHP2M8opW0sff16ZGcgcymUzsidCZXfrkeGRj33Hni6BpxSV1L+urH0Pr+kf1Sr7lxFyMMYEIIIYSQQ0PW1BoBWd3WLovFkrYKp+/mWv/eESBfrGYL2obHBpWqts+z/iFVQep3djP+eCZ4oRfTF0MXVEIXhNAFoVRVIXRBGAYhdFUhdEEMXbC5e3Ulfb9/4pILp7ssvWO+qbWYtO6cKT6xGpXivf3ULcV7ttv65c6HszKd6bLeeuy61N+0vfeLNqlih/xqHr0K3Hzo1G883WnRDnM1qB3LSlJ5x+6VFJeI1b82olds9O1uQuiCUKqqELogDINQqqoQuiAMg0pqtlalNlGYB2G4WUN57izMgzCsCqELwnDNy32WQDQvfzqkgbdcqTOdW1LCxXJVAtgTzvkiOePneCOJgnFvCPlDJH8lo8ni9Fqkc8R1pc/sDmYld+Vvpnwrlio+eunve+G+9ciuNjADmBBCCCHkcJBVvZR2yJaKrOfJmty8KbFqTy6Yta+RRNFQmkeCQlFWTN/kriAPWypdv+yoHcfrJzffpXtFpXWNQuiCUKqqELogDINQuaoQuiCGrqrSvQ3P91ov9GmnLNpNKF6wFqhv0lc81225PmT/7qFTuvrGfcf5nvpHfD+/a/pSWrStOX1fJ648Binkq4N2KSv5Ku2n3w6hC0LoglCqqhC6IAyrGktVFUIXhGHV5tRsuUpwNgnDIAwrKuXZJAyDMKwKoQvCsOKLxZD86cvW/mPf9HrE5E6lc+VFc1wuSwYXipVkpmT2pCV9pWn90bw7lJVmlmDW/+xI7ErfzmxEH7/SjhpYKlflW8lsKRwvSD/L5JIl3vPcDWdaYgATQgghhLSe7W1tA2n9ikJt84V22GQJSFm3m16LDc+Hx1eiU2vRkYXw88XIsjVp9WZkpbBU2d5jOQ0aP06+7HH40w9BfoQ0cP2KgWKpuuVOf/vA+Q7pq7SuUQhdVYhVEEIXhGFVCF0QQhfEylVVctcohK4qtK5iU/c2PN1pvv3Eda7beqZ2ICvVqwP2rlFv2zO3NGQjgM/1WCWuGlchdEEIXdVGo+4ohC4Iw6pQqiCELgjDqs2p2XKV4GwShlVhvlmlNpuEYVWYByF0QRhW/Kp9U/dCj6lj2KVv2k1kShuO5LI14Y/kGzs/S/eu2RP6Z4M3ndphn7dcKXtt72j54ymJu+5Iyu1SwvIHULo3kiikstqx0PW7CzI8sRyWBpYBiWq7L8MAJoQQQghpAVKqmXxFP8apoJ2rJq2dx0hqVNbGoEmlUUV/NL9gTkg9ji1rxTtvSsxuxZcs2oW5rfjESjRX1BYoa4ey8L2jVsbiae0AVK5Q7sA+ORxNFp8vho3pi6ELKq0LQuiCUKoghK4qzIMQuiCEriqGLqi0rlGoXFUldEEsXhByF9WO/KyVnpRkI3cbQuiqGitXtRGo14cc+o8wCqGrCvOgHqi7CaGrCvOgkpqtValNFOZBGG5WqU0U5kEYBiF0VWG+2Ub3gt2jbqlciyc9OOGdWo34wk07P8tfT/0cYOlcWWY2nEmrV9sm7ApmTa6UM5CVrNUntc2/mVKhdlgsuSpVrC9HBmT5L9cjVwfMV/pMDGBCCCGEkBYg614StPr6lnyVFo0ki7FUMRQvBGIFvV9lTU5XLsvtIwvhidXo09nQs7nQ1Fp00ZJ4tRGT7n2xFFm2JSdXtQ3Css4XTRXDu+8Rra8oyk+Un+IO5eRrKFHU1//026WNDSuTrUGejhT7mS7LoXevCKELwjAIoasKoQti6IJK64IQuqASuiCGLoihCyqtaxQqVxVCt+H5Hpu0pVqqF3pt39x3aB9drt0CoQs27rijxkzdUWPlqsIwqKRma1VqE4V5EIabVWoThXkQhlUhdEEYbhZyV/VUzeuDlqnVsPzNtPkyJncqHNfO6yt/aqRj9Z1l5Kp89UW0jweXK9VlS3x2MxpJFDadSX0TsaDvFJ2tbVJOZbWdovXbBenqieXQ3FaUAUwIIYQQ0mJkdW3TmfJG8rGUdlTk+q2/+Y10rN2f1YtUWndsObJgSjx4GRic9Ev0Lpi1LcAvN2LD8yHJ4HlT/Nl8aHQxHIwVGkFrRG6UH5SU5clKX+0URP5oQb6aPRm5iz4jWS4drm8/eStv2cr8mkC00P3cK5mEoauqtK5RCF0QSlUVQheEYVUIXRBCF8TQVVVa1yiELqiEriq2rlEMXVBp3YanOy21jx9brw3Zbzx07mj/hG8PByZ8Q1P+gUm/XFDtfuH79qETlCq+2G/T1U8OvIcQqyCELgjDqkpttlYlOJuEYRCGFZXgbBKGQRhWhdAFYVgRQhfUu9fo94/snlBO/p5tuVKrtoTkq/yJk7858qdJbpE/qtofz6q2U4xcuD/lHZr0umqnEZZvaalc1epX+lkGoqmitLG+L7R8KxjL6//lUWAAE0IIIYS0GMnOaLIYT5f0s7bKLbLuJTc6AtkVW7JUW4eTvpX0fTobejIbfDQTvD8dmNmMjS6EH74MdI54xlci646UKLe8XI/tmKayauiP5j3hfLZ2GC25RX5cNKXtCG34BF1J1L+7B/LwZE1R7qg/2h2Rkh9ZCEv6ft72tvRVWtcohK4qlCoIoQvCsCqELgihC2LlqiqtaxRCV1UJXRBb1yiGbrNnu7S4FbW4feC8+cjZN+7rr3l/2i/VKj6eCcqbTXu/bcS23OkdjSSL762UCSxNXLYl9R8qygPQH4l4T0L6dTm3j3jkAYvXBm2X+m3ne6zN4YqtK57tsl7ut8sF4+SOKrXZWpXgbBKGVWG+WaU2m4RhVZgHIXRBGFaE0AUhesGr/ZbptcjUqvwBTLoC2czrALZ607ObUfmL1+hYeUctmGIv1yPuYNYdysothVJV/vDKsM2XfjCttbHcIn/TpKUHxz3RZP0/CzKACSGEEEJahqRmoyClQqOpovSnFK9c2HCmPOGcrMBJZ6ay5cnV6OhiWBp4disuGfBiKTI8H3q+FJ5YifQ890oGr9lTcpclS2JsKZLJV2RpErrGbbmyIihXN11pUQJD6leuJjIlGZPvyiORNb9grCBrhHK73Kjf3sAY1fLwgvGCcXdBQB7J1UE7hi6otC4IoQtCqYIQuqowD0LoghC6qhi6oNK6RqFyVZXQBbF1wUblftFmkji81GeTxO0c9Wpx+zIgMSnvMb0wJ1ajjfJsdOkev/RDJFfQ9lzQdQSy+mOe3ojJPxm9k+9NB/Q8vvXYdfOR6+qAXYr3XLf1fI/t63uO7x65JPWhdY0qqdlaldpEYR6E4WaV2kRhHoRhEEJXFeabhdAFIXT39mzn1vBc0B/JN/5MyV+2zdqnf+UPXf2m3/zG5NYOiyWpvGSJF2pHTJD3c7lSlTAengusWOPyRpK/k1Or4fHlsL4zTr5YYQATQgghhLQAvTalbI1hKemrb4OV6E1m6x9jk6tWb+bZfEg7uetKVBJ305nS9oiuNfDL9diyVfsA8MhCeMWWlMvSxnKXdK6s7fCc0XZ41hcuyCUJV7s/K53gDuUS8lMyZflZemPLql597je/kYSGAG6Uj+RxJlfecS9rQdY7pcalITF3GyqhC0LogsZM3VEIXRCGQQhdVQhdEEMXVFoXhNAFldAFMXQbft621QjdjhGPhK7UoDTh41ltE+6iRTusmjeck7fEbr/TE0C1uq3nsdmDbSzBPzTp737hvfnICVuMldRsrUptojAPwnCzSm2iMA/CsCqELgjDzULoqkLc7tMznVujC8E1e0L/QIczkHn8yt/7wi0XtDfA9rbYP+Z5MOWd34p2Djufzfr1/z4YiOZtvrT8nVy3JxbNMbmq/0PQd2/ZcCQZwIQQQgghLUDiNhArGHc2lkuy4qUHcDKj7Q4tM3KjrLLru5u+3IhJ906taQ0s3Tu+HHk2F3oyE5QSnl6Pzm7Fp9e042BJBsuKvixYclrW6iSwjXs0S9a6gjkxFC94wnmzJ+OL5BsdLl8LxfoxUVWkkGWVUf8Ucf2m18jtnlDu3pT/XLcFi7eh0rpGIXRBKFVVCF0QhlUhdEEIXRBDV1VpXaMQuqASuqpNuStpdKHX+s0DR18jdGtvHv344Sc+dN8DvY31Pa61g8zNheRFu6/tU+2XJL5e24+6uTw/XCU4m4RhEIYVleBsEoZBGFaF0AVhWBFCF4SgfQ/Pdm49nQnUGjg/sxHVb5QLmbz2960WwO6+F+4FU0zqVzS7U/KXNpIoSPdqpxEuVVdtibmtmJ6+clX+AsstDGBCCCGEkA9C6lHf8gDnH5JVNAnRaKqofVI3lNNLWFbCpHtfLEWeL4Y3nalFS0K6V+pXekZuXDQnxJH50KOZ4JPZ0MxmfHg+rB1EurbAXLGSyVfyxfrnivWvskony3eHcuKaXfvYsASw/FD56foDSNQ+2ZvJNW2a1pFanjfFDXtta8iwN5y/9cj105tK8eoqrWsUQlcVShWE0AVhWBVCF4TQBbFyVZXWNQqhq6qELljbuntX27p7fcjeMeIZnPQNTWvbdSfXtF2XQ/GCvgcBeQ/SubJUsbyMc1vx0cWwvLD3p7WPGbcNu7+573jfJFaCs0kYVoX5ZpXabBKGVWEehNAFYVgRQhds5GtLrJ0o2Nn7Qgvd2i0bs5tRkzuVyGhHOliyxCVop9fCLxaD9ya90sBjS6F5U0yaecuV0neWliSOJrXzJMnfuViqKGHMACaEEEII+SD0BNW3wsk6lqxqS3bq21TlqqylyZq3tgm3qp3MI54umT1pyd0H0wHx1UbsyWxwbDmy6UpLAD94GZgzaacCnlyNSv1OrEYfz4SWrdpxs2SBwdqJjvRdl+XHSdlm89rRtsKJokSvzZfxRwu1bV95VzCnbW3WVvi03aH1zbxywbiBWpA7XuyzTa/H9Kvy8ORnXRmw/frOToe5UloXhNAFoVRBCF1VmAchdEEIXVUMXVBpXaNQuapK6DZ5utN8sc/67UPtqFSSZPdfBkYWQvJmkF90rHYeafKR0P9hyr+aFXtKS+Lakbe6n3v30cNKbaIwD8Jws0ptojAPwjAIoasK881C6ILGav0IbojXBy0j84FFc0yi1xfORRLaAQ7kVyl/CbtGXbcfO54vBBfNcalfVzDri+Qy+bInlJtei5hcKfmD2fgvfQxgQgghhJC3o2w91ZAolQSVyNQOxVzbOpfIaKf/jaaK8IFbSdDa9tuyDMhVkzst9StV+d1Dp7af82p0yZpcd6ZGFsLP5kJSpLNbcQngNbt2iwzL0sqV7U1n2uHP6psB5ZZkRvugr/5xX5sva/Fm5LIsXx6PlLA8hkJtW7F+iyec05bzehOirAzK6qDc/uu7pmuDdrlFSuC7R84d0lcJXRBCF4RSVYXQBWEYhNBVhdAFMXRBpXVBCF0QQrfhqQ7L5X5b27BnaFI73LH2qe/aUZflbaP/NxRyWMg/KHcopx2YutbD8gvqHPV8fc9xsdf69nDVNFauKgwrKsHZJAyDMKwKoQvCcLMQuqpKrLZWLX11L/aapH7DiYL0rTuYHV8KzWxE5Y9wqVyd3YyOLYVs3nQ8XT8coPx9C8cLkyvhieVQLFWUP5vaH8N0KRQvMIAJIYQQQt6CrDzli7UNvK93PNapbmtnHpKMFOVCqbItnWn3ZyU+5apxUnpV6lRujyaLmXzFGcjem/I/fBl4PBO89dj1eEY73+/L9Zik7/hKVG58sRQZq+0aPbYU0XaBrm1JlguekLZpV8pWVuOCsYIsU89dqzcj35USTmbKmVxZhuV2SV/5WfomYsljieTGYbFkgaJMysP4+a3NR6+CN+473il9IXRBKFVVCF0QhlUhdEEIXRBDV1VpXaMQuiDkru6ZLsv1IXvPmLaN99GrwNxWzBHISm7pvwtyNNF7eNGifSRB7+GOEelh+/keS3N/QuiCxsmdVIKzSRgGYVgVQheEYUUIXVAp1db6pnuNXuje6n3hWjTHNxzJ4bng8FwgldX+HUnvGg8ZbXanXIGMzNh9Gbms/2dH+au4Zk+Y3CkGMCGEEEKOHLIak86VG815uOgbUWXVSnJXmjOR1i4bkcjUt8oWSlUpUqlNVzAnX/UbhWLt7ETJrLb5V8JVviv98/BVUKJXP8jz/enA07mQFO/UWnRuKz6yEB6c9M9sxm2+jCzc+OP0/aslbtfsqVV7StJXHo/Ur9mTkSVL0MqLph/aSiZlDV6+a3KnpbfXHdpJlWRS7l5fVg35iS3sXhFKFYTQBWFYFUIXhNBVxdAFldY1CqGraizez+9qZyT69qGzf8I3OO1/Nh9a0X5Z9f3kyXEkli7JP9t5c+LRTPDetL9nzPfNfceFHn3j8I4qvWpUqc0mYVgV5kEIXRCGFSF0QaVUWysWr2J9sve5e2I5LHGr79WyZIk/XwiWK/rHQyrzW9EFU0z+DMrVQDS/aI4VirXzIa2ENhw8CBYhhBBCjh7Sci+WwpJ/Um6SlFJ0h5jBEsDRVFHSN5PXklLCEg52pW/XlfUwuV3f4uqL5OWRS2rqu+fp22llTG6XMJYMnt2KS/FOrNQ/6PvgZVCUFevnixEJYLl9ej3W+LxuQKo7ox3ISn60XMjmK57ap3zlayRRlBK2+bKOQM4ZzOl9LmOFYi25MyUZW7UlpX633Gm5bKl1sr5YmZFHdanPtp/uFSF0QShVEEJXFeZBCF0QKlcVQxdUWtcoVK5qI3q/er1v8+CUX6J3bDmi79isv9rkJFEoVb3h3IIl8XhWO/GSHsP72lNaqU0U5kEYBiF0VWG+WQhdsFGeH00IXRCGNa8NWJ7NBkbng/IXT98jOhjLh+L5DUdSojeZLcmfX/lr7Allly3xh9PeJXNsbCnIACaEEELIkUPWWiR9Jds2nKmX61GJN2/4zb5th4KUraxj1a80I11qctcOWSSJm9S2/ToCWbs/K1Eq8SPpLvUr39UaOF2y+bPyXJKZsjOQk0CSypX6HZ4PP3oVfKg1cOD+dEAa+NlcSJaZK1QkoeWOVm9GFit3lNyVq6K+MVnb4TlbfjobWjAnZFh+ivxo+a6UtjwYueCN5GU5q/akRLIEudSv3ChdLQ0sN44uhK8M2KByVSF0QShVVQhdEIZBCF1VCF0QQxdUWheE0AXrW3rbTBK97SNa9D58FZje4L7NnxylctUfzS/bkk/mQkPTgb5x37cP7Jf6JYbfqV2bh0EYVoXQBWG4WQhdVcjOVguhC8IwWB+b2YjIL6JYqpYr2v4vK9b42FIokigUStrluc3ooinW+czx9aB5cNw9uxFhABNCCCHkCCGdKxlp90lAZrZcaVGybWYz7ovk6xMfDVmR1U+bsRsyIGtXxuMoy0XJTmldqXRnMGf2ZCQ4pVc94VwwXpDOFMOJoi+alwuS0JKpUr/6Ea084fz4cuTxTPDlekzSd3g+JEX6dC4kF2SBkqyyZIneQKwgOb1sTUozh+La1mPJYLmvJK7+GeC5rfjsVlyGRRmW0JUGkzvKpLxo8gJuOrX6lXV0eQyZXFmWdqXf9qvbW6c6LdC6RiF0QShVVQhdEIZVIXRBCF0QQ1dVaV2jELqg3r1nuiw37jsGJv2DU4GJ1ajDn20cXYx8yugxvOZIP5sPDU75e174vhmynes2Q3O+EUIXhGFVCF0QhhUhdEGlNltrI3F3FIZVm+bPdG56wzn9V1AoVoKxfM+oc9EckxuHJjxdI07p3unV8IIp+mIhMDwXYAATQggh5GghkbnhTEnUSVVKPWbylSVLwuxJ17/90ZCVV0nT+pXXSO9KterVm8lrH77VL8uw/G8qW5bHJo9WqlLr1UheLmgbbGvtKg0sRpLaAbFkUv/8p57ZEsAyP7kaHVuKSPc+Xww/ndUCWJL42VxI2lW+K89dTGbLErqytC13esOZlvSVnyIr2fJIZMmSuPLT5YUSJZv17c8S4XIXua/UrzweUe9hbSGu9MW+vbb6QuiqQqmCELogDKtC6IIQuqoYuqDSukYhdFW/bDdfHrB3jmpHb34yG1qzp+SXq71FCNkJ+ZcuATa7Fbs/HRic9H//2HWp11KPTwhdVUOm7iCELgjDihC6oJKarbUpXHcS5kEYfuOdJ/YNR9Idys6sRxZNsbnN6Io1PjIXkBJ+vhCYWg3Ld5Pa38Cc/PFkABNCCCHkaCFhKQk3vRZ7tRGTC1J6EyuRA9gCrCI9nC9qVSyPwbgPtuSr9GSgdlZeyUt5bHJVrO1arEW7zMtVSWSpZQn4eFr7BK+2x3KmrH9AV25ZMCcGJrTjyj58GXz0Kji+EpHml7tPr8fku2IortVvpnbUq2iqOG9KSGyvOVKecE5uSdR2dZbilQCWGBO1rdCBWn4Hc6LcIrmr7fnszcgqePuw51Sn5auOXbf6QuiCUKoghK4qzIMQuiBUriqGLqi0rlGoXNWz3dZbj90SMPemA/KrkReWB7Ii74qk14Yz/WQ2pJ9a6fqg7UynEr2iEqtNQuiqwnyzELqgkpotF5O1WRgGYVixbV083b5+97H96YxPund8KWjzpeXrpZ6t2c1orlDxhLJzW1oVO/wZBjAhhBBCjhZSmlKJUncrtuTYcsTqywRr+w/Xv32ASLVKjctX/XjUOnKLrM42dm/WZqpaD2tbfWvHuJL6lXyV7i2WqxJLMlCpaJuRpVrlW2I0WYwktYNXSdM+mwuNr0Q3XWnJV3mashxtIFWUtJbWaixNGls6dtWmfZo3GCtIGPujeZtPO/izxZPZcKTku5K+5toO2NK9+g7kMiMvoCQctK5RCF0QSlUVQheEYRBCVxVCF8TQBZXWBSF0jX5R29jb9dw3NKUdnVvSRX4L9V8/IR+A/EFw+LMTq9HBKX//uO+b+/YLPa83C+8hhC4Iw81C6KoqtdlalVhtEoZBGFasdS/Y98I1sxF5sRB4sRh8uR55Nut/uRZxBjLSvb0vXKPzAbmRAUwIIYSQo0ipvJ3NVwLRw0nfvZGalSLSYjVdO/1v7aS7gVhB9EXz0dpu0vJd/Xy8+l0StQNBy42SvvKk9NCV4rX7s1K5ckFS1lY7T69M6vsti5LBclWUAelhfQOv3F2vXxmQ4pULksRS455wzq0dGlr7MLAsU149eemu33NA8epC6IJQqqoQuiAMq0LoghC6IIauqtK6RqF1jUr3Xh2w94377k0HZrfi3nCu8esjpOXIv+IFS+Lhy8DQpP/uE9fFHuWjwhC6IAwrQuiCSm22ViVWm4RhVZhvVoleo5f7TKu2xORKeHgu0PfCvW5PyNUnM/7uUdeyJW71pj2hLAOYEEIIIUeRAzjsc3Vb+4hv/co+kIeULWhVGU+XUjntM73SsZK7Ep9yY7myLd+Vb0key7C283Nt72V9z2fJURmWyWTt6M3+aGHDmZavEqvO2gd3JXFXbanHMyEJWlmIya1tv5W7yGVdX0T7ULE3nHf4s/o2Xn2fZ7ldW2ztuNDRZFEWLg9A5uXGp7Mhqdn9d68IpQpC6IIwrAqhC0LoqmLogkrrGoXWNfrrNtNlQ/fKy67/ugk5GOSvh/yLfjwTrJdwrxlb16gSuiCELqikZmtVYhWFeRCGm1VaF309ebHHdPOBbX4rOjIfeDDtnduKPpv1d404TS7tQ8I2b5oBTAghhJBPFH335vqVXahWtyUmtYitnZEoUDvwsrSlzZ+Vy7F0KVw7yLPEpxSvqC9QUllWamOpktSUM6CdIalQ1I6DZa8djyoQLUijTq/HFi0JyVeTO+MJ5+WOcrntmVt6WO4ui5Uf1FCyWZQB/cO9+id+5au+BVh+irYZOVaQHyHD8q27z9znepr2fIbQBaFUQQhdVZgHIXRBqFxVDF1QaV2j0LpG9e7tHfMNTgVebrB7yeFjLOFbj5wXeppLWGldoxC6oJKaLddQqjsIwyAMK0LogjBc82zn5q1HNgngJ698z2b8LxYCG46EmMpqO+YwgAkhhBDyqfDW3DVSKFUjyaLJnV61JUOJorSrXJXQlViVRhWlfuV2KU9RkliaVlat9M2/8jWa1G6XXpXila9yL5lxh7R8tfqykspSxWe6rGPLEYt22qS89G2+WJEZKdhsvn6hUb+SZ3KL3EVyVx6SJK6uLM3kzkiK69uKpZD7x/3/dGurJd0rQuiCMAxC6KpC6IIYuqDSuiDkbkO9e3te1LvXG85ph/Mm5Cgh/+RXbCl972gp4T1OpAShq6rUZmvF8mwWhkEYVoTQBWFYtW39ar9J6nd6NbxsiZndKXcwK6+t/O1lABNCCCHkU2E/ASwTEkQSRY7aCXWlObe3tTMzpXNl+ZaUrWStXNA/9ytdGogWZEzqVG/UYkk7V7Csv0qRSu7Kt+Sr2aPtrqwd+ypR1A+UJbGaypZHF8OjC2H9p8i8fJXqlvqVSWnmaKqofag4krd663s7u4O5VXtSrkoDW30ZiXDJcn2jtCh3fDobOvTuFSF0QQhdEENXVWldo5C7DfXu7X4u3eufXtdOEMruJUcf+UuyYEnoJ1L65r7dWMIQuqBSm61Vqc0mYVgV5puF0AVhWBXm29a7RpwTy6FVWzyhHY2/Kn/JGcCEEEIIIW/Q94sWJUf1WySAJTKlV/WrDSQ4N11piVuHXzsBr/75W1m7ksv6aXgt3syaXTs9by2VC7L6JZmq7ThdO7CzKMOygqtvQM7ktPvKjCxHZoLxgh7A3nBeoneudlZkWbL8uC13WpYsVzec2qZgmZFI9oTzE6vRn9/egtYFoVRBCF0QhlUhdEEIXVUMXVBpXaOQu0bP91o7Rr3sXnKsiSSLegkPTPiuD9pOd2Dx6iqp2VqV2kRhHoThZpVwRWEehGGwff3rIbMvnIuni4vmGAOYEEIIIWQvJIalUbO1fZt19LiVjnUGtONRSe5Kpkqyyo2i3a8d0Urf8Pt8MXL7iVvCWPpW5rVDQMtw7bzBshB9K7HcJVLbj1rS1xPKbTi08/dK00oAm93pTWdKAliWM7UWre3wnF61p1ZsSbmXRK8sUxbuDOYGJvw/+37X+oVSBSF0VWEehNAFoXJVMXRBpXVByN2GX7Sbv7nvGJr0Dy+EXEF2LzkhyN+W6fXY4JS/Y8R9sddyIN0rKsHZJAyDMKwIsQrCMAjDqu1vHJ7ze8M5BjAhhBBCSBN7dNJ2beNwqVyVCj3fY/31XdPlfrv07ZPZkM2X1ZUo1eM2ENX2TJZwlYqTAEvXzmzsj+YTtfMh6ZuCpYT1PZzlFlmvlQvL1qQUr8zL7XKjLEQuSCSvO7STBs+ZElK/lto2501XWnp4w5mS9L1+z/FPtzB6RShVVQhdEIZBCF1VCF2wqXJVldAFIXeNnu+1do56700HFiwJednrvzxCThCFUtXqy+iHy/rmvu1cl0nJzpaoBGeTMKwK881CqYIwrArzoKF7G57t3Hg6648mCwxgQgghhJA3FMtVCd0dkdszee0MwNLAUlZjy5Ev2y2ffbspSoXKKqlk7chCeMWWlO/qR7GyeDM3HzodgWxGAjipBXAyU5KKluXoOz/LjL59WK7KmLP2eWBJZT2SZTn+WkiLskB77czAMr9qT95+6pYClxSE6BWhVFUhdEEYVoXQBSF0QQxdVaV1jULrGv2yw3LrsZubfMknhfyhmN3SNgh3P/de6bcoCfp+KrXZJAyrwnyzUKogDKvCPKhEL3i6ff3WAysDmBBCCCGfOhK9+vGr6td3QZpKj1Ip2ErteFqhePFcj01v4KdzoWy+8vBV8NqQXUpVmlaGg/FCIKad+zdb0MpZbpFO1o4XXTstsFbCtfMJy9JksYl0ST+dr0zKVxmTnyi3y73kFqsvE6kdHGvLnb7Yb4Po1YVSBSF0QRhWhdAFIXRVMXRBpXWNQuuC8mr0jHmHpv2LVu0/Pei/LEI+HUrlqiuYHV4IDUz6vn/sONf9fhuEldpEYR6E4WahVFVhHoRhUAldtHmeAUwIIYSQTx3pTGnLTWdavtZv2gkZk8SVNA3GCpK+cqFQrEq13psKfPfI9eu7pkevguPLkc++3bj9xCXJKkUt3SuV+yZxMyV3MHdlwHal39b2zL3hTEncSujq35IIDye0jwGHEkUpZ3kw8uO2t3+jnUM4V/ZF8mPLkf4J/+dt5hZ2rwjzIIQuCJWriqELKq0LQusarW3ydcka/8hiWNb+ucmXEPlLsmBJDE37e8e81wb3v0FYCc4mYRiEYcXm+ERhGIRhVQhdEIZfywAmhBBCCNGIJrXDUNWv7IQkllSoI5CT+jW5M4FoQVY3pW8lU+XClit9ussiyffLO1tSttGUdlDoUm2HaqlcizcjVx2BrKTvw5eBVxuxvjHf0KTfE85LHsvdJZgDsYLZox1Dyx3KydLkqyxEfqIUcrFcfTIbeqfuFSF0QRgGIXRVjZWriqELKqELQuuCF/u4yZeQvfCEc/oG4Rv3bWc6IFkbKsHZJAyrwnyzSnY2CcOqMA9C6IIwrMgAJoQQQgh5C/pWXOlY7WjPtXMUSZ1Kr2r7Kqe17cDeSD6ZLeeLletD2vGoni+G/dG8DCdqJwResiSs3sy8KX65z3ahx6o3m5SxL5qXhej7RWfyFSlkWaBEb+eo985Ttz+q7T6tnT8pU4L6hVgFIXRBGFaF0AUhdEEMXVWldY1C6IKf3zVdGbDJOv3j2SA3+RLyVmKp4suN2MCU7+4zl2G/aKU2m2z07W7CfLNKbTYJw6owD0LoqsJ8s6drnwEWGcCEEEIIITuj7X5c2zwrFRpOFJOZsjSqpK/dnw1EtUNSSeXKd0vlqq7cpX/M9+s7pp98u/FiKRJJaNtvpZClh7UjV9mS1wYdodoZlfR4k+XL0kJxbUuytjd1RjtPkix205nueu6VJUhXx9KlFVvyV3dMR7l7RQxdUGldoxC6ql+2m288cAxO+sZXIsF4ofbLIYTsC/mDs+ZIDU37u5+7r/SbsTnfCKELwnCzSm2iMA/CMAiVqwrzzTa6tyEDmBBCCCEEKZarUqTJrPbJWylS/bDM2XwlGCuY3GlpMElTaWBRVi7zxUqlul3d3pavM5uxs12WM52WwQm/3Ncd1A7aLJUrV1+ux+SCLFwWq/8Ihz9r8WjnQIqntQ3F0WRxw5lyBLKSxFZfZs4Ut3gzq/bUxV4bxKpRCF1VmAchdEGoXFUMXVBpXRBCF5Ts/6rDcnfYPTDlmzXF5SWq/XIIIe9Mtbpt92cevgr0T3ivD1rOdDT6E0IXbIztohKcTcIwCMOqELogDDcL0WuUAUwIIYQQ0kQmX9lwpj3hvLRrJFk0ezKSrBK3hVJVitQV1LbZyo1SrRLA/mheS9/KdrGkfdx30ZLofeFdsSXDCe0zwM5grnPUK5cl5CTn+sZ9yUx5ej0mbSzlLN+VRZUr23oDy8+y+bIL5oQsZN2Rkh8xtxW/0GuFZG0IoQvCMAihqwqhC2LogkroghC6oLxQ4vkea+eoZ2jav+FMyStf/90QQj4M+ZP1fDk8MOn77pF9zxMIK71qVAnOJmFYFeZBCF0QhhUhd8FTbWsMYEIIIYSQJorl6qYrLeYK2qbdfLG+x7KgV+uKNekMZD3hXLB23GbJY/3svjKwaE7I7XIXCVq5u5TtqU7L5X77z77f+slNrSov9dt/+t3m/elALK193FeiV7I5VTvXkdWXke6V+l2yJNbsqZ4X3rPdFghXEUIXhGFVCF3QWLmqGLqqSusahdAF9e4VL/Xb+sd9D18GrF55WZm+hLSedK48uxWXDG4fdl/oMWawEqtGldpEYR6EYdBYuTsK881C6ILSvQ0ZwIQQQgg5mejtqnfpOyHRZXKnpXIDsUKqtrtyA2ljVzAn33UEtP2iQ3HtOFj+aF7yVe4lPyuR0bblyo3ecN4dysmNd566JX1F6V6JwOdLkZnN+Jluy/RaTHJa+lkWIj9FvsqSPaGcxZuxeDLdz71KuGLrGoVhVQhdEEJXFUMXVFrXKISuqt69n7eZrg3aByd8IwthT1jbV5wQ8lEpFKubrtTQlL9zRM9gJVl1ldpEYR6EYdCYuDsK881C6Koa01eXAUwIIYSQE0i1up3MlIvNu85KEu+nh+Ve0qKr9qQkrhTvtuEe2ql9a4drDsYKUtcSunoDZ/LatmJ9plCqSsduutK+SF7ua/Vmesd8P7+9JQH8q7umF0uRh6+Ccvn6PUckWZQAFuUuyUzJ4c9uudJS13NbcQnC1+GKrQs2EndHIXRBqFxVDF1QaV0QQhfUu1dP31uPXYOT/qnVaCSx15moCCEtp6Tt87JLBivB2aRxUhWGVY2VqwrDzULlqkL0GmUAE0IIIeRkYgzXBnKjKGWrH4kKkDyWapVkdQZz3nBePdGODGhHbC5ph8jS986V9JVbKq+7Wi7IkvVtudFk0R/Na1t0vZnni+GvOszSvQ2lP9cdKbmLzL9cj0n0rliTIwvh6bXopT7tqFcQuqCxclWNlbujELoghi6ohC4IoQs2uldP35uPnJK+s1vxbKGiv4aEkINHz+B707UM7t6C4GwSQlcV5kFj5arCsCKELgitu6MMYEIIIYQceyRH1VjdDWnUTVd61ZbUz2Nk7ORworhsTdp8mUSmJFmrLlNu0fdwlgaWQs7mK8a7S8JJzcpMsVSVkJ5ai67ZU1K5rzZi4vhK5EyX5ee337Trtw+dM5vxe1MBuXx1wC4Dz+ZCF/ts0LpGG/fdTQhdEEIXxNBVVVrXKIQuaOxePX1rZzbyz2xou4LXX0FCyKEif76s3syuGQyhC8IwaKzcHYX5ZiF0QUjcvWUAE0IIIeTYox+BGSiVq6msdn7d+vXXyKSEruSrI9AUwNKusuYn4VqubEvZ6ht4VSR9pYElj2XhmXxFP/uR3C73kiXki9VgXDtF8IotKUE7vR6b3YrPmxKTq9GXG7Gp1eiSJdE56ukY8ZzubDrAlcTt1/cc2uGylOgVjZM7CqELQuiqYuiCSusahdBVxfS9a/rmnpa+8mrwzEaEHEEaGdz7wnu5d/fPBusqsdqkMXF3FOabhdBVhbjdjwxgQgghhJwcpGY94bxEbO3YVNqnc+EoVg1kUiq38SFhSdlVe1LW+aRs5XZPOCe36N8yosezM5iLJIvJjNbA8iOk4sRArCA/2h3K9U/4L/bbns6FJIAnVqMr1uS8Kb5mT0n6Tq9FpY3XHSm5ccGcON9jhdBVhdAFIXRBqFxVDF1QaV0QQheE7hUlfSXyByd9TF9Cjj56Bt/XM7jP/G7dKxorVxWGm4XKVYWmfScZwIQQQgg5KlS3f1Nq2qf4nanUdlGOJIr5YjVX2GEr7m5LD8ULy9akdKl+SOdMrmw8XFahWC3UUlmWL11tcmdWbFoty71Mbu1gV4FoQXpYL+GZzfjYsnaoZwldmy9j82Wn12KPZ4KPXgU7hj3yU+a24g+mAxMrUYnkkYXw/enA6U5LC7tXhNAFMXRBJXRBCF0QoldX0vfaoH2A6UvIcaORwT0vPPVDZCm92qSxclVhWBFCF4SUfT8ZwIQQQgg5ZKQtM3ntfEWxlHYOoXTtpLgf1MG7ID2cLexc2Mls2RvOS9BWKtuywle/9TXRZFEelX45li5tudMSt/rm4mLt7EfGZRZrh3R2186WJDOLZm3/59mtePdz71cdZuneeVNifDn6dDa0YE44AllJ4vO99c/9QuiqQuiCELoghq6q0rpGIXRBKF6jVwZskr4vliI8wjMhxxdXMHtv2tf+zHWuYxOqVdNYuTsK881C6IJQsB8oA5gQQgghh4w7lFt3pryRvMmTkfSVgLT5spnXwdlCjBt1gcZhnI3IPGxDrlS31+wpaTlPOC/NnM1XjPtRG5GnIH0r6ft0LvTwZbBz1Hup337jvnbE47HlyPhKdGYzLm3c88J3tlvbERpCF4TQBSF0VTF0QaV1jULoqkLuGr08YBucYPoSckKoVrflb/XQlO/7R/Yz+qZgY+LuaHPoghC6qtCuLZEBTAghhJBDplCqpnPaqYOcgZyUUjhRXHekYqmSuiW2JciS5UfsEcMNcoVK0RDAmXzZ6stI1m6505l8pXau4NSGM+WL5BvbhwVpZvkRI/Phu8/c3z5wji6Gh+fD3c99Vwcdt5+4+yf8T2ZCcovUb/dzL4QuCKELQuWqYuiCSuuCELogtC54vsfaP870JeQEUihWF8zxwUnf10MWzN2GSusahcpVhWRtrQxgQgghhBw+EpDu2olzA7GC2ZNZs6eMSdla4umSN5zf8RhXglS3/nFfFSnbRKYkX2UgWTvZrzuYkxiWpek5LcGczJQd/uzMprbD85UBe88LX9szjxTv+HL0/nRAbqmdEin+dDbUOeqB3G0IoasKoQti6IJK6IIQuiCErupXHebO556HrwLBWEF/3QghJ49soTK5Gumf8F0ZMO+ze0Vj5apCqbbaVV0GMCGEEEIOmUp1W2JJutcXyVu9GXHNkcoXW3ZuWGlpfUdl4+bc3ahub+9nbHtb62F/VHvAsiIol6V+pYc3nKkNZ7pz1Huq03K22/r9Y7dE7+V+e8eI90yXVW6Z24o/Xwx/2W6G6NWF0AUhdEEMXVWldY1C6IJQuTu59Xnb1nePnYNTPos3U3+ZCCEnmliqODwf6h3z7nDSYIMQuqBSqq213r0NGcCEEEIIOXzKlW1nILdiS67ZU/5owRvJ17/RCiRTt1xpXzSfypYlU+WWQvN5g+VGZzC3n52iAYlquZcsdtOVlscsMTxvSsxsxoemAneeuiV3rw46fnnb9LNbW3JZ+vZSn+3VRuzGfYcxekUIXRBCVxVDF1Ra1yiErqoSuuCW7pUB68Ckb8mSKO3jPx8QQk4S8tf1wUt/x4gbjo8FoauqxGprxfTVZQATQggh5EhQrW4nM2UJ0XSu3PJDQOeL9U/z6kuWcJVOk8v6sa9cwdzsVvy9y83m007tu2hJ6B8Jfrkek6uji+HP295s5v35ra3zPdZz3VapX2naQ+9eEUIXVEIXrHeveLbb3Dvuk+f78fZaJ4QcfSzezL0pv3Z8rA4MXVAp1daKxdssPwNMCCGEkKOERKl01HtsjFWRRYl66KrIrfp+y9FkcdOZlgZ+152updj1H+GL5OdNicczoSVL0uROy+XaGYCzN+47pWM7hj2yUjg46b8yYJerb+1eEUIXxNAFldAFIXRBJXRV36Tvl23mtmHP/Wm/L9rKLfaEkGOK/FGdM8UHJnxX+swQvWJzprZcCF3V+iQDmBBCCCFHCwngQvFDd6OVOk1ld2nf18gPSmRKNn9WClbM7nJYrN2QStcXn8yWny9GJlej0r1zW/FXG9oW4GVrcmw58vBlQK6OzIe/vqft9gyhC0Loghi6qkrrGoXQBZXKVX3TveLnd7duPHAMTvk2namPdLBuQsgxJZYqPpkN9rzwnO/ePDrd25ABTAghhJAjQaW2QVXI1Y4pVbvt/ZFF7RFm+aKWxhKuUqrZQiWSKNp8md22AMuA5/VxnlXk0W660gvmxPRaTBpYAnh2Kz6zGZ9YiT5fDG84U/3jvi/aTNC6RiF0VTF0QaV1jULoqiqhCzZ1r+6FPuvAhG9mM/bh/52CEHJSsXgzg/UzBmOCtkgIXRCG38gAJoQQQsiRoFLR9kl+182w+6dY0nZ41i+nc+VUruwIZB+8DGw604VSVepXfrS6xTiSLE6vx0zuzI4BLAuU1h1fiazZU9LSi+ZE7SxHsSVLQmK4ttuz7effY/HqQuWqYuiCSuuCELqgErogRq/u6U5zz5j36XwoluLZfQkhb6FQrM5sxgYmvFf6TFChHyCELgjDqjwIFiGEEEKODBKgu52D971phKsEcDxdkguZfGXRoh2r+cWSFq7jy5Fla1LaW01cmZT6nViJ5nbaOFwsVyV6JXen1qLzprjUryxHuvfJbHB0IfztQ6dUKESvLoQuiKELKqELQuiCSuiqYvQ21PZ5nvY7g9n68yeEkH0QSxUfzQS6nrvPdW0oObp/IXRVYR58M8kAJoQQQsjJQRJavm7XjqSlt7S+Ybl+ubrtjeQlU6Vp9X2V502JJYu22dbqzfij2seAGxms7SOdKQfjhR3rV1bpXm7ExpYiL9djU6tRWZTJnV6xaQEsXf3oVVDd8AuhC2LoqiqtaxRCF1QqVxVz1+i5bkvfuG98NcJ9ngkh74f8hRyc8n330PaOe0S/CdddhHkQhjUZwIQQQgg5ThTL2hmM6lea0bu3Wt0ulqqZfEU/2a98le6VDM7ky1vu9Mh8eHotKtErGaxvv100SwMnpYfDiWIorinDcsfdPvSrY/Zkns2Fpte1z/1Or0cXLYkNZ0oCeMGckEW1D3skWffTvWJT5aoqrWsUQldVCV0QW9for++Yvrhr+v6J6x6P80wI+WAKxar8zewf3+ce0RiuzcIwCMNNMoAJIYQQcpyQOhXrV2obdSV3pVf10/xK/UroxtOlVK4sY4FYYWYzZvdn/dG8tO7YUkQ/R9Fs7VjN0qsv12NSv+LUalQCOJEuxVIluRBJFvUF7kYoXpCQnliJvFgKy32leyWqrd6MdHXbsFvf/AuhC2LogkrrghC6oBK6ILYuKOkrXuix9k/6PuQMyYQQAsgf2IevAu3PXGd2PkA09mqzMKwK802erskAJoQQQsgRJZOvhBJFids9kJlgvOCPFiQ+tcNIb/9G6ldaVKJ0ej0mjaofmVkCVdJ305mW2/vHfS9rZyrS03duKyGTcrvNl80XtQNl+SJ5WcjeW4BdwdyiJWH2pGc346MLYfkRkr5rdu2YzxC6IIYuqIQuCKELKqGriq1rVO9ebcNvm6ljxPPwVVBWVetPmBBCWkS1ur1iS/ZrpwtubArGWFVsJO6OwnCTevc2ZAATQggh5IgiLfrWD51K9EqvRpNFyWBPOOcJ5aRdF82J8eWIpKkU6YZTOzizvtVXGli+3p8O1D76mzS5M3K7fqNE7PRazObLpLJlqb69t3nmixUp3qm1qKzDSWMPz4fk7nL5yWwIcrchhq6q0rpGIXRBpXJVsXWNNrpX9/KAbWDCv2rnCX4JIR+RWKr48GWg/Zmz9qlgrNbXGitXFYZRSF9dBjAhhBBCjjfZ2nmD88Wq3Z91B3OZfNkfzY8uhldqm2QXLYmt2nl69Y29EsMbzrR0r+6rjbiUnlyQfB1bikgDS/1qHyTe3pbF7rjxORArTK9rh3qWAJZQ7Bjx9I75RhbCXc+9F/ts0L0ihi6otK5RCF1VJXRBbF2j0L3iV23m7hfeZ3OhREY7XDYhhHxUXm8K9l7p22puVwhd0Di5g1C8IAOYEEIIIccYaVSpX/laKFUD0cJSLXcnVrRP5y5bk+LcVnx8JSqhq1WuVfvQr9mTmTcl5IJ8V+ZlUvJYbpTvyuVgrJArVDL5SjS1w8eA88XKC62ToxvO1JI1+WgmKA3cP+57PBNsYfeKELqgErogti4I3av7zT2HPBeTO11/qoQQciDom4LbtE3BO34q2Ci2rlEIXbAxxgAmhBBCyElAqnW1thPy6EJ4ak07wNWmK/1qQ6vcRe3IzInZzfimMz29ph8KK147/JV2LGiJYYlkCT8ZHpcAjheSmZI7lJN1sni6JA1s3A4cSRYlgPXtyXpdjy6Gbz50Xuitb/vF0AWV0AUhdEEldFWxdY1C8TY83WnpG/ONLUeyhR1O+EQIIR8bfVPwwITv2qBZiV7xTb6qQuiqwjwDmBBCCCHHg9LuJ0ASpFqfL2oHeRZnNuP6Aa6m17USXnekpHslg+Vb0q61DwNryu1yWWakY+Vbk6tRyeBMrpzOlWOpklzQL8tXPYJL5e1Vu9a9ckfR5svK5fZhzy9vmzB0VZXWNQqhCyqVq4qtaxRyF7w+ZB+c9DmDWf1lJISQwyKWKj56FewadZ/r2Hhr94oQuiAMN2QAE0IIIeR4kNX2TC7Xr9QolqqifjmZKY8uhFftKQnaseWIXNYzWEr15XpMulcq9/FMcGYztuVOb7rSG87U1Kq+p7S217RclQs2XyaeLvmjeSnh6TXt5EaOQDZX2y4qCewN519uaKdNsngzMqDXL4YuqLSuUQhdVSV0QWxdoxC6ql+0mzpHPcPzYYl8/TUkhJDDpVrdlj/j/RP+a4MmCNeGELogDKsygAkhhBByXMkXq42TFUmmzpsS+pbeVxvaRl3tY7oWbavvvEnbw1k7N9Ja9PlieM2ekrKdXo/q5+81e7T6HZz0f/fIKX7/2HWxz2Y8i++dp26pxK7n3hsPnE/nQlZfZnYrPrsZvz7kwNxtqLQuCKELKqELYuuCELroXc0LvdaBSZ+saOqvHiGEHB30TcG1TwW/2Q4MoQs2xnb17oouA5gQQgghxx5912jp4U1nenwlMr0ek6bVd1SWAF61JeWqtK6EsVxYsSWlhJet2oeEJYwt3oysaUnx6ja6V2x75nm5Efui3dy45dqg/dlc6Kt28+lOi8Qkdq+otK5RCF1QCV1VbF2jTZWrWute8Ys20/dPXPdfBmQVU3/1CCHkqFGtbi9aEv3j3ks9G9C6IIYu+Lp7GzKACSGEEHIIGI8s1SrKle1QvBCIFqRvp1aj+hGw9CNd1Tb5apuFJ1ej86b49HpULusfD5YMlgvfPnA2Krfhnafu0cXw949dUsji3afuX0rHQvHqNocuCKELKpWriq1rFENX9XX6iqe7tONdzWzF9/g0NSGEHBGCscLApP/mAytEr4ihCyrd25ABTAghhJBDQD3D0IeTyVes3ky+WAnGCya3djKk2c24xZPRu3fRnBhdCNeqWDsitP55YLmqN/DIQvirjjdbeiUUL/bZvmw3Xx2w97zwXuixdj/3rtlTVwftrepeUQldEFvXKFauqqF7db+57xia8vN4V4SQY0ShWJU/3V3PPec61t/evaJSvE22MYAJIYQQckgUS9VK9e0bgnfcVmy8sVzZ1rdnyo3ZfCVXqEhdB2MFidul2mmBV6xJcXpNO+TVoiUhHbtiS0oSS/fKVXHVnhxdDEvufvvA2TvmG5z0P5kJ6luMN5ypyZVo54jnxn3n3Wfu/XSvCKELKqELYuuCGLqg0r3iV+3m7hfe4fmwrErqLxohhBwjNp2p/gnflb4tzN2GELpg2xsZwIQQQgg5HPJFPKrzjqg761a3tx3+bDRZlAuyhEKpfigsuSoXpKszuXI4UZSC1T/oKw287kgNz4ekh19uxCR9n9fO5asfDeuFdlrgxJI1+c19Z/+4T5Y8s6GdK1jC2OLJ6DMPpgPSlh+4yVcJXVVsXaNNlauqRG/DC73W/gm/rD7qrx4hhBxHYqni/Zf+24/tZ9rfp3sbMoAJIYQQcmhU97EFWKVYrsZSpUiiKAmt5nEqqyWxrCpJ2b7aiM1uakds3nSmJWVX7fUzA0vuLpq1cwJPrUW1LcC2pETvQu0g0jKjbzc2ezIbztST2dC3D5ySkdC6RiF0QaVyVbF1jWLoqirF2/CLNtOdZ+5Hr4I83hUh5AQgf/Dlb3jvmPdC1zq2Lqh0b0MGMCGEEEKOOuXKdnWnPaHV+tV3h9Y3CEeSxTmTlr6SsiZPRqo4ECtI9JrcablRqnhiJSq5KyUsoSsZLLX8eCY4taodH2velJB7SQl/c98BudsQQldVCV0QW9coVq6qkrtGP28znem29I1rx7t6v//KQAghRxNnMDs46bs2YMLoFZXcbbI2wwAmhBBCyFFH2rXy+ny/grSwnsPZQkVvXUFuyeTKuWKlUcrSzMlM2ebLbrrSa46UJ5yXALZ4MxLAogTw1FpUQnfZmpTWXbOnns2Fni+GpYen12Pi5Gr08oBdShK6V4TQBZXQBbF1QQxdUGldo/JodS/22WQF0RPK1V8LQgg5QaRzZfmL3THs0naH3l/3NmQAE0IIIeSYkS9W9KNn6dGrb+GUQs43H+EpV6hEk0VHIOsK5tyh3IYzpVk7ObAE8Ko9ObESXTBrR8CSAF6xJZ/MBIfntQaWy+MrkW8fOlvavSK2rlEMXVBpXbCRvuKtx9ppfhOZUv2FIISQE4f85Z83JfrGvBe617F4Gzanry4DmBBCCCHHBineWKooWds4fHSxVJXSy+Qr+lUjsnok34qlSlLC4qYzbfVmxpYjk6vRJUtixZqUGJYb9SNdPXgZeDwTHJjwP18Kz27Frw6+2fYLoQsqlauKrWsUQ1dVaV2jxu4VT3WYu1/45DmqO4cTQsjJwxPKDU7qR4d+S/c2ZAATQggh5NggAZzKlvOv93OubmtbfcU9PuaazpXlLvF0SVo3FC+YPRl3KGf3Zxdqn/J1BXOSuyML4e7nXgngwUm/XO4d80lbQuiqKqELYusaxcpVVVrXKHSv7rkey8CEb83Boz0TQj4hEpmSfnRoCF3V022aDGBCCCGEHBvgUFjSvXufSVgGktlyMFaQAHYGsnJZX0C5sr3u0A4KPbYcGZryP5sLvViKSPoOTPgv9dt+tWf9KqELYuuCGLqg0rpGoXiNfn3PLk/EF8nXnjchhHxClMpV+QPeNeqpfyR4p+5tyAAmhBBCyOHQHLP7QoJ2j429u5EvVqPJYiJTyhcryUxZjKWK+keCbz12db/wji6G24c93z9xQ+saVUJXFVvXKIYuqLQuCLlr9Mt2U/uI5/FMMJ17+0mVCSHkpLJqS/ZPeC91b+zYvQ0ZwIQQQgg5HErlHc9t9FGoVLUjQstPdASyvkg+kizObMZebcSezoVGFyODk/7P28xQvA2V0AWxdY1i6KoqrWsUWhf8os18utPa88L7cj2695ZwQgj5FJA/7wMTvusDJoheowxgQgghhBxv9rNNOF+sSgAXSlUxX6x4wnmzJ9M56u0d88nXLzssEL2iErogtq5RrFxVpXWNQuiqSvqKl/psfeM+iyddf5KEEPLJk8qWH77y33niON3e1L2n7i7rMoAJIYQQcozZ3v5NqbzfjZ/a4bK2t9O58qo9NbYceToXGpjwf9HetO1XCV0QWxfE0AWV1jUKlauqd6/uzYfOoUl/NFWsPzdCCCE1KtXt6bVoz3PP+c71Rvc2ZAATQggh5CQjxaufE0ja1x8tSP36o/nRxXDnqHdkIfzl6/pVQlcVW9cohi6otC4IoQsau1f8qt3cMeJ5NhfKF3c4+RMhhBDB5Er1jXsv9WADM4AJIYQQ8kkgAVwsV23+7LP5sKTv0FTg+j3HB27yxdBVVVrXKIQuCN2re6rDzA/9EkLIfgjEtI8EX+7dYAATQggh5JMjk68kMqWZzfijmeC3D53XhhxK6xrF1jWKlauqtK5RCF1ViN6G57qtfePeRWuy/pQIIYTsifzZ75/wXevfYgATQggh5PhRrmz7Ivl4ulS/vjsyqe/53CAULyxbky+WIlcG7EruNsTWBTF0QaV1daVdrw85oHJVja2rerFP6tdn82Xqz4cQQsg+SGXLQ1O+b4ZMDGBCCCGEtIztbe3TtvUrH418sWL3Z7P5t3/2VQ1ghz87shC+3L9b/WLrGsXQBZXiNXqp3/ZFu+l0pxlytyGELvhlu+b1IfvgpD8Qy9efDCGEkH0j/6/x4KX/5gMLA5gQQgghrUENzkNBO8qzkuFySyZfmV6LXeyz7bN7v2gzXb9nP91pwdYFldw1qvftxX5bo3WNQuiq6ukr3nrsujftT2Tevt2bEELIjsj/Qz2eCdx+YmcAE0IIIWRf5AqVWKq445GHM7nyzGbMGcjWrx8ShVI1lS2rG6KTGXl48eY9n7F4jUrZnum03HnivtxvO9dtbSpeXaV1jULoil+0m64O2t9cVVrXaKN7xa86zHeH3Y9ngvvZ6E0IIWQPKtXt54thBjAhhBBC3kK5su0O5vrGfKc6LB0jnnCiGE+XoqliOldOZkrRZNHkTg9M+BbNiY+/E/ReyMrNjrthW32Z19t+sXVBY+Weajdf6rOJb25UWtdoo29VJYDP91ohdEFj9+qe6jB3jXrHliNHYdM6IYScAOT/JhjAhBBCCNmLbKEyPB/+2a1N8Wy3Rb5eHbR/c9/x9T2HfJUefjIblEiT+j30LcA74ghkv7nvhNAF3yTuaz+Xpr1jOt1p0QK4OXRVIXdBCF0QorfhmS7tgM/z5kT9aRBCCGkFDGBCCCHkGFMoVcuVj7LV1R3KTa1FX23Ehib9Er2/+H7rq3azZKFewro//35zYML3YimSypblLodyZlr96e+25XnDmbrUZ4XcbWgsXvGLu+bz3dazXdZz3dabD5xyVeL28oDtdJfFmLsNIXRBCF1VKF6j53qs/eO+LVeq/jQIIYS0CAYwIYQQclyR+i2WWr9zrCOQ7Rjx6Bt7G37VYb7YZxMbt/z8+y1RJpesyY8U4XtTKlcz+Uo8XQrFC3KhfqsBhz97cZf6hfTV/bJN2+dZ6vfKgF2eqSSunqnG6BUhdFWNlatqDF3VL9rNF/qs/RM+dyhXfxqEEEJaBwOYEEIIOa5I/bb8M7eRRLFt2N2o3IYXeq3ilQHbmS7LqU7LuR7r1UG7ODTp33SlDyWAi+VqqaJ96DeVLcvl+q2v8Ufz1+/Z99O9b6z17fle6+V+2+0nbrksT/PyQH0XaKhcVQhdEEJXVdJXvD5kH5jwRVPF+tMghBDSUhjAhBBCCNGQnN5ypaX9IH0b/vz7LenAs91WPYB7XvgmVqLjK9EFcyKZKX+MBpaslcLX1cnkK7nC24+HHIwVpCSleL/QulTbtCt+JZ3Zpu3FvWP3NrzYp521yHjLtSH7hT6rsXWNqqF7utNivLq3evfqfnPPfm/azwM+E0LIx4MBTAghhBCNh68CUrl61MmFs92W012WM10WKV5R3+HZaNuwZ3g+/HQ2NL4cmVqLmtzpUrnFDax3b7W63ajrbKFSeltphxPFF0vh54vhqdWoOL0W07/qt8xtxa8POXZMX1B/Kb7sMH9z33F1yH6q06zfottIXPBUh+X2E/eFXhuELmjsXt1vHzkfzQR3PMsUIYSQVsEAJoQQQogWme21PZ+/ajdL+p7rsV7qt9186PzukUs83Wn5vM1srN9f3jFdHdD2fx5bjvij+XSunMlXWrI/9m6nMlKRKXUncKnf4fnQy/WY1Zux+bIWj/bV7s9uudKzm3GbL+MK5l5txLpfeL/qwA/3inKjPPHvHjmv37PLiyBX9dw93/vmslTuV+2Wb+47jd3bUOL2TJflfI/VmLsNIXob6vXL0x0RQsjHhgFMCCGEHBuk9j5SI8liO0c9jV2df3G7HrpXB+3tw57TXZbbT90SgdKE2oeBe6xnuyxtzzzecD5fbNnjkfTN5iuxVGnHI1rpyEzjWNOZfNkXyRcMhwGTq3eful8sRtYdKSneFVtyYkXb9rtqT0n0ylXp4U1nWqJ9dis+PB++8cDZSF8p2yuDNvHqkPbZZonVKwO2s91S/jtv8pUGNl41Vu6OQvEavfPM/WSW9UsIIQcBA5gQQgg5Nkj7tTA4ge7nXj16jf7qjvaZ2NtP3N8+cF7q07YJfz3kuP3Y9ehVUGqzfs8WIQuMJovaFuCdTqekb+qVL/om32LtENCNqzqOQFYemJ6+y9akvufzkiUhuStX12pVPGeKT6xGX27E5rbiM5vxF0uR3jGvnrjneixftNdzt6GxclWhclWhdUEZuDvsfr4UaVQ9IYSQjwoDmBBCCCEaOwbwL2qer234/fqe41y3VTsKdId5aNJfv1uLkL4NxQtwMGeJ20y+XChq8QuHhvKG8xZPxnhALMlmWYIrmDO5tb2dH88ERxbCG86UxZtZMCfGlyNyVb5OrkYfTAd6x3xSxS/XY9PrMZmE6BUhdFWNlasKoQvqM191sH4JIeSgYQATQgghRAMCWE9f8Ys208Ve2/Uhh3y9/dh1qc92bdC+5UrX79Y6jNtydUqVbQla/bhQUsL6BW0/8Mr2piu9bE0m0qVGPfoiebM74w7l5FvSvdK3+o7Q0sOvNmJPZkPP5kNPZ0PDCyEp3ocvA1Nr0YnV6LDcOBc63/vmIM8QumAjcXcUQle1MSn12zninV6Lsn4JIeQgYQATQgghRKOrFsCN7m34+V2TeHXQLg38ZDZo82UjyQM6S60kcWN3aLngj+ZT2XK2oJ0JKZktGw8HLW0s3btqTy1ZEhK9m870lltLX1Eujy6EpXKfL4WlhCWDx5YjC+bE5Gr0xVJELrcNuy/0WSF0wUa47iaELgjDev3Kg6k/ekIIIQcFA5gQQggh2uGU700FrgzYoX7Fi722y/22Gw+covRk/Q4fk91OKSzdK0oVp3Nl44ZTiWGrN2PxaG44U+sOLYNnN+PSwGZPZs2RksvSui83Ymv21LO50LwpvmhJLFkTckFuP9XRdDgroxCuqhC6IAzrnuowd79g/RJCyOHAACaEEEI+deLp0sCE//qQ48Z9p7Su3r2/vmOSWquFnOkXt7cevAyksvWdkD82b90rWBq4sb90sVyV0JXolQZetSelbOWyFO/4SmTTlZ5YjcoFqWIJzoevgqOLYcngZWtiwST1q02e6955268xWVWNlasKw0alfnteeFftqfqjJ4QQcrAwgAkhhJBPmlyh8mIpcmXA/s09hzSwdK8WwLe3TndZLvXbtJMe9WmntJWGrN/hiJHMlCV0t8Ta3s7yddmW1E50tKkd7XlqLaof/3l6LSrl+WgmKIU8vRYTJYk7R7wt7F4R5sHTneaeMdYvIYQcJgxgQggh5JPG4s08fBl4PBOUPrz12HW223J10P7LO1oD68rl6fWYfhaio0BVHsrrx5LKlk1uLXpfbsQmV6P6Ps/zprh+ECx52JK7C2ZN/aRHEyvR0YWwTEqFSjZf6rfvp3tFCF0QhsGvOjT1+l13sH4JIeQwYQATQgghny6RRFGa8NGroATw7ScuCeCLfTZj/X7eZhpdDGeaT0F0uMiDSWRK+vmQY+mStK50r4Tuq43Yii0p1jJYOxD01FpUu+pK68fH2nSmX67Hns2FZjbiJnemf9x3rkfbuL2HELogDKvq6duoX277JYSQQ4cBTAghhHyiRJLFF0uRBy8DXc+9naOeu8/cX99zNNJXlMabXI3CCXgPkVS2HIwVYqliKF5IZsqFUnXdoR3yyu7PSvFavBlp3dmt+JIlId1rcqen12IPXgYfvgwOTfpvPXLdnw7cmwp899DVN+b7/rELYtWosXJVYVi10b26pzq1o16xfgkh5CjAACaEEEI+RRyB7LcPneLIQnh0Mfx8MSx9+P0T16V+2y/vmMTP28wzm3GZPAr7PstjkPo1ezK+SF6CXD9KVjhRnN2MS/HafNnN2vl+Fy0JubpqS+rFe+OBs/Hh3v3s6gyhqwrzIHSvrtRv56hXHpX+RAghhBwuDGBCCCHkk0Ny8UKfVd/M+819x73pwKNXwc5Rz9VBx1edFqnfcz3WeVOiPn0EKFW24RjU6Zz26V+rNyMNLN274UzNbcXl8tRatHfM907dK0LogjAMQvEa1euXZzwihJCjAwOYEEII+YSIJosL5sTVQXtjP2fx8zbz6S7LqS6LxN7FPps08OPZUP0ORxVPOLfl1rb6Pl+MDM+H+8Z814cc14YcX99zSJQeQPeKkLvgqQ5L2zP39Fq0/ogJIYQcARjAhBBCyKdCKF749qHzl3e2bjxwSKHpuzobvTJolxjuG/cFY4X6fQ6cQqkaT5em1qKPZ7TT9tp8mUS6lM1XSuWqvhG4ur2dyVckfZesyZmN+NUB+1cdlsbG3v2kL4QuCMOqxspVle7VlfqVOH/rOY0JIYQcJAxgQggh5FNh0ZL4xe2tX981dz33fvPAebHPdnnADg0sN7pDufodPjLStMF4IVeoSNkmMiX5Klnb9dxzVetwk+65HqtcvX7PIel+bch+477z1mPX1/ccl/vtl/rt57qtrepeEeZBCF2w0b26d1m/hBByJGEAE0IIIZ8KT2ZDkrhSelK5v7prkoA8021tpO+vakpeftRsyxcrEr1brvSLpYhU4vke652n7ttPXLefuuSClGQjfY0aK1cVSlXVWLmqMAwaK3dHIX3F7x66nsyFWL+EEHIEYQATQgghnwQWT+bXbU27PZ/qtHzeZta7V/dyv93my9bv0GpKle0td3pw0i/RKz/613dNIoQuCKGrCrEKQuiCMKwKoQtC9DaU+n00EyyVtdMUE0IIOWowgAkhhJBPgtmtuLF+RWP6ime7rY7A+9RvufKWTZ25QsXmy4wshKVpT2r36n5z38H6JYSQowwDmBBCCDn5bG//5uGr4I7d2/DakENKtX6Hd0EWvmZPrViTmXylUKxGksVYqjhvSkytRcWX67Hu515Jx7d2rwihC0KpghC6qjAPGitXFUJXVWau37MPTvmN52oihBBy1GAAE0IIISecSnX70UwQcldx61SHeXL1nc/Zky1U7k8HJC+lb7975BKvDdlvPnTqW3obQuiCELoglKqqsXJVYRg0Vu6OQuiCjbFL/da+cV82z/olhJAjDQOYEEIIOcmUKttP50JK7hrdavhlu2nRkqjf823ki5Vkttwx4oHWNQqhC0LoqkKsghC6IAyrNtp1RyF0QRg+12PtHfdFk8X6S0MIIeSowgAmhBBCTjKheOF0p0WJXvFN9xq9Omj3RfLqEYy3t7WP8mZyZW84b3ZnXm3Evn3olGEoXl0IXRAqVxVKFYTQBWFYFdoVhNBVhXnxbLe1d8znjeTrrxQhhJAjDAOYEEIIObFUq9sDE/79dG/DX98xnWo3P5sLWTyZYKyQypaTmXI6V162Ju88dXeMeC722SB3G0LoqkLoglCqIISuKsyDUK0gVK4qzDc83WnuGfOaPen6K04IIeRowwAmhBBCTiwr1qS03z671+gXd81nuywXeqxX+u1f33NI957trp+4aEchdEEIXdCYqTsKoQvCMAi9qgqhC8IwKPXb9dw7Z9rvTuOEEEIOHQYwIYQQcjJJZctXB+0QuiB0L6qELgihC0LoqkKsghC6IAyrQqyCELogDKueqtn2zP1iOVJ/uQkhhBwHGMCEEELICUTqt33YDbnbEENXVWldoxC6IFSuKpQqCKELwrAqlCoIoasK86Devbq3HrkezwTVD0sTQgg5yjCACSGEkJOG2ZP57qETolcXQxdUWtcohK4qhC4IpQpC6KrCPAilCkLlqsI8aOxe3a+H7IOTPOUvIYQcPxjAhBBCyIliy5WWZmth94oQuiCELgilqgqhC8IwaMzUHYXQBWEYhOhteLnP2jfmS2XL9VecEELI8YEBTAghhJwcfNH8qc439YuhCyqhC0LoghC6qhCrIIQuCMOqEKsghC4Iw6pQvEbP91h7X/hC8UL9FSeEEHKsYAATQgghJ4Tq9nbvmPft3SsqrWsUQheEylWFUgUhdFVhHoRSBSF0VWEehNZVPdet1a8rmKu/4oQQQo4bDGBCCCHkhFAsVy/32bB1jSqtaxRCVxVCF4RSBaFyVWEehFIFoXJVYR6Eyt3NM53m7ufeTWeq/nITQgg5hjCACSGEkBOCJ5w/22XF6BWV1gUhdEEIXRBKVRVCF4RhEEpVFUIXhGEQ+nZvT3eaO0e9rzbj9deaEELI8YQBTAghhJwQHr8KHlj3ihCrIIQuCMOqEKsghC4Iw6oQt/vx1mPX8Hy4/kITQgg5tjCACSGEkJNAoVhte+bZT/pC6IJQuapQqiCErirMg1CqIISuKsyD0LT793K/dXDSXypX6681IYSQYwsDmBBCCDn2bG//5tlcSOoUWtcohK6qsXJVoVRBqFxVmAehVEGoXFWYB6Fm39Xz3dbuF95oslh/rQkhhBxnGMCEEELIsUcC+MYDJxRvQwhdEEIXhFJVhdAFYRiEUlWF0AVhGISOfT9Pd5q7X3gc/mz9hSaEEHLMYQATQgghxx4J4O8euVrYvSLEKgihC8KwKsQqCKELwrAqROyHeHfY/XIjVn+VCSGEHH8YwIQQQsixRwL4m/uOQ+9eEeZBKFUQQlcV5kFo1w/363v2RzOBSnW7/ioTQgg5/jCACSGEkGNPdXv7/nQAWheE0AWhVEGoXFWYB6FUVSF0QRgGoVpb5cVea9+4L5uv1F9iQgghJwIGMCGEEHISSGRK7SMeiF4RQheEUlWF0AVhGIRSVYXQBWEYhF5trWe7zD0vvKF4of7iEkIIOSkwgAkhhJATQrZQGZry76d7RYhVEEIXhGFViFUQQheEYVWI1VZrOt1p6hz1rNiT9ZeVEELICYIBTAghhJwcsvnKN/ec0LpGoVRBCF1VmAehVEEIXVWYB5VSba2mhrefOF8sh+svKCGEkJMFA5gQQgg5ORRK1VuPXBC9IpQqCJWrCvMglKoqhC4Iw6BSqq31TffqXu63Dk76S+Vq/QUlhBBysmAAE0IIISeHULxwddC+z+4VIXRBGAahVFUhdEEYBpVSbbmYvuL5bkvPmDeVLddfTUIIIScOBjAhhBByclixJT98ky8Mq0KsghC6IAyrKqXaWjF6G57uNHW/8Dj82fpLSQgh5CTCACaEEEJOCOXKdt+4D2LVKISuKsyDUKoghK4qzINKqbZWzN1mtZm7z9wvN2L1l5IQQsgJhQFMCCGEnBBK5eq1QTtUqwiVqwrzIJSq6qU+2zf3nJC7DWEYNDTqxxBCV7U+ebnfem/KX6lu119KQgghJxQGMCGEEHJC8IbzF3ptxnaF0AWNk6pQqqqNxD3dqdm4qgvDYKM8P5oQumDT8Nkuc+8LbzRZrL+OhBBCTi4MYEIIIeSE8HgmqLcrhC7YSNzdhFgFIXRBGFaF+Gy1ELogDNftGPGs8ay/hBDyacAAJoQQQk4IQ1N+aF0QQheEUgUhdFVhHoTmbLUQuiAMN/nNffvTuVD9FSSEEHLSYQATQgghJwF/NP/tQycUry6ELgilqgqhC8IwCLXZaiF0VWEeNF3otfSO+fLFSv1FJIQQctJhABNCCCEngYmV6CfTvSKELgjDYH1MO+/Rc48nnKu/goQQQj4BGMCEEELISeDlRmw/3StCrIIQuiAMqyq12VobibujMKzaNH/nqXt6nec9IoSQTwsGMCGEEHISGFkIQ+iCUKoghK4qzINKarbWpnBVhGFVmNe81G8d4nmPCCHk04MBTAghhBxvpOJebcTOdluheHWhVFUhdEEYBpXUbK1YrYowD8LwG892mXpeeCM87xEhhHx6MIAJIYSQY8z29m8cgeypTktLuvdCr+1Cj+3KgB2GQSU1Wy4ma7MwDMKwYvtWx4ib5z0ihJBPEwYwIYQQcoxJZcudI579py8UL/jtQ2fnqGdgwn+qE++oq9Rma1VitUkYVoX5Ztu3dL+5Z+N5jwgh5JOFAUwIIYQcY0LxwqU+2wd2r9iYPNttOdOFez4rqdlalVhtEoZVYb7Z192re6HHzPMeEULIpwwDmBBCCDnGLFoS53qs0KtGIXRBGAaV1GytSqyiMA/CcLPN3at7umOr+7nHFczWXztCCCGfHgxgQggh5LgSSxV3q18IXRCGQSU1W67Sq03CMAjDikr3Nrz5wD6+Eq2/doQQQj5JGMCEEELIcSWdK/eN+5rbFVvXqHFyR5XabK1KrDYJw6ow36ySu012mM73WLjzMyGEEAYwIYQQcozxhHMXeq0QuqoQuqCSmq1VidUmYVgV5puF0FV9Pdk16rb7M/VXjRBCyKcKA5gQQgh5HyrV7Xyxsr1dv3qIPF+MQO42hNAFldRsrYZM3VmYB2G4Wahc1eb560O2J3OB+utFCCHkE4YBTAghhLwPqWzZHcrlCoe/S60nlPv6nrO13Xu6E295F5viUxGGQRhWhNAFYbjm2S5T93NPJl+uv16EEEI+YRjAhBBCyPtQ3d4WK9UjsAn4N78ZX9Y2AkPoqiq1ubOX+mzf3HPoF852SVHjwC5ieTYLw6ow3yyELgjDzbaPuNfsiforRQgh5NOGAUwIIYQce9yh3OV+G+RuQyU19+v1Ifu57rcGMAZnszCsCvPNQuiqwjzYvnWl3/Lgpf+I/HcKQgghhw4DmBBCCDkJTK5GW9W9+1OpTRTmQRhuFipXFebB12NnO03dz93xdLH+GhFCCPnkYQATQgghJ4EJQwArtflu3nzovHHfcVE7uDR+q6YSnE3CMAjDio3E3VEYBmG4fevOE+eShTs/E0IIeQMDmBBCCDn2lCvbt5+4lNp8H68O2DpGPOe6LcpxsJTgbBKGVWG+WaVdm4RhVZivebHXMjDu5c7PhBBCjDCACSGEkGOPP5q/2LfbBtt3Uz/w1fUh+437jmuDdkxNFO+uCPPNKtWKwjwIwwZPd2x1j7pD8UL9BSKEEEJqMIAJIYSQY8+rjZhSnh/kmU7z2S7tKzbnG5vmFWG4WaVXUZgHYVi1Y+vWI8fUarj+6hBCCCGvYQATQgghx56ZzRYGsBKcTcIwCMOKUKogDIMwrNpR93yPqfeFJ188/FM0E0IIOWowgAkhhJDjTbW6/WIporTou6oEZ5MwrArzzUKpgjCsCvPg6+5t2DXqdgWz9VeHEEIIMcAAJoQQQo43Vm9mH2fr3U2lNpuEYVWYbxZKVRXmQRgGle7VvT5kHZkP1l8aQgghpBkGMCGEEHK82XSllSM2v1WlNlGYB2G4WShVVZgHYVhVid6Gpzu3ep67eOJfQgghu8EAJoQQQo431e3tYKzQNepRMnVHleBsEoZBGFaEUgVhGIRhVSV3m6zNfP/IMbcVq78uhBBCiAIDmBBCCDkJDIz7lF41qgRnkzCsCvPNGjNVFYZVYR6E0AUNk+e7TH1j7lK5Wn9FCCGEEAUGMCGEEHLssXozZ7t2/BiwUptNwrAqzDdriM+dhXkQhkEIXVWYb99qf+Y0uZP1V4QQQgjZCQYwIYQQcuyZXI2+Q7hqGodVYbhZpTxRmAdhWBVCF4Th117qM9+f8tZfDkIIIWQXGMCEEELIsefleuM8wEpwNtlI3B2FYUUlO5uEYRCGVSF0QRgGOza7Rl2heL7+chBCCCG7wAAmhBBCjj2ZfKXtmQub840Quqow3yzUJgjDqjAPQuiCMKz4Vfum+PWQZWwxVH8tCCGEkN1hABNCCCEngVVbEssTK1cV5ptVahOFeRCGQQhdVZhvVu9e3TOdW93PXZl8uf5CEEIIIbvDACaEEEJOAoVStX3Y/bo/IXRBQ6aqKrWJwjwIw6oQuiAMN2vs3obfP7IvWeL1V4EQQgjZEwYwIYQQckJ4+DKgtK5RJVZBJTibhGEQhlUhdEEYVoTobXiue6v3hatS3a6/BIQQQsieMIAJIYSQE8L96d0CWOlVo4bOvD5oPdN8Cw6rGodVIXRBGFaE3AVPtW+2P3O4Apn68yeEEELeBgOYEEIIOSE8wC3ASqwaVWpTvNpvCGDjsKrhXjsIoasK881C6ILSvbqXek0PeOojQggh7wIDmBBCCDkh9I/73q97m4R5EIZVIXRBGG4WQle1kb7i6Y7NrhFnPF2sP3lCCCFkHzCACSGEkJOAzZc5171n/SrB2SQMgzCsCqELwrAihC5o7N6GXw9axhaD9SdPCCGE7A8GMCGEEHLsKZWrvS+8WK26Sm02CcOqMA9C6IIwrAihC0LxGj3dsdnNzb+EEELeHQYwIYQQcuwxudO4+VepTdQ4rArDIISuKsw3C6ELQuvuaG3zb6D+5AkhhJB9wwAmhBBCjj1PZoP7Clexkbg7CsOqELogDDcLoasKlbubtc2/Dm7+JYQQ8h4wgAkhhJBjz8h8CGoThdAFYVgVQheEYUUIXRD69q1y8y8hhJD3hgFMCCGEHG8KperDl35ozroQuqowD0LogjCsCKELQtbu0zPc/EsIIeQDYAATQgghxxuHP3umU0lZCF0QhkEIXVWYbxZCF4SgfVdvPuDm30+deDK9uGpxuPg2ICcHeUu31vpyyU4wgAkhhJDjjcOfedOfELpgY2w3IXRBGG4WQlcVUvY9PNu51TVs5+bfTwdp3dHJpc++vPWnf/F3f/SDv/m9P/7R7/zhD/+v/89/bVRu/OFf/eSv/uNXMsYqJscReZ//3/5f/194Y3+gdqe/vnSiwAAmhBBCjjGV6vaTmQCGLqjEKgqhC8KwIoQuCBH7IXLz7yeCdOyZaz0SvXru/l/+Hz/YpzIs9/rbz65INteXRciRRwL4nd7n+5EBvAcMYEIIIeQYk8iUrgxYsXgbKrHaJIQuCMOKELogtOuHe7Zzq3vUnsmX68+cnEQkXH/4Vz/RN2HBCv07KXeXeJYS3t7eri+akKMKA/iAYQATQgghx5h4unR1wNbK7hVhvlkIXRCqtYV+/8g2b4rWnzY5cSyuWqRXpVphPf4DlQV+2/ao/jMIOZIwgA8YBjAhhBByXKluby+a46c799e9IoQuCMPNQuiqQq+21rOdm92j9nyxUn/m5ATxkdK3oaTFH/3gb262P67/PEKOGAzgA4YBTAghhBxXMvnyjft2KNUdhNAFYVgRQheEUm21G7rfP7Jy8++JpP/hxP/9//1vYN39Y6hncCyRqv9gQo4MDOADhgFMCCGEHFdS2fKFHjP06hshdEEYVoTQBZVSba317tXl5t8Tiaz0/+1nV1q+3r+3v/fHP1pYMdcfASFHAwbwAcMAJoQQQo4riXTpYq8FwhVDVxXmm4XQBZVSba1N3duQm39PHrLG/2/+l5/CKvvBKKXR92C8/jgIOQIwgA8YBjAhhBByXIkkCk1bgCF0wcbYTkLoqiqx2loxehvWNv/auPn3JLG4avlv/4f/GdbXD1KJjdNXu+uPhpDDhgF8wDCACSGEkONKOle+3GfB0AWV1gUhdEGlVFsr5m6z2syNe+bptWD9CZPjj8MVOJgP/e6t9AZPkkSOCAzgA4YBTAghhBxXMvnypd0CWAldEEIXNDTqxxBCV7U+ebpjs3vEFk8X6k+YHHNkRf+//9f/G6ypH6LcF5ocBRjABwwDmBBCCDmWVLe3XcHs+R7zO6UvhC7YKM+PJoQuCMOb1wZMYwtcjTs5HNbnfndTqoPHxCKHDgP4gGEAE0IIIceScmX7/rTvdGcLuleE8my1ELogDL+xa9jmCWXqT5gccz778hasox8Ff+cPf8hzI5HDhQF8wDCACSGEkGNJqVy988QJoasKoQtCcLZaCF0QhtHLvVsPp1z1Z0uOOWeu9bR8Fb9V/ulf/B0/DEwOEQbwAcMAJoQQQo4lmXz55gM75G5DCF0QUrPVQuiqwjxYH+t8ZnP4uGnuJCDr97/zhz+EFfQj5Wdf3mIDk8OCAXzAMIAJIYSQY4nDn7nabz1K3Ss2EndHYRhsGj7ftdk/aq9U2SQngaO587PR3/6DP2cAk8OCAXzAMIAJIYSQY8nsZmyf3Ssqtdlam9pVEYZBGK7b/sRicsXrT5UcZxyuwBHf/KvLjcDksGAAHzAMYEIIIeT4kS9Wukbch73JF6u1WRhWhfk3nu3c7B62yHOsP1tynPnbz67AqvnR9Lf/4M/ZDORQYAAfMAxgQggh5PjxfDEErWtUSc3Wir2qCPMgDDfbti7efmBZ2IrUnyo5zhyXzb+6f/kfvuRGYHLwMIAPGAYwIYQQcvy4N+WD6BWV1Gy5Sq82CcMgDCvW0lc8077Bzb8nhuOy+VeXG4HJocAAPmAYwIQQQsjxY2jSe4Dpq8RqkzAMwrDi6+5t+PXg1tiCr/48yTHn9/74R7BefsQ9fbW7/tAJOSgYwAcMA5gQQgg5fgxMaAGs1GZrVWK1SRhWhflmle7VPd2+3jNsiacK9edJjjOLq5aWr9Z/bP/8Lz/jXtDkgGEAHzAMYEIIIeSYUa5Ue1+4leBslUqsojAPwnCzSvGCV/s2H00768+THHOO/tmPVHk+JHLwMIAPGAYwIYQQcswwu1Pnu01KeX64Sq82CcMgDCsqrdvk67HuYas3lK4/T3LMOXb7P+v2PRivPwFCDgQG8AHDACaEEEKOGWv2hNKfH6IhU3cQhlVhvlkIXbB5+HzXZv+otf4kyTHnOO7/rMtjQZMDhgF8wDCACSGEkOOErJkPzwWUCn0Pm+JTEYZVYb5ZCF0Qhl97+6F5xRqtP09yzLnZ/viYBjD3giYHDAP4gGEAE0IIIceGeLo4NOk93QEt+k5idirCPAjDzULoqsK8wdMdPPvRieLMtZ5jGsAiA5gcJAzgA4YBTAghhBwPosnio5d+pUj3LzZnszAMwrAihC4Iw2Bt5mrfxsisu/5UyfHnr/7jV7BGfoyMJVL1p0HIx4cBfMAwgAkhhJDjweh88EzHlpKmb1UJziZhWBXmmzVWrioMqxqGu4YtPPzVSeKHf/UTWCM/Ri6smOtPg5CPDwP4gGEAE0IIIceASnW7b8yj1OkeKrXZJAyrwnyzhnDdQRhWhfm29fOd630jVnmO9WdLjj/H9BDQuiMTi/WnQcjHhwF8wDCACSGEkGNAKlu+ed+mZKqqUpsozIMw3KwSrijMgzBs8Lt7piVzpP5UyYngWAfwt22P6k+DkI8PA/iAYQATQgghx4B8sdL7wq30qlElOJuEYRCGFZVkbRKGQRhWPN2x3vPMksoU60+VnAh+5w9/CGvkx8jTV7vrT4OQjw8D+IBhABNCCCHHgEy+fH3QqoSrqARnkzCsCvPNKrHaJAyrwjzYXvdy78bTl6768yQnhT/6wd/AGvkxkluAyUHCAD5gGMCEEELIUada3Z5cCb9DuDZN7ijMNwulCsKwKsyDr7u3YedTiyvAg+6eNI51APc9GK8/DUI+PgzgA4YBTAghhBx1SuXq94/sbw9XTWPlqsJws1CqqjAPwjCodK/u2c71nmEzD3918vjTv/g7WCM/RjIeyEHCAD5gGMCEEELIUUcCuO2ZA4OzSQhdEIYVIVZBGAZhWFWJXqM3BjcXtsL150lOEH/72RVYIz9GMh7IQcIAPmAYwIQQQshRp1yptu8cwBC6qjDfLJQqCMOqMA8qrdvk67HeYUs8Vag/T3KCOL4B/N/8q3+3vc1dEsjBwQA+YBjAhBBCyFFH2wL81BjAULmqjcmdbDTqbsI8CMMghK6qYfhSz8ajKUf9SZKTxc32xy1fpz8Y/7v/6X9lAJODhAF8wDCACSGEkKNOJle+cc9a608IXbC5VEFDee4szIMwDELlqsJ8zfYnZqs7Xn+S5GTxMdbpD8b/9F8vM4DJQcIAPmAYwIQQQshRxxvOXR+0KLnbUIlVUCnPJmEYhGFVCF0Qhg2ead/oeWbi4a9OML/3xz+ClfJjIQ8BTQ4YBvABwwAmhBBCjjpPZvxK9OoqvWpUac4mYVgV5kEIXRCGFU+3r1/rWx9f8NSfITmJHMePAf/2H/x5LMGTcpEDhQF8wDCACSGEkKPO41cQwEqsGlVqE4V5EIZBCF1VmG9Wurdh9zMzT/97sllctRy7vaD//C8/4/7P5IBhAB8wDGBCCCHkqPM6gJVYNarUJgrzIAyDULmqMN+ssXt1z3Zs9Axz/+eTz+/84Q9hvfyIy/2fycHDAD5gGMCEEELIkUYqsRbASrI2VIKzSRgGYVgVQheE4WYheo1e69uYXPTWnyE5uRyvvaB/+w/+nNlADh4G8AHDACaEEEKONMFY/tYjG4arqARnkzCsCvMghC4Iw4qQu+CptrWuZyZ/JFN/huTk8jHW7D+en315i/s/k4OHAXzAMIAJIYSQI82WK/UO4Soah1VhGDRW7o7CfLMQuqB0r+7ZjjXu//zpIFUJq+ZHUx7+ihwWDOADhgFMCCGEHGmK5WrvCxek5g5C6IIwrGqsXFUYbhZCV7WRvrpf92+8XPXVnx456cjK/bE4HxI3/5LDggF8wDCACSGEkKPO8KwfmvONELogDKsaK1cVhpuFylWF7m3Y/ZT7P39aHP2NwP/Nv/p33PxLDgsG8AHDACaEEEKONFuu5NV+E8Qnhq4qzIPGylWFYUUIXRByFzzXsdbH/Z8/MY7+RuDTV7vrj5WQA4cBfMAwgAkhhJAjzYMpb1N/QuiCxklVY+XuKMw3C6ELQuju5o3B9Zk1rpl9coxMLLZ8Fb9V/uV/+JKbf8khwgA+YBjAhBBCyJHm0ctaAEPogs2luoPGylWF4WYhdFUhcfe2+5kpFMvWnxv5lDiap0T67/6n/zUaT9YfIiGHAQP4gGEAE0IIIUeax698mLsNlVhFjZWrCsPNQuWqQtnuR33/5/oTI58Y29vbf/oXfwer6Yfrb//Bn88v8w1JDhkG8AHDACaEEEKONI9f+bF7RaVXmzRWrioMK0LogtC07+SNwfXZ9UD9iZFPj1gi9Uc/+BtYUz8spX5774/VHxkhhwcD+IBhABNCCCFHmsEJT2u6V4T5ZiF0QUjZ97Pn2VY0kas/MfJJcnQamAe+IkcEBvABwwAmhBBCji6eUPb6oAVKdQeNlasKw81C6KpCxL635zvXB0a5uyk5/Ab+7T/48xt3H9YfDXkvpNn6H06cudbzt59d+eFf/eRP/+Lv5Hf6O3/4w9/74x/JZbnlr/7jV599eetm++PFVUv9PmQXGMAHDAOYEEIIObrMb0WhV5s0Vq4qDDcLlasK+frh3hhcX9gM1p8Y+bSRBj6szwNzz+cPQWpWoldvXWm2t2abPiPD0smjk0v1pZBmGMAHDAOYEEIIObosW2IQrprGylWFYUUIXRCqtYV2P93i8Z9Jg+3t7YM/LvT/+G/+d5vDV38EZN9IoX325S3p3v1E727q9/3hX/2EbQYwgA8YBjAhhBBydJnbNGwBNlbujjYmdxJCF4RYbbWrZ9pXe55tVqrb9SdGSK2Bv2179N/8q38H6+4fyf/0Xy/zfL/vip6+v/OHP4QX80NkBgMM4AOGAUwIIYQcXV6tR7R8NVauanPoghC6qkqsttZV3cvdqyOvHPVnRYiBA9sU3PdgvP4jyT6QKut/OPHf/g//M7yMrVKS76/+41cOFw8LzwA+aBjAhBBCyNFl0RzD3G2otC4IoQsqpdpa693b8M7DTZMzWn9WhDQjDbywYv7L//AlrMS3Vlm+/KD6jyR7srhq+e//9f/W8ipTlR/x2Ze3PvHfCwP4gGEAHyfsdvtIjV/84hc3btzQL8fj8fq3CSGEnCzSufLdp/Zj3b0Ne59tZnOl+hMjZCc+dgb/9h/8OQN4P5y51tPafZ7f6p/+xd99yr8aBvABwwA+6kjfnjp16k/+5E9+67d+65/twu///u//9V//tSRxPp+v340QQsjxxxXMnOnY2Gf6QuiCSqm2Vsxd8Hzn2uDzrfqzImRPJISEvgfjH6OEv217VP8xZCekxP72sysHsOFX9Y9+8DefbLMxgA8YBvDRxe/3/+hHP/rn//yf1zN3H/zu7/7u3//938sd64sghBBynHEFMue6NiB0QQhdVSVWWyu2brP1sa8H1mbWvPVnRcj+aJTw6avd/+m/Xv4f/83//uGHy+Je0HsgGfZv/pefwit2kP7OH/7w0/ycNgP4gGEAH1Fu3LixxybfvZE7yt3rCyKEEHJscQWz5zp3DWAIXbARnx9HCF0Qhte6nm56gzz6Lnl/9BhuICv37xcM3At6Nw69fnXl1/oJNjAD+IBhAB9FfvSjH9Vb9gOYmpqqL44QQsjxxOJJne/aPD7dK8K85un2tZ6nGzwBEmktf/oXfwdr/PuUe0GrHJH61f2dP/zhwoq5/sg+DRjABwwD+MjRkvoVfvGLX9SXSAgh5HhiDGAIXRCas9VC5arCfJOXelafTtvqT4mQFnGz/fH7NcOf/+Vn3AgMHMxpqPavNPAndcZmBvABwwA+WvT29tb7VeG3fuu3/uzP/uzHP/7x3bt39eM/y+W///u//5M/+ZP6RDPy3fpCCSGEHE/M7tS5zg1oXRBqs9VC6IIwDNbHbt/f2LSH60+JkBbx3s3w23/w559UXL2VM9d6Wl5fH+4f/eBvPp3/TsEAPmAYwEeIfD7/L/7Fv6j3azN//dd/vcehreRbv/jFL+C+DGBCCDnWhOOFb+9ZIHcbKrXZWhuJu6MwrNo03zO8GU/xJAWk9fzwr34CK/37lHtBN1hctRzwGY/2r/x+P5EGZgAfMAzgI8SlS5fq8drMyMhIfeJt9Pb2NjL41KlT9VsJIYQcQ1ascYheUUnN1toUrjsJ8yAMa57rWB0Y2aw/JUJaCveC/nD+P/+/v4cX50j5iRwQiwF8wDCAjxA/+MEP9HY18h4bcu/evfujH/2IJ0MihJDjS7my3T3qPL7d2/Ba79rLZU/9WRHSUj4kG7gXtHA0d342+nt//KNP4T9VMIAPGAbwUSEej6un/P0X/+Jf5PPcbYwQQj45nIHMpZ6tw05fGAZhGD1ds/PJhsufqD8rQlrNX/3Hr2C9f5+evtpdX8SnisMVOLI7Pxv9FPZXZwAfMAzgo8LCwkK9eg382Z/9Wf3bhBBCji3b25r7p1zZ7nhmV4KzhWKsNgvDqjDfpN69DbufrJbKlfoTI6TVcC/o9+azL2/Ba3I0lUo/8b8pBvABwwA+Kux4/GceyIoQQo4v0rGFUiWdK2dq1m/dB4l08cY9s5KdHy7GqiLMgzDcJHSv7oXO1QdjpvqzIuQj8CHl8CkXgrxux2Lzr660+sluYAbwAcMAPircuHGjXr0GLl26VP82IYSQY0WhWFm2xD2h7Lo9YXIlveFsOleqf+9tpLOltic2pT/fW4xVRZgHYRiF6DV6vXd1fsNXf1aEfBy4F/R7cPQ//Wv0xJ+5igF8wDCAjwo7BvDf//3f17/dIux2+y9+8Ysfv+bBgwf1b7wvssBTp07VF/fjH29sbNS/sTt+v1+e7F//9V//yZ/8ye/+7u/Wn+o/+2f/8l/+yx/84Afy8Kampuqj+6O3t7f+43/8492OmK2fKUp+ovwU+Vnyc+Xyv/23/1Zu3P/RwmRSP/Hy7//+78tCfuu3fksuy2O+dOnSRzrkmPyC/v2///fyU4TG8b3lgn6LfEsGPvBT4vt59eRHyK9Mnqn8UP2T6vpjkBfw7t27/Jg6ITuSL1ZWrXGnP2PxpMzulMOfXjLHkpl9NXAiXfy2NVuAMVabhWEQhlFoXVCf6Xi04f3/t/cmwa0cZ77vW3qpjfudZS/cNxzut9Ci+8bpu/Ki/ay7U4Rsv7Ozb0gvQmHfhWx3tLWz5bfQSpZsWTo680xwBDjP8zzP8zzPJIh5Rr+vKpM4hS8LIEiCIED+f/EPuFD1oZAF8sj4MbMy9xzyqgC4Gspquy4mD//y01/f2lHQ//reb9inkeW52XcCQ4AzDAQ4WyCTEXpjhGxNHk4HpvNskUTJw+eH7Fc94cjIiDysQPW/+tWv1JeokF+RmlKD5SsTo64dxfyZnJw8TR5LALWK2iZfYEaKJ0mlwalAl0BvR4ItT30W77///nn/aiA489OjK6LfkOQtoR/op59+Cg0GwEgkGj12Bjb3PVsHnqVN596xz+MLza87dg69siIpVFzavqYYaep5q6lmYcVqWH1cmOiysGJb04wn5X5vAC4GRkGflwv/yeAac7Pv2YYAZxgIcLZA4iF9Ip4kPnleSFFU+aQ9F9Y20h55FgOJGkyulYr6Grlz586ZXcp//OMfZfUpxm7MZ8+epfimVJaoP5xUPMWTkCheslN9Z2fnTNNOBGlwco1XSf7p0bUYu+iTQ5Vp/F0F4AZw4gosbDjHFo9nVk/Wdtz+YHhjz0NKTG4sKxLj9oWsrRcQYO6fSlg9CyuOCxNdNayeghWAQcbAKOhzkSvTXxnz/R99AAE+VyDASYAAZxGm/Wz/+I//eF6rSQI5kjyvAbJEeficxAblxiALksfiUUUrRc7soE6kcGT7phebHPZRkI7++Mc/lsdSg1Q50UDiM7HZbOf9GwGDfoXO9e5JPr1f/epXclfK0LvDgQEwQsY7v+4gDR6aPZxYOt498oYj0WAoIg8nRusBbktdgLl5KmH1LKyYh4kuCys25oF1smd0Q14SAFfJhbs0f3D3l7dwFPRPfvEH9jnkRFq6RuUF3DggwBkGApxFJFKONDqw6VzT5Hjy8Hkw7bI2vWmZnEoePj9nts1U4cjf3nvvPfn8nMQUjj5z1fBTgTzwArcEk3vL118OUmiLxSJPehZp//Qudu0A3FTIdV2e4N6xj9R3c99D9isPnMXhif9h2Zxiqmq4c8aHFbOwYh4muiys2CSWibya6fnVA3lJAFwl5A8XntP4tnnCVbhWZvL7P313U/9aAQHOMBDgLIKUMlEHIJlYWvrWyG1MB7VeQFpSHP9MZzZ9x3fffZc8jXRLDMCemZmhbTHTkqzQuYAA19TUmPobuRmd7eOPPxbzYCXi7t27dNpE9kvXQif/1a9+JebBSgS1SjQvRT7//HP5SjOowXRCI3QhyfuKU7wlmE4lX3BKok+PoE+GLpyOmv5AY2DxagAY/gCZ7/m+tJEtK75qjGKbcWHFalh9XJjosrBik1gmYrE2TtudmB0AZAiMgk6RXLwBWOQGj4KGAGcYCHB2oQqJkU8++eTy0yzRSeTpDJCAycMpo/qh6ZRdpne02mw2edgMks9YI8m45N4EqJ+YqmfUVNYp6tOnNU7kkF9++aXp1bH7e+lnQZXycDzUBnoLWXcWIyMjiVry6aefJur8p/PTRSXycNqfSgNS+fTeeecdKmO/eDv6hNiyQgEDoQG4JMfOwH3r7LnEVQ+rZ2HFcWGiq4bV8xi8V+SrfBLgKXk9AFw9F/a6m31zqUou3gAsAgE+VyDASYAAZxckLcn7J8lPLrk4MMmJPJcBU3dNgumoZlOLVoWKbEoeSwqJ38cff3ymSiX/kwFBCp1IBUlok/ejxjAd2i1INHQ5xR9Top84GXgqvbj08kQj58+8fZo489N7//33k/zNRZ1EWkA/OFkBALgQ/kA4fhIsRTjjEiszDSvmYaLLwop5FO+N5dviiea+ZXk9AGSEf/q3XzEHSDG3ShV+9tGf2eXnUG7qasAQ4AwDAc46kvQHxiCr/PLLLy/cG2xqXKks4RuDDEe+zIA6jppaKI8ZSKVnMnWSK9yZsm2xWGRpYtjMWCqmA5hT/JuC6WvfeeedRB2/ppj+OOi36MyR7ck/vVQUOlH70/tTBuC2Mbt28k3JDLdNHia6LKyYh4kuCys2iWK8ccmfeFExNbW4J68HgIzwH589YA6QYm7VKOicFuCRiQV5GTcLCHCGgQBnIy0tLaQQUiYSQzWkKBe4fdd04G6STk4VtV/X9GbdGmVx4/N2NZ9JEoU7034Fpvf6xjjTfgnyfNO/WZwpsWSJ6idJpHgHb4xE3chnjmy//KdHb236u3reSwAAGClpXeXC+TZMdNWw+rgw0WVhxSZhosuS/zbFjTP7x255PQBkhNbuMYyCPpN/fe837PJzKDd1ImgIcIaBAGcp5E53796VMpEUUi9ylXP1BpMzq8JGHigPn4Xp+GdTUVSHyIopptJIIoVLpfdSkOg+XoIOyaKzMB2HfKYEmvY/n3nbsymmpyK7Tt4Te/lPj6Bi+TIDlxyoD8Atp3lom5unFia6LKw4Lkx01bB6Hia6LAbvjaWkYSr1Wa8BSBcYBX0mF/6IsiHP8+vkZdwsIMAZBgKcvZC6mA5tNeUdfaai5LZjxHSNXDJbeTgpaqtIp03fmgxQVpyS9sGxpgp37949eTgFdnZ25MviOVeXuNrXTSSf64sw/RvHBbr0CfpUTXtik/9ML//pETMzM/KVBs6l0AAARnHLisE/meiyxMrMw0SXhRXzMNFVo3ivyN+LJmo65uTFAJBBLjwK+gYvscPIaQG+qYPVIcAZBgKc7YyMjPz4xz+WVnEW7777boq38pouCJzK3EUkWuqo3UTKZHoP8Jnjcs+FqnBndnuqqP3h5x2qvbKyIl9pIHkvqOmHc+ayT0kw7YlN3omdlk+PUD/Ai/VjAwAIjy/0unZREV0WRVbjw0SXhRWbhIkui2K8cbFMPLKND09tyesBIIOMTi5iFHRyLrxgcjYEPcCpBwKcBAhwbtDS0pKiBr/zzjtsyR9TTD02le5Z065Otj6QEdN1etLowKrCpT6WO4Z6G/B5RdTUZqlt8rAZpiPJUx90rWI6v3fyVXnT8ukR6k/5vN3IAIAYXn/YUr+sGG8siqwawkSXhRWbhIkuCxNdNaeVhXVTW3sOeT0AZBaMgk5OTt8DXFrTKS/jZgEBzjAQ4FwidQ1OZfiu6fjqM0ftqje7Ju8zTDSKm/ZfbKwvIy0Kpw5FvkBP7Hl7QU3nT07yp4RUUEdBJ/800iXA6q/lBT5AAAARCmt9UPPrjq8K0ua9FFbPE1Nc0zDLVcPqLRO2ximPNyCuCIAMc+FR0B/+9ovb0An8k1/8gV14DgWzQKceCHASIMC5R09Pj+kdvIwz+4HVG3SJ5B13JLqqYiW/29Nut6tdzQIyRlLEc633o5IWhUuLv9H7yhefklyATX+I51qMSkVtAyGPmQEBBiCriESjdlcgEIwcOwN/K5w+03spTHRZWDGPIq48THRZWPFpvsqfsDZMyksCIOOsru9iFHQSPvrdX9iF51BuqtRBgDMMBDhXIX1VrcMIaeeZXazqyFWS0iQTSpuOfz5zrmPTsb5G3nvvvVSGbZuSuwJs+uO7wP23Rs57TggwANlDKBx1+0IeX4g2JpaOvypQfNUQJrosrNgkirXGhYkuCytW8m3RREP3zeylAbnChUdB39RVdoxcuIc8G3JT/0IBAc4wEODcxmazmXb6CUgsZV0CTEfhJln59t69e7LoFFJoeSwpX375pTpCmEHGTu1Jot+m5K4Aq399oE9AHrso6g+ISNLHDgEGIHvw+sNHDn8oHKGN/IZlrqx6mOiysGKTKLIaFya6alh9fL7Kl3lkHR+exgxY4DrBKOgkvCioT7trZSY/uPtLCHDqgQAnAQKc8/h8PhJdqR0Kye/pNV0BKJG60BupEksGJQ+fRU9Pj+mEWAx6i08++SR1Dc5dAVZHhl9+kWTTO64hwADkBOFI1OUNOtzB1uGdr4viBj8z0VVjLDaJIqtxYZarhtXHJ+a9seTVTC2tH8qrAuA6uLBO3IZR0FfhWpnJBx9+BgFOPRDgJECAbwKkpqYryhLJJwEmTOXZdOy0xWKRhw2c6w5e0lqSW9PlahkkhylOB5W7AiyLDFxeGtVPg4AAA5ATRKJRcuD+6QN9+ivprkx0WWJl5lFklYeJLgsrjg+TXmNKGieP7B55VQBcExceBX1T5xk2kqNLAd/gHw0EOMNAgG8I5Jam/avf+973kt9Waqq1pssUqcNrLyY51FQ6v9r/qZLKusS5K8Bqd/p5Fx9WoXeU5zIAAQbgWvAFwkOzh1sHKakg2a/XH/b4Qt0Te+SuTHRZ4izXNIqvxoWJLgsrVsJ0l+VLy3hJ/TiZvLwwAK4JjIJOQo7eBnyDjQ4CnGEgwDcHm80m5SOekZERWWEG6bHaJauamOn45/v378vDF4Lc2/SeVSNnroubuwKs1tMPQh67KOqFEPKYGRBgAK6OqRX7g9K5xU2nfJ4A+qrtD4adnqDDHSABnl6x/7WAG68It1w1iqzGxWi5pmH18WGiy0LeK/K3/PHK1ml5bQBcHxgFnYSy2q6cGwX97z//zxv8c4EAZxgI8I3CtFu1paVFHk6A6Y2jbD0etaOYfPi8E1aZsrOz88knn6h2LaD9yVcGyl0BNu2xT95dfyam55THzIAAA3B1TC7bH5bNLW+55PME0De6SCTq9obsrgCZ8MjcoSrAXHRZFFmNi1FxTcPq48NEV01MfUW+KxlrHViW1wbAtXLhgb7P8+vkKW4oF14p6hrz2RevIMDnCgQ4CRDgG4XqIUSSWZ0FpgsCf/rpp/Kwjnqr8Jl3F58L0mBTDyeSTw2VuwJs+sM61z3VKucdVg0BBuDqmFqxPyqbW905Q4AFJMBOT3Bl2/Wscj493ksxWq4aVhwfZrlqmPfG8qxsfGpxV14VANcKKRNTghRzs0dBt3aP/bf/8b/YJWd/brbOQYAzDAT4RmE6ojiV2aTUnkOjCNntdtWsLrxybxJMl2UikvSL5q4Amwp/ilN/mUI/JnkWA8nbAAEG4OpoHtr+a+HUwoZDPjcjHI4GQxFt/mdP0OsP9U3tn+29FMVX42K0XDWsWAkTXRamu2oKaye39k7k5QFwrWAUNIM+kP/47ME//PPP2PVmf27w/M8CCHCGgQDfKExHwPb09MjDiTE1z9jY6WfPnsldp7zzzjuXHKybiE8//VS+h4EktzHnrgCrnyqRyrxfiTCdzyx5/z8EGIArgr6rlbavkay+rFk4OEn2X0u3N3TsDDjcQfp2NzJ/FCe6LIqsxsVouaZh9fFhosvCLDdJShsnnW6/vDYArhuMgo5BivXz//f/Y5eZE/n+jz4YmViQl3FDgQBnGAjwzcG0A5BIZVSt6YLAMRlTxz9fxtOSYzoeO8lsW7krwGT1ss7A986atTsJpv3/yX/6EGAAroj5dcfXRdNCXDf3E04E7fIE7S7Nfv3BcDgS7RrXpoDmUWQ1LkbFNQ2rjw8TXTXMb5Pnq/xxa8O4vDYAsoC/PrJezCtuWJdjjg57Fvn9n7672d2/BAQ4w0CAbw41NTVSPgzcuXNHHj4L1XJFNy+5sTr++cyJtS6DOis1eZo8ppC7AkyYTlp25j3bppj+mJLfPk1AgAG4IiaX7eSu4lbelW2T24DD4ajHFyLvFeobCkci0XgBVmSVx2i5alhxfJjlqmFmm2L+XjRW0zkrrxCALODCXvH9H31wfHLGFO45AX0COTrsWYR+ELdB5CDAGQYCnBWQZ5JSXnJQsSohROpdtaYDaG022/379+WTUy7mSKmjCnCSxZByWoA/+eQTWWrgTGs1xbT790yXhgADcBWQzVZ3bwj7NQowiW4wFHG4tdt9nZ6g3Rlwaasfad2/ontjZO7wsl2+rFgJE10WJrTnzcOSsYHJDf1aAcgWbvMoaNKqHB32HMtt6P4lIMAZBgKcFQjJJPEjIbmYBqsmI0i9q5beVzVP0irVbdgE0ellZmZGvo2BJBNu5bQAr6ysyNJ4ztsJbNr5LzrwZUUCIMAAXAXLW86/F03HBFhMBE3f4Q5OfPt2ny8Q3jrweHyhE1dg79hLAqz3AGvf8IZmD5mvvo3Rck3D6uPDRJeFeeyF86ZqYn51X/8MAMgWXhTU385R0Dk97FnkX37665vRD38mEOAMAwHOCsiUpDfog5bJh8+lwaadt8R5JUSdl1gdVUskX5g3Bl0CNYAu7VxL+5ia/M5Own/DOS3AhDrynKCPPfXpoKnS9Mf0+eefy4rEQIABuApG54++LpyKCfDs2smRw0+uu7bjIgEm9d3c99Aekl6HO0Aa7PaFAqEIvdBEgI2KaxpWHx8mumqYwV4yJfVTR/aENzwDcC1cRi1y1L7oknN62LPI93/0wfD4vLykmw4EOMNAgLMCowAL3nnnHdLRM1WzpaXl3Xffla+Jh6QoyeTJpphOQMVIfYCu8WyffPJJEomNYWryyVUq1wWYfsSm+kp8+umnZ/4dhCzX9OUpth8CDMBVQKJ7v2RG3Mpb2LRMurtz6N068GwfenaOvKS+tL2y7QxHoqS+dleA4guE6YXTK/a3+mq0XDWxMrMwy1XDxDVdsTZMBEPahQCQVfzkF39gbpBivnpYIk+RO5BK5fqwZxFbdYe8pFsABDjDQICzArXrNQb57XvvvUeicv/+fdJdAWkPKWUi9RVcbKCy6UJKRpLcjsugdsrXnHLv3r1EHZvkgepfAQR0HllkRq4LMEEfqXyBAp2Tfo5qFzp9XHThiX5YpMQp9rpDgAG4CshvvymWU0C3DMuvIA53YPfIS8Z7eOJ3eYIbe+6IPveV2xvy+EI+vzYbltYDbLRcNYrrsjDRZWG+mt58lT9qbRgTFwtAVnF7RkG3do/9n//Xz9lV5GI+++LVbbj1NwYEOMNAgLMCdaKpS5KieqmYLghsJJWOXIEqwDHIskiQSPupnbRx9+5deUDhzHG8N0CACdOB0AzSWmqVep82gwpSHz4NAQbgKtg+9MYEuHlwW+y0OwMr267Z1ZOVbefesXdx00H2S95LX/J8gTDpMT0d1ibBUqRXRHFdY5josjBTTXfGRP5eOFrdNi0uFoCs4jJ2kSsWQdd4A4Y9i3z42y9ulf0SEOAMAwHOCnw+n6pPF+bC9kuQ38qzmEGeJutSIPmpUuH999+X50rMzRBggorlyy4B2e+5xr1DgAG4CtZ2XN+UxAR4S+z0B8Kb++6FDcfSpnN1x+X1ax2/FLdXmw2LNuj73uDMQRq9l6LIanoj1VfkfvFo68CiuFgAso2fffRnpgcpJidGQZM+3Yxhz5Tf/+m7WzLxlREIcIaBAGcLdrv98gpE/nOxVWSNJOmNTDIbsymXuaK7d+/SZyJPlJgbI8CEei3ngtqc4vxkMSDAAFwF3RN7unxqiQkwoY951pb/pZAPk/c6PUF6pPgCWlfw2yHQ8aLLYlRc0yimmt7EeW8sj6yjIzOb8lIByDIuPAr6X3766yzvjbwxw56//6MPvnpYctv6fgUQ4AwDAc4uxK2wiWZFSgK9hF6Y+vjkJCSaU5re4lxzUwtIyFUzTM67775rs9nk68/iJgkwQb8A77//vnx9ytBbp/6JGYEAA5B2jp3+x2WzMVk1CjB9ryMHFtvBUETYr8OtTYLl1cdCa0OgDaKrhokui2Kq6Q03XpZXlVgDCWQvlxGMrBUJuqgbM+yZ7PdWzXrFgABnGAhwNkIeS95I+nTnzh3pEwkQ94Xev38/lc7S1Ll37558AwMX0LkYpGd0zjMv51zqK2hpaTGaJ30gF5j9i5zf2LZ33nkn9bm+YpBMGv9yQSc8b4d5jJGRkU8++eTMCcnoLeiHcjH1FaTl0yPoSo03J1/sAwTgZrCw7jAqa+PAVvhUeo2Q7pL0kv1SfIEwyTCVjSQQYCa6LIqppjdcdFm+soyLFNdN7B445OUBkH189Lu/MENIMdk5Cnp1ffeKhj2LnlhK2pUsUf7lp79eXpXTJdxOIMAZBgKc7ZALkaWQD5NfGSHpPe8qR6ljOi9x6lMrJWFmZobOI69BR8xufa61gm8P9LHQhyM/KQO0s6enRxYBALKJhQ2DAOdPtA5vx3p9VRzuoEdfBNjtC5EAj84fvX1ttg51Fol5byy2hgmn+9yjhADIGBceBf2Du7/MtnG5VzfsmVw0tvruyMTCBx9+xgquIjk323bagQBnGAgwMEHte7xz5448BgAAIDHz6ydCfUU6xnblAQX6vkcCfOIKuLzBQDBCBtw1vptz3huLrWEsHInIawMg+7gZo6DFsOcr6ptVJ6AiL/3qYckP7v6SVaY33//RBxBgCHAmgQADTovZ8kUXGxkLAAC3jbVd133rdEyAW4eTjesLR6IUnf/aPvQ8LJ1hrmuMYqrpDXddFqa7PPmjZY1YBBhkO7k+CvpKhz0/s9QmslDaX1rT+e8//0/2qjTmeX6dfLNbCQQ4w0CAAcf0BuCrG24NAAA3iUgk2jayExPgJD3AjIMT3/2SaSa9FMVU0xsuuixcdOMTK/t74WhtBxYBBtnOhUdBZ0MXZWaGPSeBPoGRiYUPf/sFfRrsDJfPLVz71wgEOMNAgEEcOzs7xpmcBD/84Q/lYQAAAGfRNLAlBVifBEvuPYsjh/+BLU6AFVlNb95arhomuiysmPJd8Wjn4JK8EgCylRwdBZ3hYc/JIU0l6NP46mHJBx9+lq7R0bd8FDQEOMNAgEEcptNfff755/IwAACAs6jr3RCzWFGaB1Od2nRz3/1N8VQ2ey+F1cfyyDo6Ppeq6gNwjeTcKOjRycWfffRn1pi0JPmw51TQXViDFJp0q7Smk/JP//Yr9kYpZmRiQZ739gEBzjAQYBCH6dI7aVleGAAAbgmj84d/K5gUAtw7uSf3nsXChuNvBVdnv1xZWZjosrBilq8sY68rx5bWD+SVAJDFlNV2Xcw0rqWL8kqHPV/RykOfffGKvVeK+f2fvsv8J5wlQIAzDAQYvMV0+qsf//jH8jAAAIAUGJk7/OupANO23HsWM6v2rwvTLsBcVlmY6LKwYhby3liwCDDIFcg0/uGff8ZUIcVk0iiyatjzubiwy93mUdAQ4AwDAQZvMZ3+6tmzZ/IwAACAswiGIhUda6S+X+VP2NpWfIGwPHAW6RZg7qvGMNFlYcVqjOorYmsYwyLAIFe48CjojHVRZvOw51S48CjoW+tsEOAMAwEGEtPpr2iPz4fvNAAAkCqr2y5xKy+lb2pf7k2BNAkwl1VjmOiqYfUsTHqNsTWMYhFgkCtk+SjoXBz2zPiPzx6wt04xWbLcVOaBAGcYCDCQmE5/de/ePXkYAABACsyvO4T9UlK/ATgUjsysXEaAuayyMNFlYcUszHVNoi0CPCqvBIBcIDtHQefusGfG6vpuNv+JIQuBAGcYCDCQmE5/VVNTIw8DAABIgYWNtwKc37BIZisPJMUfDG/uu+9bpxSzTR4uqyxMdFlYsRouuvGJlX1dMFbdNimvBIBc4MJdlFe3XO3o5OL//f98yt4uLcnMsGcGRkGfCwhwhoEAA42ZmRmpvAbu3LkjDwMAAEiNpU2nsF8S1K/yx6dX7PLAWRw5/OcR4Lf+qYaJLgsrVsNEl4UVU74tHG3omJGXAUAukG2joK9u2PO///w/MzPsmYFR0OcCApxhIMBAw+fz3b17V4qvznvvvdfS0iIPAwAASI2NPbfRVDtGU/0KsrrjSmEZJC6fxjDRVcPqWZjosrBiY74rGu0aXJKXAUCOcOEuypaudA74vzHDnhkX/hMDGfstHAUNAc4wEGAAAAAgbSxsOIzK2jSwKQ8YMP12t76bRIC5c7Iw0WVhxSxMdNWwep680YclIwPjq/IyAMgRLtxF+a/v/eazL15RXhTUk+a1do/JM56fGzbsmZETy01lCRDgDAMBBgAAANLG4iYT4C15wIDPH/YH+fJIw7MHf9UHThui2GZ8mOiysGI1THRZWDFP3mgsT6zD0wsmlwlANkPieknloJfH8rOP/kxGfS4ZvnnDnhkXXm7qFo6ChgBnGAgwAAAAkDZYD3DPxK48YCAUjrDJseyuwHfWacMLFeE0hIkuCytWw0SXhRXzGLw3ltcVo0tr51jwCYAs4cKjoBNFyDCZ8OjkonwPM27qsGfGhUdBf/DhZ7dtFDQEOMNAgAEAAID0EAxFqrrWDB47PjBtYob+QDgS//XO6Qm+qJrjthkfJrpqWD0LE10WVmwSxXtjsVSNrW4eyisBIHe48CjoM0My86/v/eZFQb18JwPkxv/9f/5vVp+WfP9HH9iqO7JHHS8sdXQhWeLwGQMCnGEgwAAAAEB68PhCzypmjQLcP2UiwKFwhAxYPtGhr6w13WTOinbqYaLLwopZmOiqYfU8iu4a85VFS0nd2P7R7fq2Cm4G5KJptw5jhAaPTCzI99M7RW/2sGfGhUdBP8+vk6e4HUCAMwwEGAAAAEgPJMAvq+eNAtw3tSePGfAFwg53IBSOc+CdQ8+3xZNG+WSiy2KsNA0TXRZWzKO4LotQXxFb/Zjd4ZGXAUDuQNZx4YmaUg+JDXkgyfZtGPbMeFFQf7FLvrr1lrMTCHCGgQADAAAA6eHI4X9Y+vZW3r8VTMysmqwDHI5EA8FwMBSJRKK0TY+0kyr/VqBpLRNdljhNNQsTXRZWbBLFdY0xem8s1rphj9cvLg2AXIGM9L/9j//FnOHqckXqm23DnhmXGQUNAb5kIMBJgAADAAAA6eHA7hNzWT2vnPsqf/zrwonxxSN57BT6Vuf0BAMhbRIsf1DrCiYZDoUjlroF5ros3FTjw0SXhRWbRHFdY5jxsljrhsKRuDm9AMhyrm4G5kwmO4c9M37yiz+wZqeY0ppOeYpbAAQ4w0CAAQAAgPSwc+i5XzJFAvx14aToBG7sf7sOsBjz7A+E7U6/WAaJNNjtDUai0dVtJ9PdWLipxoeJrhpWz6O4rjFMdNWIMmvtoH59AOQGf31kzcDI56tO1g57ZmAUdCpAgDMMBBgAAABIDw53QJ/MWVNfYZjd42+XQSLdFZ29Lm+QvJf2hCNRX0Db0zK0dS7vpTDRZWHFPPGiq4aJLoux8uv8kfLGUXGBAGQ5pBn/7++/TLtpZDhZPuyZgVHQqQABzjAQYAAAACBtzK+ffGediqmmcRmkSDQa1Ec+h8NRsQwSCTCFtPmhbToT3ksxuKsaJrosrFjk7wUjte2T+vUBkO1c3bpHGUtODHtmXHi95dujcBDgDAMBBgAAANLJwvrJ47JpIZytw1tyr75KsNgQvRqkvto8WNGoPxhuH97+unDiraYqYaLLwopNooirMUx0WVgxy7eFIw0dU/plAZDV/PWRNdf7fj/74lUuLpBLzWYXkmJ+/6fvbkknMAQ4w0CAAQAAgDTTNbYjzLNp4O09wPRNzh8I6wOhNRP2+cPkwDraysB5dQtvffU0THTVsHoexVeNYaKrhtWziJpHJcM9w0viAgHIWlq7x3L6vt/cGvbMwCjoM4EAZxgIMAAAAJBm+ib3xJDm5oG3PcD0Tc7jC1G8/lAwpN0J7NdvCSYNnlo+Zj3ATHRZjJUmUWSVJaa4pmHFLKz4iXV4eHJNXiEAWcnq+m5Oz/mci8OeGRgFnRwIcIaBAAMAAADpZO/Ym1+/KAS4ZeitAEeiUdJdsl+3N+jza13BYr/DHYjdNsxEl+Wt4iaK4qvGMHdlYcVqWL3IM9vQ9MLbXm4AspD//j//N3ODXMn3f/TBVw9LcnHYM+PCd1/T5ctT3GggwBkGAgwAAACkk+7xXWG/lK6xt19BhADLJwZIgJ+UTTPXNYZbrhpFVo1hysrCitWwepantkEIMMhmLrwMz7VHDHuWl5HjjE4uYhR0EiDAGQYCDAAAAKSTjtGdmAA3D0o5pO9wib7FkQA/sE4x6RXhosuiyKoxzFTVsHoWVszyZd6IyIuyoel5CDDIUsgrLjz49npzA4Y9MzAKOgkQ4AwDAQYAAADSycTi0V8L5IJGfVN7YmcorK14JLYZPn+4vH0lXd5LYbLKwopZWLGamPqKWKqGVzcO5JUAkGVceP7ha8yNGfbMwCjoJECAMwwEGAAAAEgn24eeb4onhaz2nwqwETJej0+bB0s+p28/rsCzipm3ipsoiq8aw0yVhRWrYfUszHtjgQCDrIWkIudmfr5Jw54ZZbVdF3O8Dz787MaPgoYAZxgIMAAAAJBOljYd354KcKwHOIY/GCYBFvcDG7/VxVZOMokiq8YwU1XD6llYMQvTXTWWqhEIMMhOcq779+YNe2Zc+O8RN97lIMAZBgIMAAAApJO1XZcQ4Pslk8tbDrlXxx8Iu71B+SQeEuOanvVc8d5YJQQYZC05d/fv8Pi8bPoN5aPf/YVdcop5nl8nT3FDgQBnGAgwAAAAkE7GF4/ErbwPrFPz6yfGsXvhcDSSeCzf2MLhmd5LicmnaVgxCytWw0SXhRVTdAHelxcAQNZw4WmHrzE3XvMwCjoREOAMAwEGAAAA0snajutF1SwJ8F/zx9uG364DfCYD03vMV41h5snCitWwehYmuiys2JiS2uH9o7hebgCygVyc/gqalyg3fjEkCHCGgQADAAAAaUZfCljrBK7vXY+cTv5M39+M3+HY17m9I+/zihlmrRQmnGpYPQsrZmGiq4bVs1ABBBhkJ7m4+tFtWPMWo6BNgQBnGAgwAAAAkE7oK2zb8BbZ75eWsa8Lx9d2XbQzHIkGguFQOEIblGBI2xD1tJ8elzYdqYsrxVishhWzGBXXNKyexVgJAQZZSC6OfxZp6RqV13BDeVFQf7EfzYe//eIG/3UAApxhIMAAAABAmtncdz89XdZoeUtbz9MfDIuuYLc36PGFKHqHsD4tli9E+1e3nX/L124AZrbJYrRcNaxYjdFd1bBiFlYsAgEGWchfH1lzVIA/++IVxvqa5mZ3j0OAMwwEGAAAAEgzkWi0qGnpVIA1PyT79QXC4UiUjNfl0Rw4GIrQntg3usWNk68LxphzxsJEVw2rZ2HWysKK1bB6YyDAIAu58Djba89tWPP2J7/4A7vqFFNa0ylPceOAAGcYCDAAAACQfiaXjr7KH/+maGJr301Pvf6Q0xMMhbXlf0l96ZEiBj8L1nacpgLMRJeFFbMwWVXD6llYsZJhirV2wOP1y2sAIDv42Ud/ZjKQK/nB3V/eeAHGKGgVCHCGgQADAAAA6efY6f/KMlbYsEC6S0/d3qA/EKbE5sQS0Nc50mB67J/a+2v+WwFmossSKzONYqo8rJ6FFZtFU18IMMha/vW93zAZyJXchnmwMApaBQKcYSDAAAAAQPoJBCM13WsVHSsub5AcWCz/q357ox0kwIcnvmcV07p8JotRU02jmGpcWDELKzbLW++NBQIMspBcnAI6luMTbdaAm82Ff0A3VeogwBkGAgwAAABcCbtHnpG5gwO7LxTWOoFNETNCr247meuyMFllUUw1LqxYDatXwqXXGAgwyELS7hKZzG3wlguv0nxTJwmDAGcYCDAAAABwJZy4AjuHHo8vJO74lXtJevU7geUTnfVdFzNeEWaqLIqp8rB6FlashLsuy1d0/rwRCDDINlbXd3NagG/8SkgERkEzIMAZBgIMAAAApJ9AKEIC7PQE5XMDZL9kxfKJzvz6SereS1FkNS6smIUVm4W7rjHCe2Ox1fZDgEFWcRUukcncBgEmMAraCAQ4w0CAAQAAgPQT1AXY7vKLSbCS4/IGmwY2SpoX82rnnlfOvKiaeVk1y8SVophqXFgxCys2C3ddY5j3xoIeYJCF5LQAj0wsyMu40fzHZw/YhaeYrx6WyFPcICDAGQYCDAAAAFwJpL4ujzb5czh+5mdTolHtfmCfP0QvcXu1jM4ffFs0fqa7Gi3XNKxeCXddY5juqrHWoAcYZB3/8M8/YzKQQ7kl3jI6uXgx5buRK0VBgDMMBDir2dnZefbs2ccff/zjH//4zp07/8cp77777nvvvff555/39PTI0hTw+Xw2m+2Pp1gsFrvdLo+dB3oVtUqe5Y9/rKmpkQfOwvjuLS0tcm88dMl0XXS9dI10pXTVtH3v3j3aSYdk0VlQ5aeffkov/OEPf0gneeedd2ibPrH79++nfhKVXG+/Cv3+iNYSosGCf/zHf6Q9v/rVr+gdR0ZGZPX5OfMTo5PThxN7a3pfcZnG38yVlRVqpDzLeX7fEkEn/PLLL+Xp/vjHmZkZeQCA9JFk1qtzUdmxovjq2zDRZWHFSrjrsjDRZYmVQYBBFpK7yyBRbsMs0AKMgo4BAc4wEOAshb6jk35873vfE2KQBHIG0oNUVJZOKF9zCrmHPHYe7t69K19/CtmaPJYYshpZfQqzd/IQao88lgC6BPpk5AvMSPEkFzD/XG+/EfLS999/P5XfLgH9xOkl8sUpk/wTo0tIcqWkxLEytZ2ffPKJOHoB6PNXT3gZyQfAlFSGPadCz/jOVxajtWphosvCis3y1nLVMNFlYcUUCDDIQn7yiz8wGciV3IZ1gGNgFHQMCHCGgQBnI2QOqcuJ4M6dO2d2ZP34xz+W1afQHnnsPJByy9efQkomjyXmj3/8o6w+xdgl+OzZsxQvmcoS9QF+/vnnKZ7knXfeOW9HYq63n/D5fF9++aX640sRcuZziXeST4ws1NjhbIqopDarnwntufCfAD799FN5FgMQYJB2QmGx7u9l2dhzfV0wJsSViS6LwW8ThburMUx01bD6WCDAIAv56Hd/YTKQK/n3n//n7RHgstqui1nfBx9+dsM+JQhwhoEAZx2qNqTImd1i2SnAZDhkVnJXypBwitMKdnZ21KtLDkmU6aDcROR6+8nxxIDqy0BnSH0MdqJPjOw3FQkXJyFMP172AaaO+tZ37tyRxwBIH6S/iUZBkxqnPkB6a9/9jX4bcJIoosvCldUYZrlqWD3LVxBgkJW8KKhPu05kJr//03e3R4CJC9+tfcMGikOAMwwEOLsgQ5Dfys/PmTabhQJM9vjee+/J5+ck1muXolCpvPPOO5fUuVxpP7Xz8vYrSP13xvQTs9vtKV6sPIs+YFvuMnCxX92enh75egOpDOAH4Lrw+UMvKmeY8YooosvCZZWFiS4LK2Yh740FAgyykKvQicyktKZTXsPt4MJ99c/z6+QpbgQQ4AwDAc4iSGaMM13FePfddy0Wi5AHKpuZmaHtZ8+eMfXKOQGuqakxtUcx59PHH3+cfJTs3bt36bSJ7JE+STo5NSy5+FGrRPPOJKfbT+8iXxDP9773PWrqJ598Quehy6HfKzFt1b1795Jo6v379+V5k6J+YnR+009MhRomz6Lbu+m/i9T/eBED459BzhGORBv718/jvRTuq8Yw0WVhxWqM6itirRk4srtkcwHIGi48wdL15rZJC0ZBCyDAGQYCnEWYzgmUfPIhEhuyF1F5poVmmwCrVkNnJtWXL9Ah+Ulye63pHa2knez+WLvdTpXycDzUBnoLWZeUnG6/KsCk3+SxSe6kpdOa6iJBLZRFSVE/MXUwM30y9C4kxvR24s869LsktFyeRSf2S27k888/l4dTxvTTlscASB/0rezMO4DpOMltojJ/IBzRV06i40Mz+6mpL5dVY5joqmH1LEx6jSmpGdw/dIhmA5A9XHiCpWvMrboBWHBh8bths4VBgDMMBDiLUIWKFEIeSwrpzccff3xmR1a2CTCDTpLI5UgIEzkkI8lwVpIrWRTPhfszGdncfhJdWa3/0Ek15YGzMB0zTKRyhjM/MZLPM2duE9DvtnyNgfO6K7VZvtLABSwagDMhfXV6gvJJAshvqSYQDMvnBrz+0LHDT4/i6cTioeK6xnBZNYZZrhpWz8JcVw3VQIBBdnLhrsVrzGdfvLptAkxgFDQBAc4wEOBswagoMVLp3EudbBbgM1XfYrHI0sSQIsrqBJDtyFIDF+7PNJIT7b93717q6hvj448/lu9k4Msvv5SHE5P8E6PfoiT9zyp0mfKVBlL0Z4HphVxgHDUAyaGvry5v0OEOsC+yEXoevyfRN13y51gPMNE5uq1ILyXOVNUw0WVhxSzMctUYiyHAIDu5CqO46txOY7nwjGUf/vaLRP8VzTkgwBkGApwt1NTUyK/kp5y3g+tMslaAz7RHgfq+Rs60R4KMy7QndiXp2ryCXG//hSFFVN/0/fffl4cTk+QTo4/ivG02HQSepMNcRR1hcbHffwDOhPSVBNhnkFgiRM8MT1Onb3I3dfVlosvCitUw0WVhxSIQYJC1fPbFK6YE2Zybt7RPimAUNAEBzjAQ4Gzh/v378lv5KWKSpDSSnQJ85upNMRLdB0uk0iEpoKbK1xjo6emRhxOT6+2/DGrv6w9/+EN5LDGJPjHS6QvMO2Xq4fSrKA+fhen451T+6ADABaCvZKS7Tk+QTFjsiUSjHl8otvqRWCQpxa9uw7P7l/ReCqtnYaLLwopZCqsGtnaPZFsByCZyqxO4pWtUtvv28ZNf/IF9GinmxnxoEOAMAwHOFtSbLd95550bPwT63r178nAKkALJl8Vzrm5AtaedSD7TmCDX238Z1MmrUjHPRAJM+2XFOTFdEDjFQd3q+GfS6fT++wLACMktGa58oj8lGXZ7tRuDab/LGzx2+k1vABaQHouQJTcPbjDnjIVZrhpWz8JEVw2rZxE1lsrB1Y092W4Asoxc6QS+td2/AoyChgBnGAhwtmB6D3B6Z+jJNgFOfQbmGGof4HkHiqvzIROpzCOV6+2/DOokzHQh8lhiTAX4MuMaTBcEJrOVhxNDPyZ1/PO5/ngBQFogm6XHQEjTWuG3Yr8KVdBR8b1uZG7/m6JRRT656xrDillifpsorJ6FFeeVDy7haxbIVsgrcmI9pNvc/UtcWP9uzChoCHCGgQBnEaYrvqbRgbNNgFMfvxpDfevzXoLpHxpS6ZPM9fZfBlOVlccSo76KtPlc01YxTD02lYESpt3mtFMeBiDjGL+w0Tbprj4gOu5rnM8vh0zTY3HT/Kl8ctc1JuaoicLclYUVs7DiWJ5Z+6fn10WbAchCLty7mLH8/k/f3ebuX8GF/05xMzQPApxhIMBZhOkstQTtT8tctTdAgO/evStffMoFLkHthr0N7b8M6RLgC3xiDNN/I2eOAKfPR5aecoHeewDSSDAUodAGqa/bG3R5g8Y7hAk66vIE3b6g2FnRvsxcl4XJKgtTVhZWrIbVszyz9kGAQZbzr+/9hrlB9uQHd395fOKUDb3FXHjd5puxdhQEOMNAgLMIu92udnAJyHnoS/wlJ/u9AQKclku4ne2/DNkjwKbrEicfzEyi+84778jSU1KfugyAtCNGNvsDYbJc8lt/MBwIhsORqN4HrB2i/V5/iJRY7KQ9MytHf7OMMumlMFNlYaaqhtWzsGIlQyKPivt7hua0CwMgWyET+Id//hnTgyyJrbpDtvJ2c8tHQUOAMwwEOLswnavWyHvvvWexWGT1OUmLfRG3UyBvqgDb7Xb6rXv27BldIEG/YNQkhvqOhHx9YtLyiamodwp873vfo6uQhxVMxz9f9bzZACSBjJfUluLzh8h1heKSA9M2PYpDJMCBYIS0mLbp6IHd+23ReHZ4L0WqLwQY5BAtXaNZOBAag5+N3OZR0BDgDAMBzjq+/PJLdYwr486dO59//nmSL/2mkMnI159Ce+Sx83A7BTLX288YGRmhK1LXN0odeaLEXJEA02++PJ2BJAsa3bt3TxadksoaTgBcHWS2voDW5UsbFBJgocHkutpGRHtK8Qe0nmFx6MDu+6ZwjJmqGsVU48KKWVixWeK8N5bvCvubOibktQGQxXz1sCSrHPjD335B/+Bl48AlRkHTT1aeImeBAGcYCHA20tPTYzohFoM8+ZNPPkldg9NiX8TtFMgbI8AtLS1qMy6APF1irkiATVeTSvQx+nw+9c9J1DB5GICMI3p3RTdvLOS6pLmyQq8RAkySTI9RfVXh4qYFpqyxKKYaF1ashtUr4cZrzJdvBr8t6G9oG5NNByC7+dlHf2aScF35l5/++sjukM0COqOTixeTwB/c/WWud6RDgDMMBDhLIa0luVXvXVS5c+dOivPZpsW+iNspkDdAgMkGqVK+5tLIkybmigSYeO+99+QZDZhOFGexWORhA5e8lx6AyyC6f/3BsJj4irw3EAzTBj1SqICkl+Lzh0h9Y3cC0351NWDFVHlYPQsrVsJdl4XUV+Tv+QOVDQP6xQGQ7ZAm/eQXf2CekPnAfhNxa0dBQ4AzDAQ4qyEN/vzzzxPNjGUkldVQ02JfxO0UyFxvP/0uqXNQJ4JaZUR9R0KeNzFXJ8CmWmu6YJg6/pkuRx4DIOOQyp64/EJ9hdxSSHTFo+gNppAk06OQZNqvjYGORvPr51IT1zjLVcOKzcJd15iY98bytWWgvL5fXiEAWQ/9a7rwUNu05N9//p+w30Tc2lHQEOAMAwHODegbv/pVnvHll1/K6gTQV39ZesrFZOB2CmSut1996xj0q2Wz2VpaWhKttqVeOyGPJebqBNh0Yud3331XHj7FdPzz/fv35WEAMo7bG7Q7/RSPT1v66MQVEIpLrqvPeqW5rhj2LPqBaYO+rJMM02vre9cUU40LE10WVmwW7rrGMOk15m95A7ZqzCoHcgn6Z/U8vy7tvpFKfv+n77DoURLKarsu9nP54MPP6Mcqz5KDQIAzDAQ4lyA/+eSTTxJNkUX7Z2ZmZKkZabEv4nYKZE6339Rg6Rfm888/T2WJ6WwTYMJ0QWD2+692FNMln3fqOADSCHmtzx8iAT5x+R2ugO+075dC+0mASXr1HmCtN5iOiq7gYEibKHpzz/XYNqFYKxddNaxeCXddY5jrqhFlJZWd8goByB1GJhYyuTbS93/0wTNLbU5LWgYgD7zwDyWn/7IAAc4wEODcg4zF9Ns/cffuXVlkBmmSrDtF7TRLhVsokETutt+0v5RUsKWlRVacRRYKsOmCwJ9++qk8rKPeKvz+++/LYwBcH8KBnR6t79cteoD1CNelR92BtW1RT1YciUTXd50PSsaN7spEl8VYaZY40VXDRJeFFVtrej1ev2gtADkEKdNHv/sL04aryL///D+XV7flu4KkXPgn8jy/Tp4iB4EAZxgIcK5iuhgMQbYjKxRUAb6YkNw2gRTkbvtTv2M2EVkowIQ6U7rx/Ha7XR0rQR+FPAxAUrQu16uEnDYQDDs9AYrLG/TqU175tXmwIrSHrDisa7Cs1plYOPg6f4TclYkuS7zlmibOXVmY6LKw4lhsNX12h1s2FICcIhqNjkwsfPjbL5g8pCukvi1do+j4TZ3bOQoaApxhIMA5zKeffiq/1xsYGRmRhxVUASZDkMfOw20TSEHutl/9uRPnmgk5OwXY9G9AsW7tZ8+eyV2nvPPOO0n+PASAESafVwQ5sMsTdPv0eIMkwOIm4ROXn5RYFp2ysu34tjjhUsCK5arh1moME101rJ6lpLpv//BENhSAHITEiTT1wlMQm4bUt7SmE+p7Xi6sgt//0QcQYGMgwEmAAOcwpqNAk8zxk8ptk2dC4qSOp4UAp8i1tF8dCUw/QXksNbJTgHfMFgSOTYeuXnUqM6UDIIgNP75qyHjFLb5hfapneojoA57JwMmH6VF0DlPl4Mwek14RRXRZuKwawyxXDavnoQI9lor+1Y09cUUA5C70b5CU9fd/+o5UirlE6qHXkvp+9bAEk11dmFs4ChoCnGEgwLmN6qJkHfKYArmxLDJw5tzRRkg5VPsiIMApci3tV4cKn/dNs1OACVO39/l89Iuqjn9O/Z5nAE5c2jhk+eQqEborn8RDSkyhZrj0lrQOxa0DrIguiyKr8WGiy8KKeU69N5ZXpX0Ly1ui2QDkOtrfonQT/uyLV//y018zqUgUqiRzHplYIO+ll8tzgQvxoqD+Yjb44W+/yNEPHwKcYSDAuY0qwEmE1rTHOPV5sOx2OxXLl8UDAU6RLBFg2iOPpcb7778vX2lAHktMBgTY9PZmm82m/q0n7W8NbjahcMTj03tmrxufPlEWmXBN92oK3ktRfNUQJrosrNgk8d4by5Oinum5NdliAG4KughrkNaSDz/PryMlJsX64MPPyHUpXz0sof0tXaNUICrlK8HluIWjoCHAGQYCnMPMzMzIb/cGkkzzQwYri+KpqamRFYlJYr8EBDhFrqX96psSqd8NSyeXr4lHHk5MBgTYdILre/fuqZfMJogG4EyCIW3JIvnk+ohEoqIZDWesA6zIqiFMdNWwep543WX5a97go+LenqFZ0WAAbjDCcmPIveAK+Nf3fsN0LsW0dI3KU+QUEOAMAwHOCuh7PH1lJ9O4/NREyZd1NXUhMtvki6OOjIyo0mUEApwi19J+U4NNcei76WsFsiIxGRBgQr2zXR38TJz3XncAwqfmeb2IZgSCkerOFUV6KYqsGsIsVw2r54kXXTWkviIPCvtaeyZkiwEA4NL89ZH1Vo2ChgBnGAhwVmAcnPzJJ58kl1iB6eDPM23K9DZggswkkXuTKamdbAwIcIpcS/trampknQGyxOROSEfv3r0rq82QdYnJjACbDuxnJF8fG4BsRtwGHA5HBqd3/2rRlkE603spTHRZWDFPvOWqiXlvLN8WDDS0JVyAAAAAzsttGwUNAc4wEOCsoKWlRX5VP+XevXuJRiaTmSTqlztzmh+73X7nzh1ZHQ9ZLrm3zWYT+j0yMkKOrd4+SqgzD0GAU+Ra2u/z+dSXEPQT//zzz9Wx0PQL8Omnn5r2oxqR1YnJjAATpr+lRs410xsA2UYoHCEB9gfCr6tnuKzGh4kuCys2SbzosjDpNeab/P7y+j7ZXAAASAcXXpUqF8UPApxhIMBZgSrAMcgZyJE+/vhjkhzaSNIpRzIjT5cUdX3Uc0HvorYWApwi19X+M3/ByHjpAj/55BO1hQL1TeWpE5MxATZdENhIKkMqAMhawpFoMBQJBMMF9bNcWfUw0VXD6nniRZeFua6ar/TYarplcwEAIB38x2cPmNGlmM++eJVzncAQ4AwDAc4K6Au6/Kp+Ud5//315rhRQu3BThOSZXg4BFuR6+1Pke9/7Xk1NDb2FfH6KPG9iMibAyf/50G+7rAMgByH1Ffa7tuN8Vj5pFFdmuWqMxSaJF101THRZhPfGYqvuDgav/5ZpAMCN4VaNgoYAZxgIcLagCkbq3L17N/ksVgyfz3deB75z505sSDYEWJBb7SeS39NrCv3cR0a0W/uyWYCJJL/PSeZFByDLoe9wLm/Q7Q16fMGG3tW/5cu7f5nosrxVXNPEW64aJroszHtjsdb20hc42W4AAEgHt2cUNAQ4w0CAs4hnz56pbpOcd99912azydefB3LgVO7zFJD8GAUbAizIrfYL6Hcs0U3gDPrdoN+Q2B3CWS7ApnPCEXQV6k3OAOQKmgB7goFgOBKJ1navMNFl4aKrJl50WZjosjDdVVNU1be1cyjbDQAA6eDCo6C/elgiT5EjQIAzDAQ46yChvXfv3pmWcmH1NSLm00o0yTPt//jjj9W5gnd2doxrAlNTU+lkI202mpvwK3ksZeiNjJ8MtfAC8xuRmBnN/5a0PwYJ4eeff57oh07QZX7yySdsVnD6ZTO+hH4x5IHEpOUTSx36VyPfyUDqfxoAIAuJRKN2p9/rD4VCkSQCzEWXJV50WZjoqmGiy/NmQORVae/C8qZsNwAApIPW7rGLaeG//PTXuTUKGgKcYSDA2QuZZ01NDdlOjPv375NUnGut4BSh05KJybf54x/FTFfoOrvZ0M+Xfsokz/Kn/sc/0rYY8JyL0C+wtF4DiaZSByDLIfWNRLT4A2GRmq5lo/Q+KZt4VTXFXdcYxXVZmOiycNFlOfXeWB4V9QyPL8rWAwBAmrglo6AhwBkGAgwAuAmoiyHduXNHHgMg1wgEwycuv8Pl9/hCwVDE6w/FeoBJbh9axys7looa5uKMVyTectUw0WXhoqtGUV+R7/L7WrvHZesBACBN3JJR0BDgDAMBBgDkPC1m6zxd6YhrAK4apztw7PSRAPuDYXLg+t7VmOXeLxp9UjrxTeFIbI8WxXWNYaLLwi1XjWK8xvw1b+Cb/L7qxgHZdAAASBNltV0XM8MPPvwsh0ZBQ4AzDAQYAJDzmN4AnLvDuQEgwpGowx1weYJef8jtDbJFgJ+UTchtxXWNYaKrhosui+K6xpD3vo1lwFbdKZsOAABpgszwH/75Z0ztUszxiVOeJeuBAGcYCDAAILfZ2dkxzgom+OEPfygPA5CzRKNRMQW0PxAub1uM2e+Z3kthosvCRZdFcV2WOPU9ja2qE0sBAwDSzke/+wtTuxTzPL9OniLrgQBnGAgwACC3MZ3+6vPPP5eHAchZotH/cnuDvkDI6w/JIdCnfvugePRF+WTsaSxMdFm46KpRXNcYZrwstuoe+g4nmw4AAGniNoyChgBnGAgwACC3Uae/InZ28N99kPNEItETl7YM0u6Rp7pzmfz2ftFIXs30I+vYw5KxV5VT2eC9f6UCPUWVfVs7B7LpAACQJi4sh9//0QcQYGAKBBgAkMOYTn/14x//WB4GIJchAXa4/G5vcGPXqS16ZBDgVLyXwkWXRXFdY7joqjlVX5HXtt6FpQ3ZdAAASB8/++jPzO5STK6MgoYAZxgIMAAghzGd/urZs2fyMAC5jBDgQDBsd/or2haF9Kaivlx0WRTXZeGiyxLvvbE8LOwZGJmTTQcAgPTxoqD+wqOgW7vHKKOTi6vru1l7mwYEOMNAgAEAuYrp9Fe0x+fzyQoAchkSYFJfjy8YDEXqulfIex8UjzLXNYaLrhrFdY3hossSr7tq7hf01rcOyaYDAED6uIwf0gtZ/vW933z0u7989sUrEmP5BtcNBDjDQIABALmK6fRX9+7dk4cByHGi0ajbG3S4/C5PoK57mRS3fXijtGXeKL0UbrlqFNc1houumnjR5Tkt+9rSX16DlZAAAFfCP/3br5jgXT7Ch0mGXxTUy7e5JiDAGQYCDADIVUynv6qpqZGHAch9otH/cnmDTl2Avy0czq+dsdRMp6q+iusaExPXhDFarhpWrKe0qgMrIQEAroK/PrKmXRFjoTOTYH/2xavrmjQLApxhIMAAgJxkZmZGKq+BO3fuyMMA3BTcugDXdC4VNcySA1/SeynMWnmMlquGFcfHVtN7dOyQ7QYAgPRxFYqoht7iPz57kHkNhgBnGAgwACAn8fl8d+/eleKr895777W0tMjDANwUwpGoyxucWz2q61kpa1v4e8EwN95YFNc1hskqj9FyTcPqWd70U/LKepZXt2S7AQAgrVzFKGjT/MM//yzD00dDgDMMBBgAAADIaiKRqNMTqO1eLmmae1E5mU7vpRgtVw0rZtG9N5YnRV1jkwuy0QAAkFb+47MHzPGuLqSjP/nFH45PnPK9rxgIcIaBAAMAAADZTiAYLm6cK6iffV4xkW3eG8uD/J62rJlVFQBwkyBFvPBqwBfOP/zzz0YmMvFHPQhwhoEAAwAAANmOPxguapzTRkG3zjPXZeGyymK0XDWsWI0ivcb83dJfVd8jWwwAAGlidX33v//P/80ELzMhLy29+vntIcAZBgIMAAAAZDXhSPTE5bfUTj8vn3hTPcWMV4SbKovRck3D6lkU1zXmb3kDsdiq2sORiGw3AABcmtHJxf/2P/4Xs7tMhtS0pWtUtuZqgABnGAgwAAAAkNVEolGH21/fs/J1/hDlHN5LMVquGlbMorgui1F9RUqru05OXLLdAABwOch+/8//6+dM7TKfq3ZgCHCGgQADAAAA2U4oFClqmMmQ91IU1zWGSa8xRVW9G5t7stEAAHAJssR+Ra70fmAIcIaBAAMAAABZTTSqzQJdWK8JsBDUJ6VjeTVTb301FqPlqmHFahTXNYa5rhIq6H9a1DU2MS/bDQAAF4Wc8Lru+02Uq3NgCHCGgQADAAAA2UskEnV7gw6Xv7hxNmaqfy8YIh++XzR8Kq5n5fSF5lFc1xhFdNVo6ivyXUFvc/uwbDoAAFyUTC56lHrIga9CLCHAGQYCDAAAAGQvJMAeX3B58+SJbSymrA9KRv5mGfybJd5y1cQU1zSK67Ioosvy1ntj+bulr7SqXTYdAAAuxF8fWdMuhOnKzz76czQalQ1NExDgDAMBBgAAALKd3okto7vWdC7Zmufyqqe48YoYKs2juK4xiuiyxBmvmrLqDo/HJ9sNAADnZHV99x/++WdM57IqaZ8QCwKcYSDAAAAAQFYTjkRLW+Z1cZUprJt5VTn5TcFQbI8Wo+KaRnFdYxTRZYmzXJO86RMpruze2tmXTQcAgHPyf/8/nzKXy7b807/9Kr2dwBDgDAMBBgAAALKavSPP3/PjXPfrvMHviobf7mGiy6K4rjGK6KqJF12WU++N5UVx59TMkmw6AACch7Larqwd/GzMVw9LZIvTAQQ4w0CAAQAAgKxmfu34resaw0SXRXFdFkV0WeJFl0Xx3lge5ne1XeWCmQCAG8zPPvozE7nszPd/9EEaDRMCnGEgwAAAAEBWc3TitTXNpeq9FMV1jVFElyVedNUoxhuXvL6/W3rLqzEPFgDg3IxOLuZE96/I7//0XboGQkOAMwwEGAAAAMhqQqFIffcyt1w93xQMvaiYkE8V1zVGEV2WeMtVw0SXJS8upZVtwWBIth4AAFLjo9/9hVlcNuf7P/oAApyjQIABAACAbKd1cC0mvbHcLxourJ95VDJS1DDzbcEgM14RRXTVxIsuCxNdlnjvjaWksnt371A2HQAAUiD7J39Wky7JhABnGAgwAAAAkL04XH67098/uc3sl+T2fuHQw+Jh2nhiG/1aWxP4XOobL7osTHTVKNJrzCtr19z8qrwAAABIgWxe+zdRPvztF2npBIYAZxgIMAAAAJBF0NepUDgiNlzewNDMbufIBgnw/aLhmPpSHpWMfJNv0uuriC5LvOiqYaLLorhuXE7LHhZ0tXWNiMsBAIBUyJXpr4xJ1yhoCHCGgQADAAAAWQTZ7+aec3X7ZG71aHHjeG7taHrpYH7t+HXVRMxyHxQNF9ROfWMY9qyIrpp40WWJKa5pmOiqia//e15veXWbvB4AAEiBf/q3XzGFy4k8z6+TF3AJIMAZBgIMAAAAZAvhSHR9xzGxuD80vTM0s7uwfkwaTOmb2Hqgj3aO6W4Weq8xpVXtHo9PXhUAACQlt+Z/NuazL15dvhMYApxhIMAAAABAtrB/7GkZWCMBXtqwkwMvrh+Pze9NLOw3969+fSq9qalvvOiyKL7Kw0SXhRXH5+s8LUUVXavr2/KqAAAgKbl4A7DIBx9+BgHOOSDAAAAAQFbgD4SPHL7x+b2+ia2R2d2pxQMtSwcL68fDM7svyscv670UxVfjwkSXhRUrEeor8qSoc2RsTl4YAAAkJRdvABb5wd1fQoBzDggwAAAAkBW4vcFwJHri8mvjn6d3Jhf3Z1YOV7ZOyIGb+1e/KxqOie6zsrH7hUOxp3oU1zVGkdW4MNFVw+rjY/TeWL7L765p6JEXBgAASfnJL/7A/C1XkpZ5sCDAGQYCDAAAAGQRm3vOnrHN6aWDhbXjxfXjiQVtOPTc6tGryomY7hbVzzT2rnxTQA6suK4xiqzGhVmuGlYfH2a8amwVLcFgSF4VAAAkJkdnwBK5vGpCgDMMBBgAAADIIrb2nGS/ixvHk4v7JMDza0exqbDuFw59bRksa5l/VDKcVz35qnKcG6+IIqs8THRZWHF8mOWa5E2viK2qa3fvUF4VAAAkJqcFuKVrVF7GRYEAZxgIMAAAAJBF7B25yX5nVw7JeEfn9kZnd0dmdzd2nTuH7m/yB74tGGwbXHtsHSHRre9e4g6s+GpcmOiysGIlXHRZTr03lpclHVMzi/KqAAAgMTktwKU1nfIyLgoEOMNAgAEAAIDswh8IL2/a24fWSX1pY2XrJBAMb+w6vrZolvv3fHnH79PS0RflY5f1Xgqrjw8XXRbFe2N5mN/V1NovLwkAABKTdv3LZNADnHNAgAEAAICsIxqN7h97vL5g7KnLGyiomxLqK6PIalyY5aph9fHhoqtGMd64UIGlr7yyVbQfAACSkNMCPDKxIC/jokCAMwwEGAAAAMgNOobXyXuf2kYeFA0xX40LE10WVhyfOMU1DRNdlvhiW1X7yYlTth4AABLwD//8M+ZvOZTLqyYEOMNAgAEAAIDcYPfQ/W3BwHeFg9/mDzBx1cJEl4UVK2HuysNEl4UVnyavtHNufkW2HgAAEvCv7/2G+VsOBQKcc0CAAQAAgNzA5QmUt8wxceWiG5/7hYPPy0b5SwxhysrDRFcNq4/Pw/yu5jbcBgwAOIOfffRn5m85lONLj3OBAGcYCDAAAACQMyyuH8fc9buiwYfFQ8x430av+bul/37BYOwlsTBTNQkTXRZWzEMFeiy9pZXN4UhEth4AAMz4j88eMH/LlfzLT38djUblZVwUCHCGgQADAAAAOYMmwKeK+6B48FGJIsCK6xqjmKoSJrosrNgkp+p7GltV+8HBsWw9AACYUVbblXYDzEw++PAzCHDOAQEGAAAAcoaVLftDVXopiuuyKKYaHya6LKzYJHHSawxWAwYAnElr91iOCvDz/Dp5DZcAApxhIMAAAABAzhAIhut7llJXX8VU48NEVw2r54lzXZ43PZSH+Z2NLb2y9QAAYMZVGGBmkhbPhABnGAgwAAAAkEtUtc9f1nspTHRZWDFPvOiq0dVXJq/HVt4YDIZk6wEAwIyPfvcXpnDZnx/c/eXlxz8TEOAMAwEGAAAAcgb6rtU6sPp3Sz8z3melo49KhhVTVcJEl4UVmyRedFmM3muIrapza3tPXgAAAJiRi7cBp+UGYAICnGEgwAAAAEAuYXf6SHeZAP/dwkw1Pkx0WVixSeJFl0UxXpYXxR0jY7Oy9QAAkIB/+rdfMYvL8rR0jcqmXw4IcIaBAAMAAAC5RDgSbe5fEd6rmGp8mOiqYfU88aLLooguy9/zekUe5HfVNHTK1gMAQAJyazGktCyAJIAAZxgIMAAAAJBj9E1sKrIaHya6LKyYJ1501Siua0zMe42xVeA2YADAGYxOLubQKOi0zP8sgABnGAgwAAAAkGP0jG0o1qqHiS4LKzZJvOiyKK5rDDNelqLy9tW1Ldl6AABIwM8++jMTuezMD+7+8vjEKRt9aSDAGQYCDAAAAOQYfePxPcBMdFmMleaJF10WxXVZmOuyiJrHBe2tHQOy9QAAkACyypzoBP7si1fpGv9MQIAzDAQYAAAAyDEmFvY0cWWiqybOctXEiy5LvOWqYaLLwoq/zuspxShoAEAKkFsyl8u2pLf7l4AAZxgIMAAAAJBjbO467hf0c92NhYsuS7zoqmHuGh8muiys2BiMggYApEI0Gs3m6aC//6MPmjtHZFvTBAQ4w0CAAQAAgNyjrnNB9d4zFkMyWq4aRVmNYaKrhtWz/D2v50lhe3dvepYMAQDcbFq6RrN2IHR6Bz8LIMAZBgIMAAAA5B5zq4cPCgeE98byonz0UfGQcY+eeNFlUWSVxWi5algxC3lvLA8KeksrGsORiLwAAABIzEe/+wszumzIBx9+lt7BzwIIcIaBAAMAAAC5RzAUmV46eGwdVnQ3FsV1jVFklYWJLgsrVhPz3m8svd/m00u07ZLKto1NfCcDAJxNNBr9yS/+wKTuevP9H31wZHfI9qUVCHCGgQADAAAAucrk4v43lv5zeC9FkVVjmOiysGI1Me+N5XHJwIuyYbH9pLCtuzfN984BAG4qWeXAZL+26g7ZsnQDAc4wEGAAAAAgV9k/dn9XOEDe+21+/zf5Se1XkVVjmOiqYfUsMd1Nnm8t2lzQGAUNAEiR4xPnv773G6Z2mc+V2i8BAc4wEGAAAAAgV9k5cGnTQef1PisdflwyFGe8IoqssjDRZWHFLMxvU4mtonV370C2HgAAzuLaHfgqpn1mQIAzDAQYAAAAyFVIgLnxiuiC+sw29KRkMOarxjDRZWHFapjWitDbvakcZTtZnhW29Q2My9YDAEAKkANf11jof/npr5dXt2U7rgwIcIaBAAMAAAA5STT6X9v7zoq22YfFA0x9Rb7J66XEnj4sGnhqHWKua0ysMlGYzRrzvHToVcVI7HZf87zp/javE6OgAQDnJRqNfvbFK+Z4V51///l/XtGsVwwIcIaBAAMAAAC5SiAY3txzPLEOMVNlEX77oLCfHDimu8awehbusWZ5XDwQm+2Z5023MbbK1oODI3kBAACQGuTAIxML//Rvv2KmdxX5/o8++OphyVWseGQKBDjDQIABAACAHGZ2+eC7gn6mrLG8KBv5xhLnuvT0VcXoN5a+tHhvspwa77eWntflw9+c7nlZ3Do4MiFbDwAA54E0+KqXCP7wt19k2B4hwBkGAgwAAADkMB5fcGh6S3FXzXUfFg28KB1+XDxI249LBsmTaeOpdah9cOV56TB7iTFcZc+VN91PSwYeF/cL3aV8k9f9pmLkuW1QPL1v6SyvapKtBwCAcyK6gklTmfJdPv/+8/8cHp+n88t3yhQQ4AwDAQYAAABym4n53VNxjevsfVDYb22cIgem7We24W8tfaLsZbl2s67YNoar7Hlzarx1nfM17XOxpzJ5b2OrbMEoaADAZSBNJb56WHJ5dfz+jz4gnSapztiYZwYEOMNAgAEAAIAcJhiKTC3ukd/GvLewdqKkYaqgdqK6fW5m+cDaMCX8NvGM0JcLE9033Y+L+/OqRuVTg/fG8rK4dWJqTl4AAABcAtLg5/l1v//Td//y018zCUwe8t5///l/0mvJe+kk8nTXAQQ4w0CAAQAAgJxnYe3wvj7CuaF70ecPub2BY4fX6fbT9ujMtrhJOK9q7HXFKOWKvJfyTV73g4I+bVuRXmO+y++sqG6WTQcAgEuj9wdHSWVLazpJhslsKT+4+0sKiS4JIT2SIX/w4Wd09KuHJaK/93q9NwYEOMNAgAEAAICcJxgMV7TOVrfP+QOhYCi8vnOye+g6OvE6XP79Y/fIzDZ57zd5vY+KBspbZrjKnivxxsty39L7umKY6W5c3nSJlFY2Hh3bZesBACB9CBlOgqzLGiDAGQYCDAAAAOQ84XBk78jt8QVpOxAM7xy41rbtG7uO/SP3scPr84dWNo/zqkaf2YYeFQ9wp00xiu7GhYkuy6n3xvKyuGVialY0HgAAbjMQ4AwDAQYAAABuApHI224NtzewvnOyumUnE949cDk9ftJjst9vLIrWnhkmuixMdNUo6ivywNJeXdcimwsAALcYCHCGgQADAAAANxBy4L0j17HDe2j3OFz+jd2Th0X9XG6ThIkuC7NcNYrxGvNNnna3cGl5g9Ppls0FAIDbCgQ4w0CAAQAAgBuIzx/aP3Zv7Tt3DpwuT2Bt2/44lcHPTHTVMNFlUVzXGOG9sbyxtk5MYhQ0AOC2AwHOMBBgAAAA4AbiD4TWd05WNo9PnD4SYI8v2Du+HhPd1xUjlW2z31p6Y3uE3z6zDj4u7n+ru7Ew0WVRXJeFqa/IA0tneWVjOByRLQYAgFsJBDjDQIABAACAm0koHHG4tLt/j068xw5vx9AqiS5J74uy4ZqOuTeVozHvjaWxZ6GiZebtHia6egpqxmxNU/Kp4rqUkvpxS9UIbTDj5XnTZS1r3trelc0FAIBbCQQ4w0CAAQAAgJvM/pF7fefkwO5Z2jgqa55+XDJga5yKKe6Dwr6HhfrKvXoauhfKm6djrmsaTYAbJ43Gy1JYM/a4uJ/rbiwkxqd5mt/a0tYnGwoAALcSCHCGgQADAAAANxmfP7S569g/du8eupp6Fsly71t6LFWjwnhfV4xMLe6Vnipxcf1EeUtiAd/LLZEAAEw4SURBVFZc1xguumoM6htLaXm9x+OVbQUAgNsHBDjDQIABAACAm0w4oi0RvLplP7R7JuZ371t6yUVflg2R9L4oHXpQ0DcwsdHctyQU11I9+rpy5K3xiiiuyxJnuWrijZfFYm3GVFgAgNsMBDjDQIABAACAG442Ida2fefA6fYEGroXRGevrXHyqXWA/PZbS4828RWTXhHFdY3hossSL7pqvs3T8sDSXl7ZgKmwAAC3FghwhoEAAwAAADccry+4ve/cO3R5fMH6rvlv83tKGiYeFPUJy31eOng/v/et9F7Ie+9ber61nD6NF10W4b3GWMsxFRYA4PYCAc4wEGAAAADghuPxBuxO3+6B88Tpq2ideVE2NDKz9bJ8WOjuw6I+UuKLeW8sr8uHO4dWLFUjTHdjYdJrzNOC1pa2XtlWAAC4ZUCAMwwEGAAAALj57B+7t/YcOwfO0dnt8pZpS/Xog0LZA2xU3Ni2MUbRNcmp4hZUjz4r6Y89FWGuq+YbPZgKCwBwa4EAZxgIMAAAAHDD8QVC86sHJMAOl8/rD04t7jH1pTwq6rM2TBj3cNFliRddNUx0WYT3xoKpsAAAtxYIcIaBAAMAAAA5htPt9/lD0WhUPk9KKBzZ3D1Z3bbvH7tPXD6PN7Cyefyt0tl739L9tKSfNmKK+7i4v6xp6n5+T2yPTLzoGkMnuW/hrmsM895YHljaKyobZIsBAOA2AQHOMBBgAAAAIDc4snvIXRfWDrtH1gYnN8fndg7tHnksMeFw5OjEc3Ds3tg92TlwOlw+0uDmvkWSVaMAc8vVZ4d+WNT3dk+867IIvy1tnCCLjuluLEx3TfKm01begKmwAAC3EAhwhoEAAwAAADmA0+0n723uW2rtX+4YXGkfXGnpWxqY2PAHQuHIGWsIBYPh9W370sbRscPr8vjd3sDeoctSNaKq7zPb4JuKYeMeJrosTHSfFPd9l99t3MNFl+VNZyxPC5o7OvtkiwEA4NYAAc4wEGAAAAAg2wmHIyMz2639S51DK28zvNIxtDI8syW6gpMMiI5Go3tHrtWtY20iaJePiumxa3g1TnT1lDdPPxK9vorrshgtVw0XXRaD9xpjK6v1+fyy0SAr+eyLV//0b79CECS9Yfp6+UCAkwABBgAAALKdY4e3bWCZdFd4rzFtg8vNfYtzqwey1IxINHri9K1sHi1vHK1t23cPXXanb2Zp71sLv79XG/OsuK4xTHRZuOiqUaTXmHxry9T0nGw0yEr+47MH7Hs2giBZGAhwEiDAAAAAQLaztHHU2r/M1FekfXBlZGbL5QnI0gS4PH6y3wO7++jE43T7HS4fSXXv2Npb+1Vc1xgmuizcctUormvMt3kyj/LbKirrZYtBVgIBRpCcCAQ4CRBgAAAAINtZXD9sG0gkwMtjs9snLp8sTYzXFzy0e7b2HHuHLtJgnz+0unX8snTwSXH/fYu5ADPRVcNFl0VxXWNi3muMraxhawvf27IXCDCC5EQgwEmAAAMAAADZzs6Bs7lvsW1Qc+Du0TVtLDTZrz4iumt4pbRxcm4l2RBoQTgS2T10kQCfOLXbgNe37XTagYmNZyX9BdWjpup739L1qmywonnqUWGvcXYrLrosiuuyMOk15hmmwspuIMAIkhOBACcBAgwAAABkO4FgeGn9aHBys6V/qbptpn1wuW1gSTySwZLNhsNnTARNON3+uZX9pfVDrRP4yHXi8tFpx+e2SXfvW7qf2wa+s/TEFFfkQX6PpWqkoHrkTcXQ05J+LrpqFNc1hrkuDxXosZXWYCqsrAUCjCA5EQhwEiDAAAAAQG5Avrq8cTQ8vUkGu7p13D+xXt48tbRxJA+fRSQSJeml165sHJEMuzx+rz84Mr2VVzFcVDv2zNrPVjAyhosui+K6xnDRVXOqviIFtuapqVnZaJBlQIARJCcCAU4CBBgAAADISTz6cr6RJMsfmUEWTep7fOI5snt2D53kw7aGie8s5urLRZdFcV1juOWqiffeWB5Z2ioq6lLp0waZBwKMIDkRCHASIMAAAADA7SISiR7aPUcnnhOnz+MLjs1uPy3pS5f3UrjossTrLo9eYyuvX1hYls0F2QQEGEFyIhDgJECAAQAAgNtFIBgmAd4/ch3a3V5fcG3bXlA9crb3UhTXNeat4prGaLmmMRQXVfbU1LbI5oJsAgKMIDkRCHASIMAAAADA7eLE6Ts4djvdfrvD6/YGaLu8eUoo7lNr/7eW7rfGK6K4rjFGcTWP0XLVsOLTWEvrsB5SFgIBRpCcCAQ4CRBgAAAA4HZxfOLZ2D2xO70Ol+/EpY2C7hldI9H91tL1onRQWxP4+rw3lif5zXX16ATOOiDACJITgQAnAQIMAAAA3C4Ojt1r28f0KOLy+I9OPNOLu6VNk2d6L4WZKo/RctWwYpN0xGIrRydw1gEBRpCcCAQ4CRBgAAAA4HYRCkf2jlzb+44Tl4/s1+Hyub2BQ7unsmWKua4xiqnGx2i5pmH1PG+9N5anBegEzjogwAiSE4EAJwECDAAAANw6wuTAh7oDO30kwB5f4NjhreucZdJLUUxVidFy1bBiHi69LLbS6oODQ9lokAVAgBEkJwIBTgIEGAAAALiNBIJhcuCjE4/T7fd4A8FQuH1gSUjv46LehwXdiqzGh4kuCys2CXddY+6f5kVBQ3tHr2wxyAIgwAiSE4EAJwECDAAAANxS/IHQ/pHL4fLtHjh3D52jM1vFtWNkpy19C6WN4/G+ehomuiys2CTcdY2Jea8xpWU1JycO2WJw3UCAESQnAgFOAgQYAAAAuKUE9U5gst+NHTs9+vzB2eU90tQnxb2PCnvixJWJrhpjsUm46xrDjJflZVFjV1efbDG4biDACJITgQAnAQIMAAAA5DChcGRt237i9MnnKUMv3N53HNo9xyeeoxOP3ekNBMOkwXWds9/ld711Vya6LLEy83DXZWGumyhlZdUnJyey3eBagQAjSE4EApwECDAAAACQk0QiUfLV2eX99sFlcmC5N2Wi0ej6tn1169jp9u8fuQ7tbofL5w+EaKfW/ctEl4WLrhruusYwvz0zr4sbu7pwJ3BWAAFGkJwIBDgJEGAAAAAgJzlx+oamNrpHV0dnt8LhiNhJNnt04nF5AqTHYk8SNPU91u4BPjh20wY9Hp94dg6c5U2TZLlPinqfW/uv0XtjeZDXbrNV+Hx+2W5wfUCAESQnAgFOAgQYAAAAyElWNo96x9a6hlfaBpa297Vpouixe3ilc2i5Y3B5c/fsMcOBYPjQ7iYNPrR79GidwG5vYHhqg+yX8iImwFx0WbjrGsNs9rz59k075U1x/ejohGw3uD4gwAiSE4EAJwECDAAAAOQk/kBocf2QsrXnOLJ7Zpf3qlqnyX4ppMT94+vhiOwWTkQkEj12eEl66Qy7B07adulLIvWOrj4q6CEBLmua4LNhxYW7LgtT2XNFeG8s371pKyurQifwtQMBRpCcCAQ4CRBgAAAAIOdxeQLVbdOtfYuiB5gEeHnjUB5LSjAYJgE+tHu29x1Ot58E2OsLjs5uPS3pfVLc+7J04L6FSa8Id11jmMqeN0x9Y8kvaRxDJ/B1AwFGkJwIBDgJEGAAAAAg09gd3qMTj9sbWFo/XN44om3SzujZN+0m5ODYnVc5XNcx29q/qA+BXiKtlccSE4lG6X239hzUnhOnNzYpNL22pn1GkV4Kd11jmMeeN0x3We7ntT/IayuzlaMT+HqBACNITgQCnAQIMAAAAJBpVjaPhqY2Zpb2SFZ7R9eGpzcX1w53D5ypzFxlij8Q2tw96R5e6R1d7RpeGZrcsDu98lhi6FXUksNj94nTt3Pg3Nl3bO2drG0fkwbXdhgFmLuuMcxjzxsmumpIfWMpstZNTkzJ1oPrAAKMIDkRCHASIMAAAABARiHtnF7cJekdn9ueXd6fWtwdm92mrG3bo5fpBdZXNgoEw063PxSOpHIqKrE7vBu79q09x8GxmzZIwrW5oB3e0dmtypZJ5rosTGXPFWa5aozeG8tjS3NFWVVsymuQeSDACJITgQAnAQIMAAAAZBSy04n5nf6JdVLf0dntyYVdeko+TOYpKzKL3ekVw7CPTzz06HD5KGTCdZ0zL0v7HxV2p9F7KUx0WZjx8rxpL7bVLy4syqaDjLO6vtvSNYogSJbH7nDJf7RAAQIMAAAAZJoDu3tkZotCAjw6q220DSxt7WlLGV0LXl+QtFxskP26vQHa6Bldae6db+yee1U2cM3eS6EaPY/zmivLq9EJDAAA4GJAgAEAAIBMs7R+OKb1/e6Q+o7NbQ9Pb04v7vr8IXn4+nB5/LsHTnr0+oO7h86q1qnWvoWhyfX8qiEmtCmGia4aLrosp95rTJG1bn5uQbYYAAAAOA8QYAAAACCjRKLRqcXdoanN0Zkt8t7+8bXu4ZXjE488fK043b751X0xQzU16U35wOOi7vKmiYcFXcxsk4dZrhouuizxxsvyMK+1orwW00EDAAC4ABBgAAAAIHOEI5HVreOBifWR6c3hqc2phd2phZ3ukZXljSNZca1Q85zassBul8fvcPn6x1afW3tJaPOrhsTGmWGiy8JFlyVedNV8lydjKakfHhqVjQYAAABSBgIMAAAAZA6Pdm/tKmV8bntifmdocoM2ekZWaTtyuSmg00UoFN47cpH9Ot3+4xPPzNJufuXQ67KB7yzcdY1hosvCRVdNvOiyxLw3lgeWtvKyaqcTs7wAAAA4HxBgAAAAIHOQ5Pr8IXLLkenNzqFl8t6x2a3ByQ3akx3+q62l5PMHnW5tLmivL7h36Hxp62O6GwsTXTVcdFniRZeFSS/Ly4L69vYu2WgAAAAgNSDAAAAAwDVAerlz4Jxb2e8eWdnaO5F7swZtLLTb5/b4I5FoS+98Jr2XwlyX5X5em0hZec3u7p5sMQAAAJACEGAAAADg2vAHQrsHTpJM+TybcHsDZOmBYHhn3/GspCcV9eWiyxJvuWqY6LLEvDeWZ/kNtbUNsrkAAABACkCAAQAAAGAC2e+J0+d0awOhG7tnmesaw0VXTbzosjDRZWHSy2ItrVteWpEtBgAAAM4CAgwAAAAAjj8QWt+x7x5qawK7PYG+0ZXvLCbdv1x0WeJFl4WJrhrmuiyi5rGluaKsKhyOyHYDAAAASYEAAwAAAIATiUadbp/d6XW6/S63f2ff8aZ8IC3eS4kprmmY6LKwYkpBScPkxJRsNwAAAJAUCDAAAAAATIhEood2NzkwCbDD5Zta2Hlu7eGua4wiuixMXFmY6Kph9bE8zGsttZX7fD7ZbgAAACAxEGAAAAAAmBAIahN0kfo6XT6Xx+8PhJq6Z7n0iiiuawzzVRZmuWpYvRIqaHtdVN/b0yfbDQAAACQGAgwAAAAAE3z+oGa/bk2AaSMUCq9tHVnrR9LivRQmuiysWInmvYa0ltoqTuxZt5oUAACAbAMCDAAAAACO2xsg3T20u51uvz4RdCAQDIfCEXpqqx+tbZ+21Y0y441FkdW4MNFlYcVmMXrv2zzLb2iqb5atBwAAABIAAQYAAABAHNHof23tnSxvHLo8mv3So88f9HgDdCgYDHcNLZU1jrX3L7wp6zdqsGKqcWGiq4bVK4nTXZ43rRSbtXp7a1tcAgAAAGAKBBgAAAAAHH8gtHfktDu8xyeeE6fX4fK5PYFINEoavLFz/Kig81G+lqdF3YqpxoVZrhpWryRedNXo6ivyOK+psqI6HA7LawAAAAAUIMAAAAAAMIG8d3nj8ODItblr3zlwyPuB3f79I1dZw5gQ1McFnXnl/QZffRsmuiysWEm85aoxeK8xRSU187ML8gIAAAAABQgwAAAAAExwewLL6wcLq/sHx26S4SO72+sLeH1BtzcwMbf1tKiLTPWBpeNRfqfRXZnoshgrEyRedFkU441LXtvDvJYyK5ZEAgAAkBAIMAAAAADM8XgDbo8/Eo3SdvT00eHyrW8fi47fJ0Vdr0v7aIPk9lFBx8P8DqPuGmNQXNPEiy4LE101huK8otrhoRG9+QAAAAAHAgwAAACAc+B0+7d27d3Dy5aKATLbN+X9pMG08bS4q6Ru+HFR53eWNHkvhYkuCyuWaS3DkkgAAAASAAEGAAAAwDmIRv/r+MSztXfS3DNLilvVMmGtH3ld3veosJNkuLpt8llJ99Oirof5HYruxsKUVQkTXRZWzPKm9bmlvq62HrNhAQAAUIEAAwAAAODcuL2Buo4pEuCyxtHajqlHBR3lTWOvbL2PCzotFQNvyvqsdSO0HZPeUx9WfNUYJrosrFiNobjEWjM9OSXbCgAAAJwCAQYAAADARRib3SQBflrc9aRIE92Y7j7R58d6aeslExZ7yE4tFf2PC8iBFWulGMTVPKyehRXrefimuRwDoQEAAChAgAEAAABwEYKh8Mj0xpsyk2WQXpf2PSvujjnqC2vPK1tP7OnbKOIaF1bMwoqVvCioa6xvlG0FAAAAdCDAAAAAwE3A7fHvHjhDoYze+BoKR6pbJ5n9kp0+yu94mK9tiNA27Yk9ZabKEyszDStW8iDvbWyl1TPTM7KtAAAAAAQYAAAAuBnMreyVN417fUH5PFOsbh491RdD0odAK75qjCKrcWHFalh9fIzeG8tjS3OZtdTj8ci2AgAAuPVAgAEAAICbgMcXOHZ49MV6M4rL42/rm69tnyyoGuDKKqLIKg+rZ2HF8WHGq+ZVYW1zU4tsKwAAgFsPBBgAAAAAF8cfCNkdnqmF7ebuWeONvs+Ku17beijCVF9au4trBmPiqiWmuKYxVpqFia6Sllhs1srlpSXZXAAAALcbCDAAAAAALk4gGD6yu3cPHLb6kQcW/b5fXVALKvsrm8fqO6Ye6ntq2ya7hxettUNxlmuaeNFlUUSX5a33xvLY0lhmLfX5fLLFAAAAbjEQYAAAAABcnEAwtLFzvLVrn1/ZbeicelnS/aSwQ8jqK1tPXlnfm7LeuvbJzsHFpu6ZhMOkKfGiy6KILguXXpY3hTVtrW2yxQAAAG4xEGAAAAAAXJxIJBoMhkPhyMGxq61v7qW1+1lRp9FdHxV0dA4u9I2t5Fea2a+hUo0iumq468blzduU2irXVldlowEAANxWIMAAAAAAuCyRaNTh8k3Nb72ydkt9PVXcN2V9hdWD1rrhyubx2M6Y4iaKIrosiusaY/DeWJ7kNVSWVWIgNAAA3HIgwAAAAAC4LOFIxOnybewc13dOv7Xc+Dwv6dY2FNc1RhFdFsV1WRTvNSavsLqns1u2GAAAwK0EAgwAAACANBCJRo/s7pq2SaP0vo3iusYoosuiiC6L4rpxeVvZXGqr2Fhfly0GAABw+4AAAwAAACA9hMKR1r65B5Z0eS/FqK9KmOiysGI9TywNFaXlwWBQthgAAMAtAwIMAAAAgLRx4vTmlffF/DbmuizxlquGi2tcmOiqYfXxyS+q7uvtl80FAABwy4AAAwAAACBthCOR8sZRYbmvS3vYjNCK6LJwWeVhosvCilneNJ+mqcxWvruzI1sMAADgNgEBBgAAAEA6WVrff1PW+7ignR6v33spb9VX5pmlrrK0PBwOyxYDAAC4NUCAAQAAAJA2otHoscMzOb/1pKDjoaVNcV0WRVaNYaLLworVKN5rTFFJ9eDAoGw0AACAWwMEGAAAAABpIxyOeLyBE6e3vX+uqnmsrGHkcX57Or2XwupZFNc15mFey2maS62l25ubst0AAABuBxBgAAAAAKQNl9tH9uvzBylzSzsdA/OvS3tS8l4KE10WVsyiuC6LQX1lnlrqK2ylHrdbNh0AAMAtAAIMAAAAgLQRCke8voDD5fN4AwdHztbe2UTq+zi/7UlBu7bNRJcl/lUmUVzXGCa9LG8KaxrrG3AzMAAA3B4gwAAAAABIM+FwxOX2kQkPjK9wXz3Ni+LO17ZurruxKPU8iusaw0TXLFSjpdhaOTI0LNsNAADgpgMBBgAAAED68fmDHq9/dHrNaK2PLK3PCjusNYMFFX1PC9u59IoY6k2iuK4xiuWqkd5rSFOZtWxjfV22GwAAwI0GAgwAAACA9BOJRl0e/96ho6l7mryX3PVRXutrW3dF40h+ee/DvNY0ei9FEV0Wo/HyPLE0lJVYnU6nbDoAAICbCwQYAAAAAOknHI44XF6PL3Bkd1c1jZLiWsp6KU8K2kmDn+S3PS1sfyruAU4exXWNUUSXJU50k+RlfnVtVRVuBgYAgBsPBBgAAAAAaUazX6eX4g8EA8FQ/+jyi+LO50UdBRV9lvLekuqB1t7Zlp6ZouoBrruxKK5rjCK6auL8NpUUlVT19fbJCwAAAHBDgQADAAAAIM2Q9O4dOhwuuR6Sy+0rqup/ZGkrrRtu6poaGF/p6J8rrhl4qA+Nvl7vNaSptKR0bWVFXgMAAICbCAQYAAAAAGlG3ABMAux0+zy+ADnw1MLWyNTawNhyY9dU78hSaf3w69LuJwXt5MBaLqu+Ro+9eHAzMAAA3HggwAAAAABIP4FAiARYWxPY6XW5fZFIhHa6PD6y3+qWsbzynle2Lkt575P81qeFbXXtEwUVvUx6KYrossTpa1qCm4EBAOBmAwEGAAAAQPqJRqPkvWS8chS0R1sW2OP1kwDry/++tdySmoHhydWhiRVLWY/Yo4iumjhrTW+KiitxMzAAANxUIMAAAAAAuBL8gRB5byAYIgF2e/0eb4AceG5p55Gl5bWt62lBm9DdJwVt5Q3D1trBx/pY6KThsprOvGk6TSNuBgYAgJsKBBgAAAAAVwIJ8NGJmwSYvNfl9rk9fnqcWdwuquorqOht7JzsHJij5Jf3vrJ2GUWXlLiqaZQM+XSPIqtpzFvvfZsnefVlJdYTu11eCQAAgJsCBBgAAAAAVwIJ8P6R0+PVvFdMiKVtOL2Tc5uvrJ3kwGX1w2UNw6X1Q08L2mP2S6FDrT0z+RU9XFbTGEV6WV7lV1eVVwSDQXkxAAAAbgQQYAAAAACkjUg0Sq4rtgNBbR6sE6fX4wv4A0FhwqFwxOsLTM1vPi/uELpLG7bawcf5Wn/vI0vr86KOx/ktRVV9L0uoQBHXy0dxXWMe5b1NYXFlZ0eHuBYAAAA3AwgwAAAAANIDGe/mzvHS2h7pbjQaJeN1kP16/f6Adhuw0+WlAiqjp06Xj8rKG4bzy3vJfm11Qw0dk9Uto83dU2X1Q1xZ0xLFdY0xeq8h2s3A87Nz4uoAAADcACDAAAAAALgskUjU6fatbx+R1h4eu1Y2Dk6cnkAgpHX/erXuXxJgYb/ilmB69PgCVU2jbX2zJL0d/bMNHRN9o4sDY8tdg/PPitqEtT7Obyms7C2q6qM8slzoZmDFdVkU6Y3LU0t9aYn16PBQXCYAAIBcBwIMAAAAgMtCuruwsru2dSjGPJMG02M0GnV7tO7fUDhM0ksOHA5HSH0poXCErLisfshS1l3VPNo7Quq71Dey2D+2RBvPi9uFvj4tbBscXx6aWKH9VPk4v/Wt2SaPIrosTHSVNMbyMr+63GrzuN3yUgEAAOQyEGAAAAAAXAoSXX2Es290am1z53h142B7z0476VA4EiElduujoMl6A4GQGP/s8Qbo6ObOkbV24HlRe2ndYGPnZFPXZE3rWHnD0JMCTXRflnTkV/Q0dEy09832jy6RCRdX98dZrmkU1zVGEV2Wt95rjKWwqq6qGhNiAQDADQACDAAAAIA0EA5HNnaOJuc2D46coXBE7NSGRru8Lo+PDJl2hsLhQFBzYG154GCYJJlUmUSXjLegsrdnaKGubTymsq+sndXNo6THRVV9ZfVDFY3DTwvl0GiTKK5rjCK6arj0GvNYnxCrtak5HA6L6wIAAJCjQIABAAAAkAaE9AYCIdH3G4Ok1+3xk/eSIYcj2hBoEmAKKTFVnjg95L2dA3NjM+trmwdj02u22gHhtOS9JL117ePWmgFb3eDj/Lf3AD+2tORX9DwtaLOUdjHXZVFEl4W7rjHkvYY0lpRU9HX3yKsCAACQm0CAAQAAAHC1RCIRt9cvxj/To0efBEsbEa1bMZnwwsru+vYRCfD8yk59+4S41/dJfmtZ/dDg+HL/6NLQxErsxmBKXdtY38hiU+dkSXX/86I2Jr0URXRZuOuyxKuvzBOLNin09OSkvCoAAAA5CAQYAAAAAFeLJsAev8frd7p8Wl9wKEwOTN5LIQH2eANkv9t79tWNg6n5zcbOyZjrinuAe0cWa1rHaNtS3vPG1mWt6a9sHC6s6HlV0vHa2vGSiq/Se2Ohgqd5dWVW28b6urwwAAAAuQYEGAAAAABXSzgS0Se+0u4DJt0lGdYGRZ9Oi+X1BeaXd8h7RyZXB8eXSXdjk109yW99ZGnRFkB60/S6pKOqabi2ZdRS2vXYEnfTryK6arjrGsNEl4UVP7PUlZVYD/b35bUBAADIKSDAAAAAALhywuGImAorEon6A0GSXrE/EAyRDA9PrlS3jPaNLpIDT8yuVzQOCwE+9dtma01/9+BcS/dUe+9MTctocVVfauob564sTHTVsPpYnltqyq1Wp9MpLgEAAEAOAQEGAAAAQCbweANOl5cc2OMLiGWB6ZF2Uo5P3E63j0yYJJmUmJ5WNQ0XVvQ2dEyUVPe39U5T2vtmyuoG80q7alvHiqt680o7Fd2NhSsrCxNdFlbM8tiiJa+wuqqiEgsjAQBAzgEBBgAAAECGINd1OLVlgR0uL23Qo5gOmhI8HQ4dCkciUW3xpJmFre6h+f7RxYGxpabOyRdF7S+K28hvnxe15dk6iyp7Cyt6LGVdT/Nbnhe2XrX3UoT6xlJQXNnU0IiFkQAAILeAAAMAAAAgQ0TJbN2+E6fX49VuAyYH1tQ3GCYNJvX1BzQTpgSCISreO3QMji1pNwaPLZU3DBo6eJteWzvIfhs7J7oH55o6Jworuh9bEhosE10WVqyGea8xJdaKro5OcWkAAAByAggwAAAAADIHWa7TpQkwmTBtUGgP7Y9EIqI32KObMDnw0tqeGPlMrvusoIUJMOWNraO2daS4qqehfSyvtIOLq+K6LKyehbkuj3Z+SoPNWj45Pi4uDQAAQPYDAQYAAABA5tBnvfKFwhHXqQDTnnAkIqIf9Xt9gUg0urqx/1If82wMSW9hZbettv9ZISlx47OC5tK6/sKK7jh3VVzXGGOlGi66aqT6yjzJqy+1li4vLsrLAwAAkN1AgAEAAACQOUhxnW6fmASL7Jd0lzbEekgkwrRfzIYVDkfIkwfGlp6+7fvVBDW/rLOsrr+iYfB5Uautpi+/vIuU+FUJeTLpKHddY8TLk4SLLotBelmeWepLS6y7OzvyCgEAAGQxEGAAAAAAZA4SXfJbenTo3b+ku+KmX4/X79LV16/PDk0bopgc+En8/b2FFd0kwAUVXfRYUt1bVjdQWNHDdDcW4wtNw0WXJd51lTSIvLDUVJSWntjt4hoBAABkLRBgAAAAAGQOctoTp4cUl3TX49X6gYUAB4NhNzmwR+scDobCpMF6gf/E4altGSmsfDvI+Wl+MylxSVVvcWVPvjYLdDOTXpFYvWm46LLEWa5ppPrG8jK/qqqi0uN2y+sEAACQlUCAAQAAAJA5SG7Frb/kvWLAM23rk0L7yI1DYW0sNP1PMKjNC02HSInHZ9Z6h+dbe6aqm4cfW6TfFpR359k6n+a3xIxXhIkuCxddNXGWq4Z7rzH5RZUNtXVYGAkAALIZCDAAAAAAMkckok1/5dCkN0DeSxsnTg/JsBBj0mB/QAyB9ulzY0WohgS4a3C2a2C2vH7AUtr5xtpRUtX7qrittLa/snGInp7pvRQuuixxlquGuy7LE4tMibWqp7NLXioAAIDsAwIMAAAAgAwRjUbJbOXdv3roqXbrr9dPokvx6yYc0CfEikSjlIDeFby4slPdNGyr6SurHahrHW3rnW7umqTHsvqByqah50WtTHdj4aLLEme5arjossS815B6a0l5b0+vvGAAAABZBgQYAAAAABkiEomS9DqcpwLs1vp7SXHJeGmLRJe2/YGQ/hgkH6Y9ZMJhzYWju/sn7b3TDe3j5L19IwudA7ONneNFlT2vre1MeilcdFniLNc03HWNUaQ3Pnl1cGAAAMhaIMAAAAAAyBAktyS9ZLYuj1wEmKLPg6WpLyUSiYh7g6nG7dHmhRZPQ6Gw7sD23uH5/tGFofGlroHZgvKux/ETRHPRVRNnuWq46xrDRVdNXv1pNAfu7+2Tlw0AACBrgAADAAAAIEOQxIYjEdow3AmsTX/l9moLI/kD2ozQwWBIzP+sdf8Gtc5feqSn4XBkRxfgnqH54cnlnqG5vNKOVNU3znLVcNdl4aLL8tZ7jamz2SoG+uDAAACQXUCAAQAAAHANkPQ6XV5yXYqf7NcfJB8mGSY3JtclE/Z4A7GB0HRUjIsWDtw1MDswttjYMZ5f1sld1xguumq46xrDRZeFGy/PU0t9KRwYAACyDAgwAAAAADJNKBwm7z08dtodHhJdMt5AIEQbLo825pl0l6SXQjJM0ktxe/yhMG2H6OjewQk5cPfQHDlwZePg0/ymLPPeBkM0Bx4eHJSXDQAA4LqBAAMAAAAg00SjUXLdE4fH4fQK1yUHpkddg/1iQiyKW78TWN+j9QCTNtNO0uD9I0ffyDxpcEf/dFl9//PCltTUl7uuMVx01Siua0y89xpTX2otnxyfkFcOAADgWoEAAwAAAOAaCIbCJLfkvWIlJG2EszbsWXNdYcJ0lA6JPeIQFYvFgenlh8fOkcnlps5xW21fcVXPi8KW5wUtzwqaFemlcNdl4aLLoriuMYruqql/ll9ns5bCgQEAIBuAAAMAAADgOiGndTi9J04Pea9LN14pvYEgGS/F59cmhaYIH9YdOOpweXsG56qbhl+VtJHl5pd1VjYOvSpuNarvE0tjeX3/GysVcOmlcNFlUVyXRRFdFu0e4FjgwAAAkCVAgAEAAABwzYgBz/qKv5FAUFsTOBAIhULa5M8U0l06oOmx20ePbo8/Eo1SzczCZkXDYGFFV56tgwS4s3+mqXNCGw6t++3rkjay3+qmIVtN77OCpmvxXmPIgUttZdOTk/KaAQAAXAcQYAAAAABcG/q8Vtpsz+K+X0199dWAgyHtdl9yXbFUEm1TJVkxRZsyOqCtluTzBydn1/uG59t6plq6Jwf09YHbe6del7Q+0e4HbiA3fpYv1ZeLrhrFdY1RRJclznXVPNPzPL+uzFYOBwYAgGsEAgwAAACAayMYDLs9PofTc+L0ON1el0fr4yXLjUajJLr6wkh+l9vndGlzZdFR2iYfpkd6STgcObK7egZnO/unuwdm+0fmx6ZWBscWW7snbTW9JL35ZZ3PC5q56LIormuMIrpq4kSXRXivMXBgAAC4XiDAAAAAALhm9Dt+tR5dslyK6PIlN6adYhQ0CfDxiZt0lzZIlcXOSCS6d3AyNL40s7BBAtzRN907PEcaXN82qncCK65rjOK6LIrossSJLguTXhbhwIvzC/LiAQAAZBAIMAAAAACyC7FKMPmwmAuaNuiRtsWwZ60rWO8TDobCu/t2YbwV9f2FFV0Ua02PpbSd624siuiyKKLLEie6apjrKqkTeWGpKbWWriwtywsGAACQKSDAAAAAAMgiIpGIdpevPyhGO1Nog9RX3CccjcoJsRxODz0lVd7aPbJW91Q2DjS0j+aXdTDjfVl0OgQ6XnSf5ze+LGx6XtAoniqiyxJnuWoU0WWR3msMHBgAAK4FCDAAAAAAsoVAIOR0eUVIfbUpr/QVgCkOl5ekl/aLHmAxdRZt+3yBxdWd4Yml/pH5jv7pmPpSiiq7Siq78kvbSXdj6ktCS3sq6vuLK7vyrK3xoqsmTnRZFNFl4dLLIhx4bWVFXjwAAICrBwIMAAAAgGwhHIloruuUDhzr+6Vtsl/RJ+z2iEmhZRexeLQ73INji5390609k+29kwWl7eS6L4uaSX2LKjqLKzpjAvzG2lrbPGSxtb0obFJ0NxbuusYooquGu26ikAOXWUsxJxYAAGQMCDAAAAAAsoVAMERyKyzX7dFu9KUNsZ+eBkNhbSC03utL+6mMnlIC+vJI23vHU3Pr/cNz9W0j5LfkuvRYVttLKSjTfJjyLL+xsLyzunGQHLi+ddgovaTKTHTVKKLLwv02lTzPr7VZS4cHB8UnAAAA4EqBAAMAAAAgWyDFpcdIJHJ47Jxf3t47ONnePSbRDYe1lYEj0Wg4EnG5SXw1Dab9Pn+Q9pMeuzy+aDRKGtw3PPeioOlNSWt+aXtlQ39FfR/lzelQ5+LKrtKa3u7BmcGxRToqduZZW54XNFqrupjuxqKILgt32nPluZZaW0l5Z0dHOKxdPgAAgKsDAgwAAACA68cfCJLLOpyeI7tzcWWnb2R+YHRhdGpldWP/+MRFR72+AIkuGS8JsBgCHQqH9b5ibU1gEuBIJErn2T88aeoYbe4ca+4cb+2eqG8bqajv13t3GwrKOmiPNky6e6Ksro+kt6iig1Ja28OMV0QR3fqXhY2Gp1xlzxXde+NSVFzeVN9An4L4QAAAAFwFEGAAAAAAXCeRSIQeN7YPp+bWxXRWMwubZL+zi5u0TY8Olzb3FT2S+uqPPm3uK31yLDEtlgidh9jdt49OLlPGppbHp1dId0mGXxY2kwC/LGpu75nsHpjpG55r75noHpju7J8iWy6p7Hpd0pLEe2OxVnW9KCAH5jabepj0shQUVdRWVnncbvHJAAAASDsQYAAAAABcD9okz3rXLonr5s7h3OLW4so2OfD4zGr/yPzo1PLQ+OLewQnV+PwBl8dHAkwbMe8NBLWVgeko7dGVWEtAuyVYWzeYPNnp9pL9VjbIHmCS2/zSto6+qYHReXJgCm30DM5Yq7tLa3sKyztsVV0l2oxZHa+Kml4VNr0paX5Z0Kgbbz1tPM8nB+ZCm3qY6yqpFckvrKgsLT2x2+VnBAAAIK1AgAEAAABwDYTDEfJYbfSy23vi9EzNr88tbU3MrpED0+PY9AqFTHh+efvgyOH3B0mSSXRDYW0eLOHAYiC08F5yXVJiOhWdlk4ejWrDoUmwSaFJcSvq+/KsLaU1PVWN/QPa4Or58ZmViZnVobGFlq4xMt58W6uturtvaLapY3RgZK53aKZ/eK61a7ylc6yiriff1lJZ3/uysKGwrO3FOTVYEV0W6b3GvMmvqLCVHuzv658TAACAdAIBBgAAAEBGiUSjelettsav6AQeHFuYWdhYWNmeW9ykbZLhlY292cXNydk1XVZXfX6to9jl9rk8PrceehU9kglT6DxiD52NnpIG02MwFKad9PLmzrGa5sGWrvGugelBXX1X1nc3dw5394/nl7fIgfuGZ8l123smhBvTnomZlZ7B6bqWwfae8aqGPhLg10XayGeLrSXFfmBFdNVw7zXmdX5VudW2sb4uPzIAAABpAgIMAAAAgEwjemgjkUggGNrePRqbXlle210kAV7amppbn5pbm5xdpacjE0td/dPLazuksk6XNveVNrBZv+NXk+dgiJ46nB59PqxImM4W0FZRoqMOl4dcms7T1DEq7ux9XqANga6o75tb3NjZO9o7sK9t7q9v7k/Pr/ePzLV0jnX1T/UPz/UNzZIP057mjtGm9pHCsjaSXia3SaJYrhruusa8yK+L5XV+dZm1dH52TnxiAAAA0gIEGAAAAADXgMvj29w5nJpfH55YWlzdIe9dWd/T+oGXtX7gsakV0teh8cXh8cWl1R2X23tw5BDqq4121kP2q/f9arf7kgCLcdFUIHqG9w9P9EmwpvKscoIrMZEVaS2dkNR3a+eQMr+8RZmhZowviIxMLA6NzVNZbfNAXfPgi4L6VHp9FdFl4a5rjNF7jXmVX1NqLRsZHpYfGQAAgEsDAQYAAABARolGo/5AcHJujbKwsk3+OT2/TgI8u7hJajq/tEWPa3rf7MjE0sTM6sjkMgmw6O/16R28McsVe4IhOfL59E5gbZpoeiPaqGsdep7fINRXpKqhf2JmZXV9j7K2sbewvLW8trO+tb+5fbC9e0RKvLa5p3c+L45NLfcMTrd0jpZWdxWWtZHlviigU6XNeynMeFn0As2Bezq7sEQwAABcnrmZGQgwAAAAADJKKBQ+PHbOLW4K1yX/pI25pc2ZhY3x6ZWF5W2yX9pP6ru8tjs2vTI4tmA/cZPikuvSoxBg0l3NeF1ecRex6PsVAqxV+rVFg0mDqxv7rfrczraqrrKanpausb6h2Zn59cWVLbLf1fVdetzY2j86dlIOjx27+/aVtR3aOU/tmV/vHtDuBC6r7bZVd70oqC+p7BCTYCmiq4a7rjFMdFlY8XNLjdVa0dbcgiWCAQDgMkyMjZVbrRBgAAAAAGQUUlbS1MnZVTLexdUdepxd2CAfpo3p+XVS38WVbdqYnltf39wfnVomB6bH7d0jfbSz7PsV6kuWS/YbDIXIjYUP0yF6i2Ao7HB5qPLY7ursm+odmqltHmzpHBsYmRd3F5PfrqzvUki/SYbp6cbWwc7eMTkwvdHaptY5PDa11DM4XV7bQ8b7uqixqLydzPZlQX286LIwd40LE101rN6Y4pKKuppan88nPkMAAADnoq+np8xqtRUVQYABAAAAkCGi0Wg4EgmFiQiJ7uDYAqnvqjYOeZsUd3Zxc3ltd3J2bX55a3x6lR5p//D4EoV2Hhw5SGvpDCS9oo+X/Jak1+sL0Nm0/l59OmjaQ0dJiV36dFn0plu7R+V1vTVNA9WN/U0dIyTAJL2b2wf7hyck2GNTy90D0+0946OTS6TBS6vbZMXrW/vzy5u0hwS4oq63sKytqr7XWtlhKWkur+0mGc6Y9+qpESkoKq8qr3A6neLDBAAAkAr0fzntzc3luv1CgAEAAACQOTQB1qdr3tw+HJ1cJt2dX9oiuV1c2SbXpe31rQNtaPTylpgCmjI8vjg0tkCySoobCGiLIfn0NYHpVOTApLhCg2mDQg5MT8W22EkvISvu7JssKm9v6dKmeiatJcUVM2CRCdP527rHGtqGqYYyNDY/MrE4Mb3SPzLXPzzb3T/VPTCl9wN3t3SOtneP17cMltV0vcgX/cDMVHmY6LKwYiXSe43Jyy8vs1qPDg/lBwoAACApwWCwqa6urKRE2C8EGAAAAAAZhQSY7PXgyEFyu765T6I7Pr1CDjy7uDm3tLWyvjcxs7qwsr2xfTg9vz42tTwyubS0ukO+S+orRjVr9/fqyx15vH7xKHRXjzb9Vcx+6ZFsmd6RXkVm29g+PDAyt7K243B6dvaOSGt7h2b6hmYs1paC0taXhQ3P8+ubO0ZJdCmDo3NUPDgyRy/s6JkgSW7vGe/snRweW6hu6FNkNS5MdFlYsVm49xrzpqCi3GpbnF+QHygAAIAEeNzuuurq0uLimP1CgAEAAACQaaLRqN3hHh5fWl7T7sJd3djrH5mfnju9+3duXR+KvDMwOt87NDswMr9/eBIKh4XrBkNh4cCa/eoDoUlx6ZAISS/JLRWQ+DpdHhJgeqH+NGA/cW3tHB7ZnbQzGAxRGZ1278De1T9VVttd1zJIelzT2N/VN9nZO1HfMkjbFNogQx4jCdcatjYxvdw/PFNW0/VKuxOYWWvahjqb5kX+27wqqCorsfV2dWNqaAAASMTR4WFlaalRfUUgwAAAAADINIFAaHJ2bXBscWpujTR4en59bmlzbXN/fnmLfJgceHJ2lR4Hxxa6+qe3d4/8ZLl6fy/prkM3WxHaFsOeY3tIfWPbdNRHL9G7jukpObM/ENT8WZ8xSyi03eEi356aXV1Y3iTLnZlfI9HtH55tah+mdPRMkACPT5EAU8N21ze1mbFaO0drm/oLy1qFuDLLVWNQXNNw12Uxqq8h1SXFZXU1tbglGAAAVBbn57WbfgsLmf1SIMAAAAAAyDShsDZLs+bAowsr63sz+mhneiQZXlzZFvNU0dG5xU0yZKc+l1UkGtWcVu/g1Xp6XR4yWE1ifQHSWqfLQ6FDpNZan/DpLFnCcoUPU+S4aF+Ador6w2PHxPTKytrO7t7x7v7x/oH92K71FZPuzi2skxgPjc71D89MTC8va/Nj7UzNrtBTcuPS6k4muiyK6LJw0WVRjDc+VGCpsRSUV9hKtzc3xacKAAAgHA73dnaWG276ZYEAAwAAAOAaCIa0Uc1kudr0y8tb2jJI83rH7/z6gtYTuz48vjgxs+pyy4V/IpGINqNVIBiJROm1tEESS2fQ7gfWFVdIr357sPZUnzFL6xym/cKZaafd4To6doptETLq2YX1gZE5rRmLm+ub+zt7R2TC9Li2sbu8tj08vkDG2z88SyY8qKe9Z7yovK28tvtVYQOTXooiumq46xrDRZdF915jXlsqy0qs46Nj4lMCAIDbjMftrq+uNk55pQYCDAAAAIBrgKQ0Go2Siw6NLcwsbJDxismfyYRpz/j0itbN6/SQ0Eb0uaM9XrJb7XZfst+QLs8OvdeXJFb0A1Ol2KD9JL3BkPaUjtIb0SG9i1j2AFON36+5NBmyGA69uLI1OrnYMzA1MDK7srZD9ru6sUvS2zc03Ts4PTKxQBkam6eQADd3jJAAF9haisvbzqO+3HWN4aKrJt57jXmZX2OzljU3NgaDQfnhAgDA7WN3Zye5+opAgAEAAABwDYRIaqNRUtn9w5O1zX2S3onpldHJpcnZVfJPslbtvl99jV8qpkexoBE90iEyW6G+4lHcGHy6X7sNWPQPa93F0WhQXzdYVNI2ibE4iainnRSyanq6ur67vXtITz1e7aZi/abf/fGppd6h6f7hmZHxBZLk1q7R8trufFtzWryXwkWXJd51WUh9YykqKq8sLcMKSQCA28nUxESim35ZIMAAAAAAuDai0Sg9kugeHDlOnO6jYyeprDikrWAU0eyX0GeB1u74JY8V81qJvlzao3f2alM9O5zaXcEkt1R/KrraaklUJuyXLFdINRWLPYdHDjEvtHY0QDIeFkocOzmdam1jd3B0juyXHHhgZJa2qxt6s8d7jcnLxwpJAIBbRzAY7Ghr0+xXcV3TQIABAAAAcG2QlJLByifxCDcWkPFqchsMkZeSvopHYcJCa8V4Znokj6VdVCxkmAqEA1OojHZqnuzxkR7THrJf+4nr9KhcUphCJ3frO+mcewf2qdnVmfm1sclFSt/QTGPbUHF5m2K8sXDXNYaLLku86Kphxquk+nVBZam1FCskAQBuCSd2e21FBVvpN3kgwAAAAAC4NsKRiBjkzCD7DRkUjrb17lw/RXTPkqPSC4UA+/xahzBt6AarrwPs1W7u1WQ4qPUDC8Wl1wrvVXNsd5443EJ66VT0cpJkOhWdkLZX1nYmZ1YGR+fIfkl9C8taXxaoPcDcdY3hoqsmXnRZFNFlqY5PVUlJeT1WSAIA3HQ21tdTuemXBQIMAAAAgBwgGAqLNZC8WqeuNuEzqSn5qujXpQ16FAJM20KVxX6qFForOodPn2pzYtEGhc7gcLrp5Nq2PtG02E/vFdT9WfQhT0wv9w1N5xU3pu69FC66LPGiy6KIrhqmvm9jyS/DCkkAgBvM8OBg6sOejYEAAwAAACAHEF4qzJbUlPRVj+axJLrBkNRUUUN7tF5cLXKmK3qJ1ldMD1pHMVm0dhJRL18l6j0+ve9Xr9ffkQQ4Go3Sdt/QTGVdT1FZ61V7L0URXRauu8a8Os2b/Ioya+n4GFZIAgDcKHw+X1N9fdmF7JcCAQYAAABADhAOR8hRyXKF0FJEZy+JcSSiLZJEEcqqH5Ju7PdrKx7RHjpK9isehd8KT6Zt8RI6D+10OLUllMh4SZLpDFRD9eubexMzy5X1PWeqLxddlnjLVaOILgt3XWNi3mvM6/xqm7W0pbEJKyQBAG4GG+vrFTYbc9pzBQIMAAAAgBxAl1J/KBQmIxWKSzJMVkwhd9X6b/UeXVJW0mDNb3VbphcGQ9oiwIfHDiHMpzf6aqIrBDjmwMKK6S1CYX2p4dMB1XsH9q2dg8WVLVtVx6vCOia9FJJbS0mDtbItTneNiRddFkV0WbjrsjDpVYMVkgAAN4BgMNjX03OxYc/GQIABAAAAkBuQl+ruqg1X1mVVuxlYuKtfv7OXdgaCoUhE6ysmH9ZkOKhNnUWiK27xpdeSP1MZbZAJU4T9ku7GZoEWgk01eplHOLCYrKu7f7Kkoo2pr8jLgtrXRXWxpzLxosuiiK4a7rrGMMtNHkt+eWlJCYZDAwBylKPDw6ry8gsPezYGAgwAAACAHCAajYrBzMJ+KUJohaOKkKaKW3xJZcl9qV5XXI8Y3ixcVzxS7Ccuu0OugRQMhaiAVJleFvNeCmmz1qNMGh0K7+wd5duamPeaJ1501Siiy8Jd1xhmtqnndX5VqbWsqb4es0MDAHKLqYmJy3f8xgIBBgAAAEAOQA7qIRv1a6Od6VFb30if1Er09IpbdklWyXi1yaLFkObTqaG1l5zeHkwR2kwvpMhtXarpELmuOBXFqy2kFKSacDhCTxvbBrnosiiiy6KILgt3XWOYzZ4/VSL5BWXlNtvM1LT8WAEAIItxOp1N9fVptF8KBBgAAAAAOQDJLYmuPgmWTxuxrPfKaj29eg+t8FtdXDXvpUohtPRIh6iWqsXLqYCcVu/m1WT4yO60n7ioSJxBdPZGIhHthf6Athyx/nRlfadnYLKrb7yqvruwtNlS0vCyoDZF9VVEl4W7LouisueK9F5jXudXoisYAJD9rCwtXXK+K9NAgAEAAACQA5CakqBqfb+BUDgcpg2tizZI2xEyW73DVpNeUmISVtrW7Fc3YTpExeSxwofpJXrXbkiTXn1MtfZafcYsKqaX+3wBMl56XFrZ6uqfGBiZ6RuaHhqbIwGurO8uqWitqO0qKm8pLm8pKW8tLmthuhuLIrpquOsao6jsecO915jX+VUFBaUVttK1lRX5+QIAQNYQDAZ7OjvLr8B+KRBgAAAAAOQGwmbJfklnhd+K4c30KAYqi15cKtNtVrublypJZWlPMBjSpFcfMk0noUe9T1hMKC1mhBY3FUuRprOtrO9YrI2ij/dVoTbHVVFZc3ltp7WirbSq3VLcQMkrbmDeS1FEl4W7rjGKx5433HWNIe815k1BZZmtrL2l1efzyY8YAACum4P9/crS0rKSEiau6QoEGAAAAAC5gd8fFPf3kq+KAcxkvLQdCodF/zC5Kz1SyGJ1ldVv4tXvGaayQDDk18dRxxyYRJc2hPdSNVWKbSomzabK1fWdls7h2Djnl/m1xeWtJeWtVfU9bwrrjdKrH32bN4V1rwpqjXuY6LIoHnvecNdlYeprTGFRGbqCAQDZAP2Hd2JsrPzK1FcEAgwAAACA3CAajZKakqOSy1LE+GfyVVJi2iabpUMkvbRHaC3tEU6rvcQfjEQi4UhEaHCsvzf2SNEHRQfIsbUtvYxCm8Nj81X13VV13ZV13daKtnxrI5mwqffGUlrVnldUr29z12VRVPZc4aLLwlxXSaXIm4KKshJbZ3t7MBiUnzUAAGSWo8PD2srKtCx0lDwQYAAAAADkDOTAmtZ6fD5fgOyXHklcyXIDAW1QNKksbevjn7WFfwOBoLZ4kt45TJWhUJie0qu0l+i2TCF5FuasvVbvEKanYoi12KYXBnW7npheKi5reVNYb6tsL63qKKtut1W1Kd28xnDXNUZR2fOGu64xiuiySO+NT0VJcXllaenuzo78rAEAICOEw+GxkRFtqufCQiarVxEIMAAAAAByhkgkqt36qzuw8FgyXnr0a3NBh0RfbuzOXtqpzxRNNdrE0RTaQ4eEQmvGS6XBINlybCfpLkmyps365NL6ht7bHAgeHJ1U1WlTQBfammyVbQXWRhLgvGLRzZsT3kth0huXNwVVloLycmtpf28vuoIBAJlhd2fnSu/4VQMBBgAAAEAuIXp0yVd1y9VEV482yJlkWPT0+nTRFYOZqV6MaY7os0PTRlBfQJgKaD/toW06gybAXr82TFq/o5jUl3yYNsT9w3RO+4mrvXuU7FcxXhHuuiyKyp4r3HVZFNFl4a5rDHlvfCpLSirQFQwAuGrov8W93d0VVz/mmQUCDAAAAIAcIxgKkawKASaDJXcVGizMNjbfFRXoNdqkVqS9ZLaktfRaslnaKWyZHFjU0GtDYW2pJHJlocS0TU/oUfQMU+XM3GpxecvN8F6Kor5vYykoLyuxjo+N0YcmP3QAAEgfaysr5SUlmez4jQUCDAAAAIAcgzw2HI4EAkHdY32krGIAM23THpJVOkTuSopLT+kQhQRYM16/psdiJi2huEfHDvuJizaoRvQGUxmdnLYptNNFZfo5xZ3AswtrbwrrzlRfRWXPG+66xiiiy8JFl4W5Lg8V6MnLr7SWlNVWVh0dHsrPHQAALo3P52trbq64mjV+UwkEGAAAAAC5CokuuStpLVkrxe+Xo6NJVkUPMO2kbeGuQpVpJwkw2a+I9nKf1uVLp4r1Bov9YpseQ/rsWVRDj/Ta7v4JpruxKB573nDXNUYRXTXcdY3hosty6r0sloKyMqu1v7eXvrPKDx0AAC7KzNTUtfT6GgMBBgAAAECuIiaCJneNdflqNhyUkz+LblvSVwoV6AOntd5gCh0S26KGjtJL3PoCS7SHQtua/ep9v6LHmM5MR/UCf+/AZIG1gYz3TVFdga3xdWGN0WNLypvLq9uLSpuMO5OGuy6LIros3HWN4aKrJt54eQooFcXF2lrBM1PTGBENALgYTqezsa5Om+pZMdIMBwIMAAAAgFxF65LVByqTxApTJUmlvJVb/W5h8mR6GiJ7i0RIhk8cLvuJSyvQb/cVg5w9Hh+9nKJNghXUJr6ikzicbioi6dVuA9bPTCYs7Hp6dqW7f2JiarGytsNos6VVbSNjc129Y3VNvcb9ZuGiy6KILgt3XRYuuixGy1WjeW9c8grKbday2spKTI4FADgX9B/VibGxa+/4jQUCDAAAAIAchoSW7JRsVos+njkS0XTX4fTQU9JjYbmiE5i8l7R2cXlzZm712K5NEi16fWlD9PFKGdZnh6b99EgmTGeg12o6HdT6kLXoc1DTOQ8O7SXlzUWljTGtzSuqs1W2Fpc1vS6I6xaOD3ddYxTRZeGiy8JFl8VouaZR1NcYS0FZubW0vaWVPlz5AwAAgMRsb25WlZdnQ8dvLBBgAAAAAOQ2okuWpJc0lbyUfJV2Cll1OMlr6WBI2xMKkfpSlle3l1e3Do8dWzsHpLVCbsUGWa+4B5jORn5LrwyHw26Pdj+wZsI+7Y5i2qYCOrnW/+z1D43O5JfUK4prGu66xiiiq4a7rjFcdFmMimsaxXWTpKDAVm61jY+NYblgAEAinE5nc0ND+fVNdpUoEGAAAAAA3ATIVD0en7YasG7CovPWczoRNNnsxuYeGe/m9j458NLK5vrm7tTsCu0JRyJUqfX36oorOoFFbzDtpQ06A+0nDdYGQutPyYFFyIH3Do4LbW97gM3CXZdFEV0W7rrGcNFVY7RcNYrcppwKq7WssrR0Y31d/gAAAEAnGAwODw5qY54LC5l8ZkMgwAAAAAC4IUQicm0k0fEbG/msdQGHwqS7pL7kqwdHJ2sbu6vrOxTaoHoKvTYYDFElKa7o6XXrKwDHunxJgOkobdBOOrlTuz04EApro6DLq9uF6+YV1eWX1FfUdOQX1+eX1BWU1L8uSCjAiuiycNdl4aLLYrRcNdxmz5n8ChFLflm5raypvh5LJQEABPOzs6S+pcXFTDuzJxBgAAAAANwcwhFtXmgKCS35ajQapZ3aGGl/YHRigULGu7t/JOx3Y3PPdbpuMBky2axb6+PVnnp1B45EotqEWD4/Sa/o/iX1JRMWe6iAQht0ws6eURJgS3FddX1XZW1HTUNXSXmTtaL5TSEXYEV0WbjosnDRZYkpbqIwlT1XTr2XpaCgtMxqHRoYoA9I/BQAALeQ3Z2d2srKrLrd1zQQYAAAAADcKMhg3W6vNgOW3glMG6SpJw739NwKSe/y6tbG1t7RsWPv4NjhdJP0Ulk4HNHM2a/1GFMx+a1w4HA4TGego6TB2phnffAzuTTZNe2nePTZs+g8TpdnamapoKSeBLiipr22ofuNtjZS6t5L4a5rDBddFqPimoap7HmjSK8xeQUVloIKa0l5WYl1fnZO/hgAALcGj9vd0dZWlvXqKwIBBgAAAMCNggxWG7Gs36BLxBx1fXNXjHymo4fHJzu7h6KDV+vd9Wo3CZMJa4Olw5oDk+LSfrfH63S6aUM7EAzp3cV+rT9ZHwtN9bST9tAx2qCy2fnVsqrWAms9JWX15a5rDBddNUbLVcM89rxRXNcY8l4WS0F5qbW0trIKSyUBcEug//aNjYxU5Ij6ikCAAQAAAHDTCIY0gxXbZLYkwAdHJ2OTCzNzK/NL65vb+2S/ZLZClUVIX+klXp+f6rXuX682yFm7f1hbRUlbE5i2tXWEyZnFTr+27DAd8gf0O41PRXpgeKq4rOmS3kvhostitFw1zGPPG8V1jWHSq6agwFZmtXW2t2OpJABuNsuLi5Wl2h0QzDCzPBBgAAAAANxkxADm/YPj1fWd7Z2DxeXN8cmFianFE4eLDpEbk8pqvbj6ikdaR67XRz4sunbdHi/tpEN0Bu1RX2ZJjJcWzkxP6ZVefd1g2hbDrQ+PTjq7R/IKaxTppXDRZeGiy2K0XNMwlT1XFNdlYaKrpNyQMvqeWVZSMjI8jBuDAbh5bG9u1lVXa7f7ZuU8z8kDAQYAAADAzUfe3Ov1k/fu7B6SCTucbmG2wmPJYElfI5EoPfXrNwPTUU2OA0F6IA2mQ7RBR7UOYX10tFap2a+2MJImwKeDoqmWTj6/sFbb0J1IffOLa63ljdayRvGUiy6LUXFNw1T2vFFc1xhFdFmM3stSZi0uJQ3u7+1FbzAAN4O1lZXqioocVV8RCDAAAAAAbgXRaFSf51kTVwopK/mqZrleP4lsMKTNfUUmTHv0Yc8BeqQyocEkwKTEugnLubLInEma6ShtkzlTaEPT5EhELCBMpybTHh2fJdGNeW8slqKaIlt9cWkDd10WJroszGPPG8V1jVFEVw3T3bhY9Jmx9JSXnGqw0+mUPwwAQE5B/3VbXlysKi/PafUVgQADAAAA4BZByupwusVwZSHApLJksbRBO536qkhksE6nNjZa9AOLTl2tOKgV07Y4jzbymYroHNrqwZoKi23NnGl/IEBlZN07uwcNzT1MgLnoshgtVw3z2PNGcV1jFMtVw13XGIP3xiW/oKKoUBsU3dXRcWK36z8KAEAOQOo7PztbWVqa/esbpRgIMAAAAABuEWSkJLdHxw6Hw02iS9ZKdkvqK2791RzY6SY3Fl3EdIw8VlvuyKMd1aVXTo4lBFgXXu3mYYK26FR0NBKJkjPrL/STDNObbm3vF1nrL+u9FKay54riuiyK6LJw1zWG6a5ZqIZSRhpMX6PbW1oP9vfFTwQAkJ0Eg8HpyUn6B5tz01wlDwQYAAAAALcLcmBSXHJgUlbxlHxVmwLa63c43SSu9JQ8ltyVDNbl9mga7Ne6hbVDoZDWgaxPHC3kll5O+zVb1gdA04tpj3BgCkky+fPhoX1mbrmsqoUbrwizXDVMZc8bxXWNUUSXhbsuiyK6LMJ7WcoKC2xlNltLYyMWTAIgC6H/bI0OD5eVlFCYPd6AQIABAAAAcBshTZVbBsh4xX28JMPkt2SwYhQ0PVLoKdWIbaoRL6FjokB7WUQ7J51ZqDVB++mcpMf02rWNHVtFU8x7C0vqiijWOq67sTCPPW8U1zVGEV013HWNUUSXxai7pinTNdhabiutr6nZ3twUHxcA4HrxuN3Dg4M3VX1FIMAAAABAHFp/YCgsHiPRqC422uRJJDf0QP+jRZcdfade8PYlIe0xaHgMhcTR2KnEa7VTnW4YT6I/mpyEHqlGPJq1R3saa0+sOJVTiddqp9L+V5zq3Cc5bY/2P1r0p9nfHnqk0Mtjb0o7tXuD9aHLPl8s2nq/8RvaNr1M9P2e7tEmixaH3kZfMVh0JtPjwcFxeVWr8NuGpu7u3hETAWYee94ormuMYrlquOsao4gui1FxTaN5LwtpcEVpWV11zdrKivxHCADIOB63u7+392arr5aiov8fKhp+NZAltvMAAAAASUVORK5CYII=)\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:55.496Z","id":"83d252d0-e5d3-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T10:41:55.496Z","version":"WzE5MzY5Nyw4XQ=="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":1},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":2},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzcxOSw4XQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:\\\"Microsoft-Windows-Sysmon/Operational\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_sysmon_all_events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:55.496Z","id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:55.496Z","version":"WzE5MzY5OSw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:55.496Z","id":"6bae6b40-e5cd-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:55.496Z","version":"WzE5MzcwMCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":0},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:55.496Z","id":"8fcbbf80-e5ca-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:55.496Z","version":"WzE5MzcwMSw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_datatable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event code\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:55.496Z","id":"fb34c760-e5cc-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:55.496Z","version":"WzE5MzcwMiw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_host_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_host_events_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Missing computer name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer name\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"split\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Missing computer name\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:55.496Z","id":"4ff18f60-e5d0-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:55.496Z","version":"WzE5MzcwMyw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_event_code_reference","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"markdown\":\"| \\tEvent ID\\t | \\tEvent\\t | \\tDescription\\t |\\n| \\t:-:\\t | \\t:-\\t | \\t-\\t |\\n| \\t1\\t | \\tProcess creation\\t | \\tThe process creation event provides extended information about a newly created process. The full command line provides context on the process execution. The ProcessGUID field is a unique value for this process across a domain to make event correlation easier. The hash is a full hash of the file with the algorithms in the HashType field.\\t |\\n| \\t2\\t | \\tA process changed a file creation time\\t | \\tThe change file creation time event is registered when a file creation time is explicitly modified by a process. This event helps tracking the real creation time of a file. Attackers may change the file creation time of a backdoor to make it look like it was installed with the operating system. Note that many processes legitimately change the creation time of a file; it does not necessarily indicate malicious activity.\\t |\\n| \\t3\\t | \\tNetwork connection\\t | \\tThe network connection event logs TCP/UDP connections on the machine. It is disabled by default. Each connection is linked to a process through the ProcessId and ProcessGUID fields. The event also contains the source and destination host names IP addresses, port numbers and IPv6 status.\\t |\\n| \\t4\\t | \\tSysmon service state changed\\t | \\tThe service state change event reports the state of the Sysmon service (started or stopped).\\t |\\n| \\t5\\t | \\tProcess terminated\\t | \\tThe process terminate event reports when a process terminates. It provides the UtcTime, ProcessGuid and ProcessId of the process.\\t |\\n| \\t6\\t | \\tDriver loaded\\t | \\tThe driver loaded events provides information about a driver being loaded on the system. The configured hashes are provided as well as signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading.\\t |\\n| \\t7\\t | \\tImage loaded\\t | \\tThe image loaded event logs when a module is loaded in a specific process. This event is disabled by default and needs to be configured with the l option. It indicates the process in which the module is loaded, hashes and signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading. This event should be configured carefully, as monitoring all image load events will generate a large number of events.\\t |\\n| \\t8\\t | \\tCreateRemoteThread\\t | \\tThe CreateRemoteThread event detects when a process creates a thread in another process. This technique is used by malware to inject code and hide in other processes. The event indicates the source and target process. It gives information on the code that will be run in the new thread: StartAddress, StartModule and StartFunction. Note that StartModule and StartFunction fields are inferred, they might be empty if the starting address is outside loaded modules or known exported functions.\\t |\\n| \\t9\\t | \\tRawAccessRead\\t | \\tThe RawAccessRead event detects when a process conducts reading operations from the drive using the \\\\\\\\\\\\\\\\.\\\\ denotation. This technique is often used by malware for data exfiltration of files that are locked for reading, as well as to avoid file access auditing tools. The event indicates the source process and target device.\\t |\\n| \\t10\\t | \\tProcessAccess\\t | \\tThe process accessed event reports when a process opens another process, an operation thats often followed by information queries or reading and writing the address space of the target process. This enables detection of hacking tools that read the memory contents of processes like Local Security Authority (Lsass.exe) in order to steal credentials for use in Pass-the-Hash attacks. Enabling it can generate significant amounts of logging if there are diagnostic utilities active that repeatedly open processes to query their state, so it generally should only be done so with filters that remove expected accesses.\\t |\\n| \\t11\\t | \\tFileCreate\\t | \\tFile create operations are logged when a file is created or overwritten. This event is useful for monitoring autostart locations, like the Startup folder, as well as temporary and download directories, which are common places malware drops during initial infection.\\t |\\n| \\t12\\t | \\tRegistryEvent (Object create and delete)\\t | \\tRegistry key and value create and delete operations map to this event type, which can be useful for monitoring for changes to Registry autostart locations, or specific malware registry modifications. Sysmon uses abbreviated versions of Registry root key names, with the following mappings: |\\n|||**Key name**                                                                                          **Abbreviation**|\\n|||HKEY_LOCAL_MACHINE                                                                  HKLM|\\n|||HKEY_USERS                                                                                     HKU|\\n|||HKEY_LOCAL_MACHINE\\\\System\\\\ControlSet00x                          HKLM\\\\System\\\\CurrentControlSet|\\n|||HKEY_LOCAL_MACHINE\\\\Classes                                                    HKCR|\\n| \\t13\\t | \\tRegistryEvent (Value Set)\\t | \\tThis Registry event type identifies Registry value modifications. The event records the value written for Registry values of type DWORD and QWORD.\\t |\\n| \\t14\\t | \\tRegistryEvent (Key and Value Rename)\\t | \\tRegistry key and value rename operations map to this event type, recording the new name of the key or value that was renamed.\\t |\\n| \\t15\\t | \\tFileCreateStreamHash\\t | \\tThis event logs when a named file stream is created, and it generates events that log the hash of the contents of the file to which the stream is assigned (the unnamed stream), as well as the contents of the named stream. There are malware variants that drop their executables or configuration settings via browser downloads, and this event is aimed at capturing that based on the browser attaching a Zone.Identifier mark of the web stream.\\t |\\n| \\t16\\t | \\tServiceConfigurationChange\\t | \\tThis event logs changes in the Sysmon configuration - for example when the filtering rules are updated.\\t |\\n| \\t17\\t | \\tPipeEvent (Pipe Created)\\t | \\tThis event generates when a named pipe is created. Malware often uses named pipes for interprocess communication.\\t |\\n| \\t18\\t | \\tPipeEvent (Pipe Connected)\\t | \\tThis event logs when a named pipe connection is made between a client and a server.\\t |\\n| \\t19\\t | \\tWmiEvent (WmiEventFilter activity detected)\\t | \\tWhen a WMI event filter is registered, which is a method used by malware to execute, this event logs the WMI namespace, filter name and filter expression.\\t |\\n| \\t20\\t | \\tWmiEvent (WmiEventConsumer activity detected)\\t | \\tThis event logs the registration of WMI consumers, recording the consumer name, log, and destination.\\t |\\n| \\t21\\t | \\tWmiEvent (WmiEventConsumerToFilter activity detected)\\t | \\tWhen a consumer binds to a filter, this event logs the consumer name and filter path.\\t |\\n| \\t22\\t | \\tDNSEvent (DNS query)\\t | \\tThis event generates when a process executes a DNS query, whether the result is successful or fails, cached or not. The telemetry for this event was added for Windows 8.1 so it is not available on Windows 7 and earlier.\\t |\\n| \\t23\\t | \\tFileDelete (A file delete was detected)\\t | \\tA file was deleted.\\t |\\n| \\t24\\t | \\tClipboardChange (New content in the clipboard)\\t | \\tThis event is generated when the system clipboard contents change.\\t |\\n| \\t25\\t | \\tProcessTampering (Process image change)\\t | \\tThis event is generated when a process image is changed from an external source, such as a different process.\\t |\\n| \\t255\\t | \\tError\\t | \\tThis event is generated when an error occurred within Sysmon. They can happen if the system is under heavy load and certain tasked could not be performed or a bug exists in the Sysmon service. You can report any bugs on the Sysinternals forum or over Twitter (@markrussinovich).\\t |\\n\\nFor more information see *https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"title\":\"vis_sd_sysmon_event_code_reference\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:55.496Z","id":"7d3955e0-e9b6-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T10:41:55.496Z","version":"WzE5MzcwNCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_events_by_computer_timelion","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_events_by_computer_timelion\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(q=winlog.provider_name:Microsoft-Windows-Sysmon, index=winlogbeat-*, split=winlog.computer_name:40).label(\\\"$1\\\",\\\"^.* > winlog.computer_name:(\\\\S+) > .*\\\").title(\\\"Sysmon events by computer\\\").legend(position=nw).yaxis(label=\\\"Number of events\\\")\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:55.496Z","id":"35500920-eb66-11e9-875d-ef4cb6c5875d","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T10:41:55.496Z","version":"WzE5MzcwNSw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Alerting Dashboard](#/dashboard/ac1078e0-8a32-11ea-8939-89f508ff7909)\\n| [Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T11:11:46.893Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T11:11:46.893Z","version":"WzE5NjYwOCw4XQ=="} +{"attributes":{"description":"Summarizes collected Sysmon event data","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":13,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":13,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Total number of Sysmon events found\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"legendOpen\":false}},\"title\":\"Percentage of Sysmon events by event code\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":60,\"w\":24,\"h\":18,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Count of Sysmon events by event code\",\"panelRefName\":\"panel_4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":60,\"w\":24,\"h\":18,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}},\"enhancements\":{}},\"title\":\"Top 10 hosts generating the most Sysmon data\",\"panelRefName\":\"panel_5\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":31,\"w\":48,\"h\":14,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon event code reference\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon events\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\"},\"panelIndex\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_76bd58e2-b637-4a48-ae79-4ca8abeab308\"}]","timeRestore":false,"title":"Sysmon Summary","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:55.496Z","id":"d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"83d252d0-e5d3-11e9-8f1d-73a2ea4cc3ed","name":"1:panel_1","type":"visualization"},{"id":"6bae6b40-e5cd-11e9-8f1d-73a2ea4cc3ed","name":"2:panel_2","type":"visualization"},{"id":"8fcbbf80-e5ca-11e9-8f1d-73a2ea4cc3ed","name":"3:panel_3","type":"visualization"},{"id":"fb34c760-e5cc-11e9-8f1d-73a2ea4cc3ed","name":"4:panel_4","type":"visualization"},{"id":"4ff18f60-e5d0-11e9-8f1d-73a2ea4cc3ed","name":"5:panel_5","type":"visualization"},{"id":"7d3955e0-e9b6-11e9-92c4-d918939a618e","name":"7:panel_7","type":"visualization"},{"id":"35500920-eb66-11e9-875d-ef4cb6c5875d","name":"8:panel_8","type":"visualization"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"76bd58e2-b637-4a48-ae79-4ca8abeab308:panel_76bd58e2-b637-4a48-ae79-4ca8abeab308","type":"visualization"}],"type":"dashboard","updated_at":"2023-11-20T10:41:55.496Z","version":"WzE5MzcwNyw4XQ=="} {"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":11,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/Chapter 4 Files/dashboards/user_hr.ndjson b/Chapter 4 Files/dashboards/user_hr.ndjson index f3ef1da1..5bd6908b 100644 --- a/Chapter 4 Files/dashboards/user_hr.ndjson +++ b/Chapter 4 Files/dashboards/user_hr.ndjson @@ -1,9 +1,10 @@ -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":2},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"user.domain\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":2},\"winlog.event_data.TargetUserName\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-10T23:44:49.920Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-11-17T03:13:46.141Z","version":"WzIwODM5LDNd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"winlog.event_data.SubjectDomainName\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"winlog.event_data.TargetUserName\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-17T01:13:08.989Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-17T01:13:08.989Z","version":"WzE4MzQ5LDNd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - User activity title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - User activity title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## All user activity\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-10T23:44:49.920Z","id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-10T23:44:49.920Z","version":"WzU4NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - Logon title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Logon title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## Logon / Logoff events\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-10T23:44:49.920Z","id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-10T23:44:49.920Z","version":"WzU4OCwxXQ=="} -{"attributes":{"columns":["winlog.event_data.SubjectDomainName","winlog.event_data.TargetUserName","host.name","winlog.event_data.TargetLogonId"],"description":"","grid":{"columns":{"user.name":{"width":193},"winlog.event_data.SubjectDomainName":{"width":193}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"4624\\\" and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_data.LogonType\",\"value\":[\"2\",\"10\",\"11\",\"7\"],\"params\":[\"2\",\"10\",\"11\",\"7\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_data.LogonType\":\"2\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"10\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"11\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"7\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Interactive Logon search","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-10T23:44:49.920Z","id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-17T01:26:10.941Z","version":"WzE4NjM2LDNd"} -{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetDomainName","host.name","winlog.event_data.TargetLogonId"],"description":"","grid":{"columns":{"winlog.event_data.TargetDomainName":{"width":241},"winlog.event_data.TargetUserName":{"width":241}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:\\\"4634\\\" OR event.code:\\\"4647\\\" ) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-10T23:44:49.920Z","id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-17T01:31:36.365Z","version":"WzE4NzM1LDNd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HR - Interactive v Remote pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Interactive v Remote pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"label\":\"filters\",\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"segment\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_data.LogonType:2\",\"language\":\"lucene\"},\"label\":\"Interactive\"},{\"input\":{\"query\":\"winlog.event_data.LogonType:10\",\"language\":\"lucene\"},\"label\":\"RemoteInteractive\"}]}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-10T23:44:49.920Z","id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-10T23:44:49.920Z","version":"WzU5MSwxXQ=="} -{"attributes":{"description":"Overview of user activity for Human Resources\n","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":16,\"h\":12,\"i\":\"bf3efd15-6e7c-4a6e-bb30-e7b759306282\"},\"panelIndex\":\"bf3efd15-6e7c-4a6e-bb30-e7b759306282\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select domain(s) and username(s)\",\"panelRefName\":\"panel_bf3efd15-6e7c-4a6e-bb30-e7b759306282\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":0,\"w\":15,\"h\":12,\"i\":\"9401acd4-64d2-484d-a0dc-2647cc626e56\"},\"panelIndex\":\"9401acd4-64d2-484d-a0dc-2647cc626e56\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\",\"accessors\":[\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"splitAccessor\":\"fc23a029-309e-40a7-aeca-309fd8423ced\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\":{\"columns\":{\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\":{\"label\":\"Top 5 values of winlog.event_data.SubjectDomainName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectDomainName\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"fc23a029-309e-40a7-aeca-309fd8423ced\":{\"label\":\"Top 3 values of winlog.event_data.TargetUserName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5a238afa-9ffa-4568-8a43-6167c0a76b67\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"fc23a029-309e-40a7-aeca-309fd8423ced\",\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Users\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":31,\"y\":0,\"w\":17,\"h\":12,\"i\":\"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c\"},\"panelIndex\":\"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar\",\"layers\":[{\"layerId\":\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\",\"accessors\":[\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"22b4e313-2858-411e-a90b-911198fa34fe\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\":{\"columns\":{\"22b4e313-2858-411e-a90b-911198fa34fe\":{\"label\":\"Top 5 values of winlog.computer_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.computer_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"22b4e313-2858-411e-a90b-911198fa34fe\",\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Computers\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":12,\"w\":48,\"h\":4,\"i\":\"04b8ad89-b259-4d40-a6f7-40bd85498ee5\"},\"panelIndex\":\"04b8ad89-b259-4d40-a6f7-40bd85498ee5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_04b8ad89-b259-4d40-a6f7-40bd85498ee5\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":16,\"w\":24,\"h\":15,\"i\":\"bf9f9a7e-eced-42ad-9d72-193778290f71\"},\"panelIndex\":\"bf9f9a7e-eced-42ad-9d72-193778290f71\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"6bfbd839-8497-464d-a473-26c01d5ba342\",\"accessors\":[\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\",\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6bfbd839-8497-464d-a473-26c01d5ba342\":{\"columns\":{\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\":{\"label\":\"Median of day_of_week\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"day_of_week\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}},\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\":{\"label\":\"Median of hour_of_day\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"hour_of_day\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\",\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\",\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"All User Events by Day of Week, Hour of Day\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":31,\"w\":48,\"h\":4,\"i\":\"110dc89e-1139-438c-88a9-1914a7b12725\"},\"panelIndex\":\"110dc89e-1139-438c-88a9-1914a7b12725\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_110dc89e-1139-438c-88a9-1914a7b12725\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":24,\"h\":15,\"i\":\"c28b411d-3dc3-472a-acd9-05ad0a1964b7\"},\"panelIndex\":\"c28b411d-3dc3-472a-acd9-05ad0a1964b7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logon events (filter by LogonId)\",\"panelRefName\":\"panel_c28b411d-3dc3-472a-acd9-05ad0a1964b7\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":35,\"w\":24,\"h\":15,\"i\":\"c3bc3c62-3c16-482c-b377-ecc40a21bc0a\"},\"panelIndex\":\"c3bc3c62-3c16-482c-b377-ecc40a21bc0a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logoff events (correlate to logon events)\",\"panelRefName\":\"panel_c3bc3c62-3c16-482c-b377-ecc40a21bc0a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":50,\"w\":24,\"h\":15,\"i\":\"d40424ec-2e13-4d8c-a942-95652715c75f\"},\"panelIndex\":\"d40424ec-2e13-4d8c-a942-95652715c75f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"In person vs Remote logons\",\"panelRefName\":\"panel_d40424ec-2e13-4d8c-a942-95652715c75f\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":16,\"w\":24,\"h\":15,\"i\":\"cbb939c6-5de5-478a-813f-fa5aabff530a\"},\"panelIndex\":\"cbb939c6-5de5-478a-813f-fa5aabff530a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"f46d1729-4bd5-4219-9973-01913c208fef\",\"accessors\":[\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f46d1729-4bd5-4219-9973-01913c208fef\":{\"columns\":{\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"800c3857-3c9c-4fc5-a403-3fcbede05599\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\",\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Timestamps by Count\"}]","timeRestore":false,"title":"User HR ","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-17T03:21:21.837Z","id":"618bc5d0-84f8-11ee-9838-ff0db128d8b2","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"bf3efd15-6e7c-4a6e-bb30-e7b759306282:panel_bf3efd15-6e7c-4a6e-bb30-e7b759306282","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"9401acd4-64d2-484d-a0dc-2647cc626e56:indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c:indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2","type":"index-pattern"},{"id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","name":"04b8ad89-b259-4d40-a6f7-40bd85498ee5:panel_04b8ad89-b259-4d40-a6f7-40bd85498ee5","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"bf9f9a7e-eced-42ad-9d72-193778290f71:indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342","type":"index-pattern"},{"id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","name":"110dc89e-1139-438c-88a9-1914a7b12725:panel_110dc89e-1139-438c-88a9-1914a7b12725","type":"visualization"},{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"c28b411d-3dc3-472a-acd9-05ad0a1964b7:panel_c28b411d-3dc3-472a-acd9-05ad0a1964b7","type":"search"},{"id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","name":"c3bc3c62-3c16-482c-b377-ecc40a21bc0a:panel_c3bc3c62-3c16-482c-b377-ecc40a21bc0a","type":"search"},{"id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","name":"d40424ec-2e13-4d8c-a942-95652715c75f:panel_d40424ec-2e13-4d8c-a942-95652715c75f","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"cbb939c6-5de5-478a-813f-fa5aabff530a:indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef","type":"index-pattern"}],"type":"dashboard","updated_at":"2023-11-17T03:21:21.837Z","version":"WzIxMDQ5LDNd"} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":8,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Alerting Dashboard](#/dashboard/ac1078e0-8a32-11ea-8939-89f508ff7909)\\n| [Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T11:11:46.893Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T11:11:46.893Z","version":"WzE5NjYwOCw4XQ=="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":1},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":2},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzcxOSw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"winlog.event_data.TargetDomainName\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"winlog.event_data.TargetUserName\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzcyMCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - User activity title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - User activity title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## All user activity\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:56.344Z","id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T10:41:56.344Z","version":"WzE5MzcxMSw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - Logon title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Logon title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## Logon / Logoff events\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:56.344Z","id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T10:41:56.344Z","version":"WzE5MzcxMiw4XQ=="} +{"attributes":{"columns":["winlog.event_data.SubjectDomainName","winlog.event_data.TargetUserName","host.name","winlog.event_data.TargetLogonId"],"description":"","grid":{"columns":{"user.name":{"width":193},"winlog.event_data.SubjectDomainName":{"width":193}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"4624\\\" and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_data.LogonType\",\"value\":[\"2\",\"10\",\"11\",\"7\"],\"params\":[\"2\",\"10\",\"11\",\"7\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_data.LogonType\":\"2\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"10\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"11\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"7\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Interactive Logon search","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:56.344Z","id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:56.344Z","version":"WzE5MzcxMyw4XQ=="} +{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetDomainName","host.name","winlog.event_data.TargetLogonId"],"description":"","grid":{"columns":{"winlog.event_data.TargetDomainName":{"width":241},"winlog.event_data.TargetUserName":{"width":241}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:\\\"4634\\\" OR event.code:\\\"4647\\\" ) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:56.344Z","id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:56.344Z","version":"WzE5MzcxNCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HR - Interactive v Remote pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Interactive v Remote pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"label\":\"filters\",\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"segment\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_data.LogonType:2\",\"language\":\"lucene\"},\"label\":\"Interactive\"},{\"input\":{\"query\":\"winlog.event_data.LogonType:10\",\"language\":\"lucene\"},\"label\":\"RemoteInteractive\"}]}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:56.344Z","id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:56.344Z","version":"WzE5MzcxNSw4XQ=="} +{"attributes":{"description":"Overview of user activity for Human Resources\n","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"46f5e2d0-544b-4159-bf78-a44737a093cb\"},\"panelIndex\":\"46f5e2d0-544b-4159-bf78-a44737a093cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_46f5e2d0-544b-4159-bf78-a44737a093cb\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":16,\"h\":12,\"i\":\"bf3efd15-6e7c-4a6e-bb30-e7b759306282\"},\"panelIndex\":\"bf3efd15-6e7c-4a6e-bb30-e7b759306282\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select domain(s) and username(s)\",\"panelRefName\":\"panel_bf3efd15-6e7c-4a6e-bb30-e7b759306282\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":4,\"w\":15,\"h\":12,\"i\":\"9401acd4-64d2-484d-a0dc-2647cc626e56\"},\"panelIndex\":\"9401acd4-64d2-484d-a0dc-2647cc626e56\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\",\"accessors\":[\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"splitAccessor\":\"fc23a029-309e-40a7-aeca-309fd8423ced\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\":{\"columns\":{\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\":{\"label\":\"Top 5 values of winlog.event_data.SubjectDomainName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectDomainName\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"fc23a029-309e-40a7-aeca-309fd8423ced\":{\"label\":\"Top 3 values of winlog.event_data.TargetUserName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5a238afa-9ffa-4568-8a43-6167c0a76b67\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"fc23a029-309e-40a7-aeca-309fd8423ced\",\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Users\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":31,\"y\":4,\"w\":17,\"h\":12,\"i\":\"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c\"},\"panelIndex\":\"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar\",\"layers\":[{\"layerId\":\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\",\"accessors\":[\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"22b4e313-2858-411e-a90b-911198fa34fe\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\":{\"columns\":{\"22b4e313-2858-411e-a90b-911198fa34fe\":{\"label\":\"Top 5 values of winlog.computer_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.computer_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"22b4e313-2858-411e-a90b-911198fa34fe\",\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Computers\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":4,\"i\":\"04b8ad89-b259-4d40-a6f7-40bd85498ee5\"},\"panelIndex\":\"04b8ad89-b259-4d40-a6f7-40bd85498ee5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_04b8ad89-b259-4d40-a6f7-40bd85498ee5\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":15,\"i\":\"bf9f9a7e-eced-42ad-9d72-193778290f71\"},\"panelIndex\":\"bf9f9a7e-eced-42ad-9d72-193778290f71\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"6bfbd839-8497-464d-a473-26c01d5ba342\",\"accessors\":[\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\",\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6bfbd839-8497-464d-a473-26c01d5ba342\":{\"columns\":{\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\":{\"label\":\"Median of day_of_week\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"day_of_week\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}},\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\":{\"label\":\"Median of hour_of_day\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"hour_of_day\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\",\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\",\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"All User Events by Day of Week, Hour of Day\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":15,\"i\":\"cbb939c6-5de5-478a-813f-fa5aabff530a\"},\"panelIndex\":\"cbb939c6-5de5-478a-813f-fa5aabff530a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"f46d1729-4bd5-4219-9973-01913c208fef\",\"accessors\":[\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f46d1729-4bd5-4219-9973-01913c208fef\":{\"columns\":{\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"800c3857-3c9c-4fc5-a403-3fcbede05599\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\",\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Timestamps by Count\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":4,\"i\":\"110dc89e-1139-438c-88a9-1914a7b12725\"},\"panelIndex\":\"110dc89e-1139-438c-88a9-1914a7b12725\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_110dc89e-1139-438c-88a9-1914a7b12725\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":39,\"w\":24,\"h\":15,\"i\":\"c28b411d-3dc3-472a-acd9-05ad0a1964b7\"},\"panelIndex\":\"c28b411d-3dc3-472a-acd9-05ad0a1964b7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logon events (filter by LogonId)\",\"panelRefName\":\"panel_c28b411d-3dc3-472a-acd9-05ad0a1964b7\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":39,\"w\":24,\"h\":15,\"i\":\"c3bc3c62-3c16-482c-b377-ecc40a21bc0a\"},\"panelIndex\":\"c3bc3c62-3c16-482c-b377-ecc40a21bc0a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logoff events (correlate to logon events)\",\"panelRefName\":\"panel_c3bc3c62-3c16-482c-b377-ecc40a21bc0a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":54,\"w\":24,\"h\":15,\"i\":\"d40424ec-2e13-4d8c-a942-95652715c75f\"},\"panelIndex\":\"d40424ec-2e13-4d8c-a942-95652715c75f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"In person vs Remote logons\",\"panelRefName\":\"panel_d40424ec-2e13-4d8c-a942-95652715c75f\"}]","timeRestore":false,"title":"User HR","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T11:45:52.650Z","id":"618bc5d0-84f8-11ee-9838-ff0db128d8b2","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"46f5e2d0-544b-4159-bf78-a44737a093cb:panel_46f5e2d0-544b-4159-bf78-a44737a093cb","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"bf3efd15-6e7c-4a6e-bb30-e7b759306282:panel_bf3efd15-6e7c-4a6e-bb30-e7b759306282","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"9401acd4-64d2-484d-a0dc-2647cc626e56:indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c:indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2","type":"index-pattern"},{"id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","name":"04b8ad89-b259-4d40-a6f7-40bd85498ee5:panel_04b8ad89-b259-4d40-a6f7-40bd85498ee5","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"bf9f9a7e-eced-42ad-9d72-193778290f71:indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"cbb939c6-5de5-478a-813f-fa5aabff530a:indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef","type":"index-pattern"},{"id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","name":"110dc89e-1139-438c-88a9-1914a7b12725:panel_110dc89e-1139-438c-88a9-1914a7b12725","type":"visualization"},{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"c28b411d-3dc3-472a-acd9-05ad0a1964b7:panel_c28b411d-3dc3-472a-acd9-05ad0a1964b7","type":"search"},{"id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","name":"c3bc3c62-3c16-482c-b377-ecc40a21bc0a:panel_c3bc3c62-3c16-482c-b377-ecc40a21bc0a","type":"search"},{"id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","name":"d40424ec-2e13-4d8c-a942-95652715c75f:panel_d40424ec-2e13-4d8c-a942-95652715c75f","type":"visualization"}],"type":"dashboard","updated_at":"2023-11-20T11:45:52.650Z","version":"WzE5OTQzMSw4XQ=="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":9,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/Chapter 4 Files/dashboards/user_security.ndjson b/Chapter 4 Files/dashboards/user_security.ndjson index de3eca9a..dce9ac5e 100644 --- a/Chapter 4 Files/dashboards/user_security.ndjson +++ b/Chapter 4 Files/dashboards/user_security.ndjson @@ -1,42 +1,42 @@ -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[**Home**](#/dashboard/2ec4b730-eb6c-11e9-875d-ef4cb6c5875d) | [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) | [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) | [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T21:26:26.100Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-10-05T21:26:26.100Z","version":"WzY3NTMsN10="} -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":1},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":2},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MjIsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"winlog.event_data.TargetDomainName\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"winlog.event_data.TargetUserName\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MjMsN10="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"not user.name:*$\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"user.name\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"user.name\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"UserDashboardUserList","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"e8f983d0-860b-11ea-a720-c7a0431f179d","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MjQsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Filter Users","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Filter Users\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Events\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetDomainName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Domain\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Username\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"a71b5fa0-860c-11ea-a720-c7a0431f179d","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e8f983d0-860b-11ea-a720-c7a0431f179d","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MjUsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security - Select Host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select Host\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1588685297382\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MjYsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - Filter Hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Filter Hosts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MjcsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Logons Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logons Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Logons\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MjgsN10="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Human User Logon Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MjksN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon attempts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon attempts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Login attempts\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"22170f50-853c-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MzAsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon events over time","uiStateJSON":"{\"vis\":{\"colors\":{\"Failed attempts\":\"#BF1B00\",\"Successful atempts\":\"#629E51\"}}}","version":1,"visState":"{\"title\":\"Security - Logon events over time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-23T08:41:59.000Z\",\"max\":\"2020-04-23T08:56:59.000Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":\"event.code:4625\",\"language\":\"lucene\"},\"label\":\"Failed attempts\"},{\"input\":{\"query\":\"event.code:4624\",\"language\":\"lucene\"},\"label\":\"Successful atempts\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MzEsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"event.code\",\"value\":\"4,624, 4,625\",\"params\":[\"4624\",\"4625\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}},{\"match_phrase\":{\"event.code\":\"4625\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Computers\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"489f7350-853d-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MzIsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Hosts\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MzMsN10="} -{"attributes":{"columns":["event.code","host.name","winlog.event_data.TargetDomainName","winlog.event_data.TargetUserName","winlog.event_data.IpAddress","event.action","event.outcome","winlog.event_data.LogonType"],"description":"","grid":{"columns":{"user.domain":{"width":119},"user.name":{"width":134}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Human Logon & Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"2325be20-8616-11ea-a720-c7a0431f179d","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MzQsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Network Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Network Connections\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"a1229110-860f-11ea-a720-c7a0431f179d","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MzUsN10="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id : \\\"3\\\" and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"All network activity ","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"d1a74ce0-8641-11ea-907a-33d103156187","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MzYsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Activity Line","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Activity Line\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Connections\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Connections\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-24T15:29:10.918Z\",\"max\":\"2020-04-24T15:44:10.918Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Connections\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"ec7ad2d0-8641-11ea-907a-33d103156187","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d1a74ce0-8641-11ea-907a-33d103156187","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MzcsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"title":"Security - Network connection country pie","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security - Network connection country pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"9a7600a0-8ba9-11ea-b494-03608db93b61","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MzgsN10="} -{"attributes":{"columns":["winlog.event_data.DestinationHostname","destination.ip","winlog.event_data.DestinationIsIpv6","network.","process.executable","winlog.event_data.DestinationPort","winlog.event_data.Protocol","winlog.user.name","winlog.user.type","source.ip","winlog.event_data.SourceIsIpv6","source.port","network.protocol"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") AND NOT (process.name:iexplore.exe OR process.name:chrome.exe OR process.name:firefox.exe OR process.name:opera.exe) AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_non_browsers_connection","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2MzksN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network connections area ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network connections area \",\"type\":\"area\",\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"labels\":{},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15w\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NDAsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Process List","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.executable\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Logged on user\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"date\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security - Network Process List\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NDEsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Overview - Processes with unusual network activity","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"significant_terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.executable\",\"size\":10,\"include\":\"\",\"json\":\"\",\"customLabel\":\"Process\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"string\"},\"params\":{},\"label\":\"Process\",\"aggType\":\"significant_terms\"}]},\"showToolbar\":true},\"title\":\"Overview - Processes with unusual network activity\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"245778d0-8641-11ea-907a-33d103156187","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NDIsN10="} -{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","source.ip","source.port","destination.ip","destination.port","network.transport"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_uds_non_private_network","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NDMsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Processes Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Processes Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Processes & Powershell\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NDQsN10="} -{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.args","process.parent.executable","hash.imphash"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Process Spawns","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NDUsN10="} -{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.command_line","process.parent.executable","process.parent.command_line","file.path","event.code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\" OR process.command_line.text:\\\"powershell\\\" OR parent.process.command_line.text:\\\"powershell\\\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_powershell_run","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"2e276480-ec16-11e9-befc-81397a291157","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NDYsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell Run Count","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Security - Powershell Run Count\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"60553d40-ec18-11e9-befc-81397a291157","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NDcsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell runs over time","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now/w\",\"to\":\"now/w\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"title\":\"Security - Powershell runs over time\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NDgsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Power shell hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"metric\":{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security - Power shell hosts pie\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NDksN10="} -{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.args","process.parent.executable","process.parent.args"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND process.command_line.text:(\\\"invoke\\\" or \\\"bypass\\\" or \\\"iex\\\" or \\\"ex\\\" or \\\"icm\\\" or \\\"new-object\\\" or \\\"set\\\" or \\\"get\\\" or \\\"write\\\" or \\\"out\\\" or \\\"download\\\" or \\\"encoded\\\")\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Potentially Suspicious Powershell","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"ff5a53b0-ebf7-11e9-befc-81397a291157","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NTAsN10="} -{"attributes":{"columns":["user.domain","user.name","host.name","destination.domain","destination.ip"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND (process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_uds_powershell_network","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NTEsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Files title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Files title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Files\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NTIsN10="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"file.path.text: \\\"tmp\\\" OR file.path.text:\\\"temp\\\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"file.path\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"file.path\"},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"TEMP & %TEMP%","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NTMsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"TEMP & %TEMP%","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target File\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"TEMP & %TEMP%\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NTQsN10="} -{"attributes":{"columns":["@timestamp","user.domain","user.name","host.name","process.executable","winlog.event_data.ProcessId"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: \\\"9\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Raw Access Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NTUsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Windows Defender Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Windows Defender Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Windows Defender\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NTYsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"winlog.event_id:(1006 or 1007 or 1008 or 1009 or 1116 or 1117 or 1118 or 1119)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - AV Events Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - AV Events Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Windows AV Events\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NTcsN10="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_id\",\"value\":\"1,006, 1,007, 1,008, 1,009, 1,116, 1,117, 1,118, 1,119\",\"params\":[\"1006\",\"1007\",\"1008\",\"1009\",\"1116\",\"1117\",\"1118\",\"1119\"],\"negate\":false,\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_id\":\"1006\"}},{\"match_phrase\":{\"winlog.event_id\":\"1007\"}},{\"match_phrase\":{\"winlog.event_id\":\"1008\"}},{\"match_phrase\":{\"winlog.event_id\":\"1009\"}},{\"match_phrase\":{\"winlog.event_id\":\"1116\"}},{\"match_phrase\":{\"winlog.event_id\":\"1117\"}},{\"match_phrase\":{\"winlog.event_id\":\"1118\"}},{\"match_phrase\":{\"winlog.event_id\":\"1119\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"AV Detection event","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NTgsN10="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"AV Hits (Count)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"AV Hits (Count)\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"AV Detection hits\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NTksN10="} -{"attributes":{"columns":["winlog.event_data.Detection User","host.name","winlog.event_data.Path","winlog.event_data.FWLink"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: 1116\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Windows Defender\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.provider\":{\"query\":\"Microsoft-Windows-Windows Defender\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Defender AV Detections","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T19:23:01.775Z","id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-10-05T19:23:01.775Z","version":"WzU2NjAsN10="} -{"attributes":{"description":"User Security overview, filtered by Domain / Username or hostname","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"cb956d23-9d5b-4af8-becf-a2d2d108b5f7\"},\"panelIndex\":\"cb956d23-9d5b-4af8-becf-a2d2d108b5f7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cb956d23-9d5b-4af8-becf-a2d2d108b5f7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":23,\"h\":7,\"i\":\"d962c0d4-f80a-426c-9a1b-43e2fb6296f2\"},\"panelIndex\":\"d962c0d4-f80a-426c-9a1b-43e2fb6296f2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search users\",\"panelRefName\":\"panel_d962c0d4-f80a-426c-9a1b-43e2fb6296f2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":3,\"w\":25,\"h\":7,\"i\":\"acae805a-1f8b-4298-99e6-9624fdc45fee\"},\"panelIndex\":\"acae805a-1f8b-4298-99e6-9624fdc45fee\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Filter users\",\"panelRefName\":\"panel_acae805a-1f8b-4298-99e6-9624fdc45fee\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":10,\"w\":23,\"h\":7,\"i\":\"669e458b-ac6a-41d1-b3e2-945a0c8571bd\"},\"panelIndex\":\"669e458b-ac6a-41d1-b3e2-945a0c8571bd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search hosts\",\"panelRefName\":\"panel_669e458b-ac6a-41d1-b3e2-945a0c8571bd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":10,\"w\":25,\"h\":7,\"i\":\"b5483ec3-77b5-4e4c-b532-32ce796aa1de\"},\"panelIndex\":\"b5483ec3-77b5-4e4c-b532-32ce796aa1de\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Filter hosts\",\"panelRefName\":\"panel_b5483ec3-77b5-4e4c-b532-32ce796aa1de\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":48,\"h\":4,\"i\":\"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\"},\"panelIndex\":\"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":21,\"w\":9,\"h\":7,\"i\":\"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\"},\"panelIndex\":\"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":21,\"w\":20,\"h\":14,\"i\":\"13240516-125d-434d-8929-d9a334308aa6\"},\"panelIndex\":\"13240516-125d-434d-8929-d9a334308aa6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon attempts\",\"panelRefName\":\"panel_13240516-125d-434d-8929-d9a334308aa6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":21,\"w\":19,\"h\":14,\"i\":\"4b488bfa-a881-46c9-933b-ed762dfb6884\"},\"panelIndex\":\"4b488bfa-a881-46c9-933b-ed762dfb6884\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logged on computers\",\"panelRefName\":\"panel_4b488bfa-a881-46c9-933b-ed762dfb6884\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":9,\"h\":7,\"i\":\"1d6bc214-21e6-4f94-b4df-94585768f0d1\"},\"panelIndex\":\"1d6bc214-21e6-4f94-b4df-94585768f0d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1d6bc214-21e6-4f94-b4df-94585768f0d1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":17,\"i\":\"5db1345f-28a0-43fd-9cd2-d51e9349cfad\"},\"panelIndex\":\"5db1345f-28a0-43fd-9cd2-d51e9349cfad\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Logon & Logoff Events\",\"panelRefName\":\"panel_5db1345f-28a0-43fd-9cd2-d51e9349cfad\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":52,\"w\":48,\"h\":4,\"i\":\"dc8de60f-b44b-4e88-9f4c-603ebc8be78b\"},\"panelIndex\":\"dc8de60f-b44b-4e88-9f4c-603ebc8be78b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dc8de60f-b44b-4e88-9f4c-603ebc8be78b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":14,\"i\":\"3b38696a-cc17-47fb-91f4-96884a7262de\"},\"panelIndex\":\"3b38696a-cc17-47fb-91f4-96884a7262de\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"All network connections\",\"panelRefName\":\"panel_3b38696a-cc17-47fb-91f4-96884a7262de\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":70,\"w\":24,\"h\":17,\"i\":\"c7fa573d-ea88-4f5f-aabe-40c9878d97e0\"},\"panelIndex\":\"c7fa573d-ea88-4f5f-aabe-40c9878d97e0\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network connections by country\",\"panelRefName\":\"panel_c7fa573d-ea88-4f5f-aabe-40c9878d97e0\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":70,\"w\":24,\"h\":17,\"i\":\"8053a0e5-33e4-46d0-adcc-5baa505a07e4\"},\"panelIndex\":\"8053a0e5-33e4-46d0-adcc-5baa505a07e4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network connection by protocol\",\"panelRefName\":\"panel_8053a0e5-33e4-46d0-adcc-5baa505a07e4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":87,\"w\":24,\"h\":15,\"i\":\"85d08841-be8d-45e6-8d57-e79d3e63b315\"},\"panelIndex\":\"85d08841-be8d-45e6-8d57-e79d3e63b315\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}},\"enhancements\":{}},\"title\":\"Network connections from non-browser processes\",\"panelRefName\":\"panel_85d08841-be8d-45e6-8d57-e79d3e63b315\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":87,\"w\":24,\"h\":15,\"i\":\"d6e81b2b-664b-480d-9e79-0146110b5b40\"},\"panelIndex\":\"d6e81b2b-664b-480d-9e79-0146110b5b40\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Unusual network connections from non-browser processes\",\"panelRefName\":\"panel_d6e81b2b-664b-480d-9e79-0146110b5b40\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":102,\"w\":48,\"h\":10,\"i\":\"cf6d87aa-3642-443d-8535-ffc445bb0de8\"},\"panelIndex\":\"cf6d87aa-3642-443d-8535-ffc445bb0de8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network Connection Events (Sysmon ID 3)\",\"panelRefName\":\"panel_cf6d87aa-3642-443d-8535-ffc445bb0de8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":112,\"w\":48,\"h\":4,\"i\":\"e7d0f621-25db-4fc2-b342-de3356d27d22\"},\"panelIndex\":\"e7d0f621-25db-4fc2-b342-de3356d27d22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e7d0f621-25db-4fc2-b342-de3356d27d22\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":116,\"w\":48,\"h\":14,\"i\":\"8dba12cb-b13b-4885-be71-4f0b80b741a1\"},\"panelIndex\":\"8dba12cb-b13b-4885-be71-4f0b80b741a1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Spawned Processes\",\"panelRefName\":\"panel_8dba12cb-b13b-4885-be71-4f0b80b741a1\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":130,\"w\":10,\"h\":15,\"i\":\"d91877f5-6b32-4f10-b31c-a7dfc609b37e\"},\"panelIndex\":\"d91877f5-6b32-4f10-b31c-a7dfc609b37e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell Events\",\"panelRefName\":\"panel_d91877f5-6b32-4f10-b31c-a7dfc609b37e\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":130,\"w\":20,\"h\":15,\"i\":\"57e03c45-07da-4b09-84ad-8f536cbdbb58\"},\"panelIndex\":\"57e03c45-07da-4b09-84ad-8f536cbdbb58\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events over time\",\"panelRefName\":\"panel_57e03c45-07da-4b09-84ad-8f536cbdbb58\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":130,\"w\":18,\"h\":15,\"i\":\"6286154f-2b14-43a6-a3a5-9e85cf465162\"},\"panelIndex\":\"6286154f-2b14-43a6-a3a5-9e85cf465162\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events by computer\",\"panelRefName\":\"panel_6286154f-2b14-43a6-a3a5-9e85cf465162\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":145,\"w\":48,\"h\":16,\"i\":\"376ac409-1f80-4cc4-a94f-71431233ffc1\"},\"panelIndex\":\"376ac409-1f80-4cc4-a94f-71431233ffc1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Potentially suspicious powershell\",\"panelRefName\":\"panel_376ac409-1f80-4cc4-a94f-71431233ffc1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":161,\"w\":48,\"h\":14,\"i\":\"570dff9d-ac96-4d3b-a4f3-a81e09fce159\"},\"panelIndex\":\"570dff9d-ac96-4d3b-a4f3-a81e09fce159\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell network connections\",\"panelRefName\":\"panel_570dff9d-ac96-4d3b-a4f3-a81e09fce159\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":175,\"w\":48,\"h\":4,\"i\":\"fb24e6b0-f665-4798-8540-31d38b4b78cb\"},\"panelIndex\":\"fb24e6b0-f665-4798-8540-31d38b4b78cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fb24e6b0-f665-4798-8540-31d38b4b78cb\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":179,\"w\":24,\"h\":15,\"i\":\"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\"},\"panelIndex\":\"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"References to temporary files\",\"panelRefName\":\"panel_f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":179,\"w\":24,\"h\":15,\"i\":\"5b06e280-9804-408b-b8c5-c75f21bb7d00\"},\"panelIndex\":\"5b06e280-9804-408b-b8c5-c75f21bb7d00\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"RawAccessRead (Sysmon Event 9)\",\"panelRefName\":\"panel_5b06e280-9804-408b-b8c5-c75f21bb7d00\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":194,\"w\":48,\"h\":4,\"i\":\"05382728-1306-4e59-b08e-d899afdf22b3\"},\"panelIndex\":\"05382728-1306-4e59-b08e-d899afdf22b3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_05382728-1306-4e59-b08e-d899afdf22b3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":198,\"w\":12,\"h\":14,\"i\":\"ba231616-e45f-4299-87a6-56f785c53354\"},\"panelIndex\":\"ba231616-e45f-4299-87a6-56f785c53354\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Defender event count\",\"panelRefName\":\"panel_ba231616-e45f-4299-87a6-56f785c53354\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":198,\"w\":12,\"h\":14,\"i\":\"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\"},\"panelIndex\":\"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":198,\"w\":24,\"h\":14,\"i\":\"af3a8a33-8efa-422f-b024-f2c4a158586f\"},\"panelIndex\":\"af3a8a33-8efa-422f-b024-f2c4a158586f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"AV Detections (Event 1116)\",\"panelRefName\":\"panel_af3a8a33-8efa-422f-b024-f2c4a158586f\"}]","timeRestore":false,"title":"User Security","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-10-05T21:10:21.944Z","id":"e5f203f0-6182-11ee-b035-d5f231e90733","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"cb956d23-9d5b-4af8-becf-a2d2d108b5f7:panel_cb956d23-9d5b-4af8-becf-a2d2d108b5f7","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"d962c0d4-f80a-426c-9a1b-43e2fb6296f2:panel_d962c0d4-f80a-426c-9a1b-43e2fb6296f2","type":"visualization"},{"id":"a71b5fa0-860c-11ea-a720-c7a0431f179d","name":"acae805a-1f8b-4298-99e6-9624fdc45fee:panel_acae805a-1f8b-4298-99e6-9624fdc45fee","type":"visualization"},{"id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","name":"669e458b-ac6a-41d1-b3e2-945a0c8571bd:panel_669e458b-ac6a-41d1-b3e2-945a0c8571bd","type":"visualization"},{"id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","name":"b5483ec3-77b5-4e4c-b532-32ce796aa1de:panel_b5483ec3-77b5-4e4c-b532-32ce796aa1de","type":"visualization"},{"id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","name":"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae:panel_0eb6fcd2-cd91-4c3e-b652-4f06922da3ae","type":"visualization"},{"id":"22170f50-853c-11ea-b6c5-5d9149593ce4","name":"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f:panel_2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f","type":"visualization"},{"id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","name":"13240516-125d-434d-8929-d9a334308aa6:panel_13240516-125d-434d-8929-d9a334308aa6","type":"visualization"},{"id":"489f7350-853d-11ea-b6c5-5d9149593ce4","name":"4b488bfa-a881-46c9-933b-ed762dfb6884:panel_4b488bfa-a881-46c9-933b-ed762dfb6884","type":"visualization"},{"id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","name":"1d6bc214-21e6-4f94-b4df-94585768f0d1:panel_1d6bc214-21e6-4f94-b4df-94585768f0d1","type":"visualization"},{"id":"2325be20-8616-11ea-a720-c7a0431f179d","name":"5db1345f-28a0-43fd-9cd2-d51e9349cfad:panel_5db1345f-28a0-43fd-9cd2-d51e9349cfad","type":"search"},{"id":"a1229110-860f-11ea-a720-c7a0431f179d","name":"dc8de60f-b44b-4e88-9f4c-603ebc8be78b:panel_dc8de60f-b44b-4e88-9f4c-603ebc8be78b","type":"visualization"},{"id":"ec7ad2d0-8641-11ea-907a-33d103156187","name":"3b38696a-cc17-47fb-91f4-96884a7262de:panel_3b38696a-cc17-47fb-91f4-96884a7262de","type":"visualization"},{"id":"9a7600a0-8ba9-11ea-b494-03608db93b61","name":"c7fa573d-ea88-4f5f-aabe-40c9878d97e0:panel_c7fa573d-ea88-4f5f-aabe-40c9878d97e0","type":"visualization"},{"id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","name":"8053a0e5-33e4-46d0-adcc-5baa505a07e4:panel_8053a0e5-33e4-46d0-adcc-5baa505a07e4","type":"visualization"},{"id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","name":"85d08841-be8d-45e6-8d57-e79d3e63b315:panel_85d08841-be8d-45e6-8d57-e79d3e63b315","type":"visualization"},{"id":"245778d0-8641-11ea-907a-33d103156187","name":"d6e81b2b-664b-480d-9e79-0146110b5b40:panel_d6e81b2b-664b-480d-9e79-0146110b5b40","type":"visualization"},{"id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","name":"cf6d87aa-3642-443d-8535-ffc445bb0de8:panel_cf6d87aa-3642-443d-8535-ffc445bb0de8","type":"search"},{"id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","name":"e7d0f621-25db-4fc2-b342-de3356d27d22:panel_e7d0f621-25db-4fc2-b342-de3356d27d22","type":"visualization"},{"id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","name":"8dba12cb-b13b-4885-be71-4f0b80b741a1:panel_8dba12cb-b13b-4885-be71-4f0b80b741a1","type":"search"},{"id":"60553d40-ec18-11e9-befc-81397a291157","name":"d91877f5-6b32-4f10-b31c-a7dfc609b37e:panel_d91877f5-6b32-4f10-b31c-a7dfc609b37e","type":"visualization"},{"id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","name":"57e03c45-07da-4b09-84ad-8f536cbdbb58:panel_57e03c45-07da-4b09-84ad-8f536cbdbb58","type":"visualization"},{"id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","name":"6286154f-2b14-43a6-a3a5-9e85cf465162:panel_6286154f-2b14-43a6-a3a5-9e85cf465162","type":"visualization"},{"id":"ff5a53b0-ebf7-11e9-befc-81397a291157","name":"376ac409-1f80-4cc4-a94f-71431233ffc1:panel_376ac409-1f80-4cc4-a94f-71431233ffc1","type":"search"},{"id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","name":"570dff9d-ac96-4d3b-a4f3-a81e09fce159:panel_570dff9d-ac96-4d3b-a4f3-a81e09fce159","type":"search"},{"id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","name":"fb24e6b0-f665-4798-8540-31d38b4b78cb:panel_fb24e6b0-f665-4798-8540-31d38b4b78cb","type":"visualization"},{"id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","name":"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a:panel_f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a","type":"visualization"},{"id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","name":"5b06e280-9804-408b-b8c5-c75f21bb7d00:panel_5b06e280-9804-408b-b8c5-c75f21bb7d00","type":"search"},{"id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","name":"05382728-1306-4e59-b08e-d899afdf22b3:panel_05382728-1306-4e59-b08e-d899afdf22b3","type":"visualization"},{"id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","name":"ba231616-e45f-4299-87a6-56f785c53354:panel_ba231616-e45f-4299-87a6-56f785c53354","type":"visualization"},{"id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","name":"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931:panel_9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931","type":"visualization"},{"id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","name":"af3a8a33-8efa-422f-b024-f2c4a158586f:panel_af3a8a33-8efa-422f-b024-f2c4a158586f","type":"search"}],"type":"dashboard","updated_at":"2023-10-05T21:10:21.944Z","version":"WzY0MjQsN10="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Alerting Dashboard](#/dashboard/ac1078e0-8a32-11ea-8939-89f508ff7909)\\n| [Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T11:11:46.893Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T11:11:46.893Z","version":"WzE5NjYwOCw4XQ=="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":1},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":2},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzcxOSw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"winlog.event_data.TargetDomainName\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"winlog.event_data.TargetUserName\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzcyMCw4XQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"not user.name:*$\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"user.name\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"user.name\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"UserDashboardUserList","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"e8f983d0-860b-11ea-a720-c7a0431f179d","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzcyMSw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Filter Users","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Filter Users\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Events\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetDomainName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Domain\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Username\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"a71b5fa0-860c-11ea-a720-c7a0431f179d","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e8f983d0-860b-11ea-a720-c7a0431f179d","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzcyMiw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security - Select Host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select Host\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1588685297382\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzcyMyw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - Filter Hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Filter Hosts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzcyNCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Logons Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logons Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Logons\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzcyNSw4XQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Human User Logon Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzcyNiw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon attempts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon attempts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Login attempts\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"22170f50-853c-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzcyNyw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon events over time","uiStateJSON":"{\"vis\":{\"colors\":{\"Failed attempts\":\"#BF1B00\",\"Successful atempts\":\"#629E51\"}}}","version":1,"visState":"{\"title\":\"Security - Logon events over time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-23T08:41:59.000Z\",\"max\":\"2020-04-23T08:56:59.000Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":\"event.code:4625\",\"language\":\"lucene\"},\"label\":\"Failed attempts\"},{\"input\":{\"query\":\"event.code:4624\",\"language\":\"lucene\"},\"label\":\"Successful atempts\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzcyOCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"event.code\",\"value\":\"4,624, 4,625\",\"params\":[\"4624\",\"4625\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}},{\"match_phrase\":{\"event.code\":\"4625\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Computers\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"489f7350-853d-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzcyOSw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Hosts\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzczMCw4XQ=="} +{"attributes":{"columns":["event.code","host.name","winlog.event_data.TargetDomainName","winlog.event_data.TargetUserName","winlog.event_data.IpAddress","event.action","event.outcome","winlog.event_data.LogonType"],"description":"","grid":{"columns":{"user.domain":{"width":119},"user.name":{"width":134}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Human Logon & Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"2325be20-8616-11ea-a720-c7a0431f179d","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzczMSw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Network Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Network Connections\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"a1229110-860f-11ea-a720-c7a0431f179d","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzczMiw4XQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id : \\\"3\\\" and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"All network activity ","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"d1a74ce0-8641-11ea-907a-33d103156187","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzczMyw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Activity Line","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Activity Line\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Connections\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Connections\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-24T15:29:10.918Z\",\"max\":\"2020-04-24T15:44:10.918Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Connections\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"ec7ad2d0-8641-11ea-907a-33d103156187","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d1a74ce0-8641-11ea-907a-33d103156187","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzczNCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"title":"Security - Network connection country pie","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security - Network connection country pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"9a7600a0-8ba9-11ea-b494-03608db93b61","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzczNSw4XQ=="} +{"attributes":{"columns":["winlog.event_data.DestinationHostname","destination.ip","winlog.event_data.DestinationIsIpv6","network.","process.executable","winlog.event_data.DestinationPort","winlog.event_data.Protocol","winlog.user.name","winlog.user.type","source.ip","winlog.event_data.SourceIsIpv6","source.port","network.protocol"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") AND NOT (process.name:iexplore.exe OR process.name:chrome.exe OR process.name:firefox.exe OR process.name:opera.exe) AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_non_browsers_connection","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzczNiw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network connections area ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network connections area \",\"type\":\"area\",\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"labels\":{},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15w\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzczNyw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Process List","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.executable\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Logged on user\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"date\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security - Network Process List\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzczOCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Overview - Processes with unusual network activity","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"significant_terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.executable\",\"size\":10,\"include\":\"\",\"json\":\"\",\"customLabel\":\"Process\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"string\"},\"params\":{},\"label\":\"Process\",\"aggType\":\"significant_terms\"}]},\"showToolbar\":true},\"title\":\"Overview - Processes with unusual network activity\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"245778d0-8641-11ea-907a-33d103156187","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5MzczOSw4XQ=="} +{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","source.ip","source.port","destination.ip","destination.port","network.transport"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_uds_non_private_network","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc0MCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Processes Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Processes Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Processes & Powershell\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc0MSw4XQ=="} +{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.args","process.parent.executable","hash.imphash"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Process Spawns","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc0Miw4XQ=="} +{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.command_line","process.parent.executable","process.parent.command_line","file.path","event.code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\" OR process.command_line.text:\\\"powershell\\\" OR parent.process.command_line.text:\\\"powershell\\\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_powershell_run","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"2e276480-ec16-11e9-befc-81397a291157","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc0Myw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell Run Count","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Security - Powershell Run Count\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"60553d40-ec18-11e9-befc-81397a291157","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc0NCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell runs over time","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now/w\",\"to\":\"now/w\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"title\":\"Security - Powershell runs over time\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc0NSw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Power shell hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"metric\":{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security - Power shell hosts pie\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc0Niw4XQ=="} +{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.args","process.parent.executable","process.parent.args"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND process.command_line.text:(\\\"invoke\\\" or \\\"bypass\\\" or \\\"iex\\\" or \\\"ex\\\" or \\\"icm\\\" or \\\"new-object\\\" or \\\"set\\\" or \\\"get\\\" or \\\"write\\\" or \\\"out\\\" or \\\"download\\\" or \\\"encoded\\\")\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Potentially Suspicious Powershell","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"ff5a53b0-ebf7-11e9-befc-81397a291157","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc0Nyw4XQ=="} +{"attributes":{"columns":["user.domain","user.name","host.name","destination.domain","destination.ip"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND (process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_uds_powershell_network","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc0OCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Files title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Files title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Files\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc0OSw4XQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"file.path.text: \\\"tmp\\\" OR file.path.text:\\\"temp\\\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"file.path\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"file.path\"},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"TEMP & %TEMP%","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc1MCw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"TEMP & %TEMP%","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target File\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"TEMP & %TEMP%\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc1MSw4XQ=="} +{"attributes":{"columns":["@timestamp","user.domain","user.name","host.name","process.executable","winlog.event_data.ProcessId"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: \\\"9\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Raw Access Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc1Miw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Windows Defender Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Windows Defender Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Windows Defender\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc1Myw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"winlog.event_id:(1006 or 1007 or 1008 or 1009 or 1116 or 1117 or 1118 or 1119)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - AV Events Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - AV Events Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Windows AV Events\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc1NCw4XQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_id\",\"value\":\"1,006, 1,007, 1,008, 1,009, 1,116, 1,117, 1,118, 1,119\",\"params\":[\"1006\",\"1007\",\"1008\",\"1009\",\"1116\",\"1117\",\"1118\",\"1119\"],\"negate\":false,\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_id\":\"1006\"}},{\"match_phrase\":{\"winlog.event_id\":\"1007\"}},{\"match_phrase\":{\"winlog.event_id\":\"1008\"}},{\"match_phrase\":{\"winlog.event_id\":\"1009\"}},{\"match_phrase\":{\"winlog.event_id\":\"1116\"}},{\"match_phrase\":{\"winlog.event_id\":\"1117\"}},{\"match_phrase\":{\"winlog.event_id\":\"1118\"}},{\"match_phrase\":{\"winlog.event_id\":\"1119\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"AV Detection event","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc1NSw4XQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"AV Hits (Count)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"AV Hits (Count)\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"AV Detection hits\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc1Niw4XQ=="} +{"attributes":{"columns":["winlog.event_data.Detection User","host.name","winlog.event_data.Path","winlog.event_data.FWLink"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: 1116\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Windows Defender\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.provider\":{\"query\":\"Microsoft-Windows-Windows Defender\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Defender AV Detections","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc1Nyw4XQ=="} +{"attributes":{"description":"User Security overview, filtered by Domain / Username or hostname","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"cb956d23-9d5b-4af8-becf-a2d2d108b5f7\"},\"panelIndex\":\"cb956d23-9d5b-4af8-becf-a2d2d108b5f7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cb956d23-9d5b-4af8-becf-a2d2d108b5f7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":23,\"h\":7,\"i\":\"d962c0d4-f80a-426c-9a1b-43e2fb6296f2\"},\"panelIndex\":\"d962c0d4-f80a-426c-9a1b-43e2fb6296f2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search users\",\"panelRefName\":\"panel_d962c0d4-f80a-426c-9a1b-43e2fb6296f2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":3,\"w\":25,\"h\":7,\"i\":\"acae805a-1f8b-4298-99e6-9624fdc45fee\"},\"panelIndex\":\"acae805a-1f8b-4298-99e6-9624fdc45fee\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Filter users\",\"panelRefName\":\"panel_acae805a-1f8b-4298-99e6-9624fdc45fee\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":10,\"w\":23,\"h\":7,\"i\":\"669e458b-ac6a-41d1-b3e2-945a0c8571bd\"},\"panelIndex\":\"669e458b-ac6a-41d1-b3e2-945a0c8571bd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search hosts\",\"panelRefName\":\"panel_669e458b-ac6a-41d1-b3e2-945a0c8571bd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":10,\"w\":25,\"h\":7,\"i\":\"b5483ec3-77b5-4e4c-b532-32ce796aa1de\"},\"panelIndex\":\"b5483ec3-77b5-4e4c-b532-32ce796aa1de\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Filter hosts\",\"panelRefName\":\"panel_b5483ec3-77b5-4e4c-b532-32ce796aa1de\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":48,\"h\":4,\"i\":\"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\"},\"panelIndex\":\"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":21,\"w\":9,\"h\":7,\"i\":\"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\"},\"panelIndex\":\"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":21,\"w\":20,\"h\":14,\"i\":\"13240516-125d-434d-8929-d9a334308aa6\"},\"panelIndex\":\"13240516-125d-434d-8929-d9a334308aa6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon attempts\",\"panelRefName\":\"panel_13240516-125d-434d-8929-d9a334308aa6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":21,\"w\":19,\"h\":14,\"i\":\"4b488bfa-a881-46c9-933b-ed762dfb6884\"},\"panelIndex\":\"4b488bfa-a881-46c9-933b-ed762dfb6884\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logged on computers\",\"panelRefName\":\"panel_4b488bfa-a881-46c9-933b-ed762dfb6884\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":9,\"h\":7,\"i\":\"1d6bc214-21e6-4f94-b4df-94585768f0d1\"},\"panelIndex\":\"1d6bc214-21e6-4f94-b4df-94585768f0d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1d6bc214-21e6-4f94-b4df-94585768f0d1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":17,\"i\":\"5db1345f-28a0-43fd-9cd2-d51e9349cfad\"},\"panelIndex\":\"5db1345f-28a0-43fd-9cd2-d51e9349cfad\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Logon & Logoff Events\",\"panelRefName\":\"panel_5db1345f-28a0-43fd-9cd2-d51e9349cfad\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":52,\"w\":48,\"h\":4,\"i\":\"dc8de60f-b44b-4e88-9f4c-603ebc8be78b\"},\"panelIndex\":\"dc8de60f-b44b-4e88-9f4c-603ebc8be78b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dc8de60f-b44b-4e88-9f4c-603ebc8be78b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":14,\"i\":\"3b38696a-cc17-47fb-91f4-96884a7262de\"},\"panelIndex\":\"3b38696a-cc17-47fb-91f4-96884a7262de\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"All network connections\",\"panelRefName\":\"panel_3b38696a-cc17-47fb-91f4-96884a7262de\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":70,\"w\":24,\"h\":17,\"i\":\"c7fa573d-ea88-4f5f-aabe-40c9878d97e0\"},\"panelIndex\":\"c7fa573d-ea88-4f5f-aabe-40c9878d97e0\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network connections by country\",\"panelRefName\":\"panel_c7fa573d-ea88-4f5f-aabe-40c9878d97e0\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":70,\"w\":24,\"h\":17,\"i\":\"8053a0e5-33e4-46d0-adcc-5baa505a07e4\"},\"panelIndex\":\"8053a0e5-33e4-46d0-adcc-5baa505a07e4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network connection by protocol\",\"panelRefName\":\"panel_8053a0e5-33e4-46d0-adcc-5baa505a07e4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":87,\"w\":24,\"h\":15,\"i\":\"85d08841-be8d-45e6-8d57-e79d3e63b315\"},\"panelIndex\":\"85d08841-be8d-45e6-8d57-e79d3e63b315\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}},\"enhancements\":{}},\"title\":\"Network connections from non-browser processes\",\"panelRefName\":\"panel_85d08841-be8d-45e6-8d57-e79d3e63b315\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":87,\"w\":24,\"h\":15,\"i\":\"d6e81b2b-664b-480d-9e79-0146110b5b40\"},\"panelIndex\":\"d6e81b2b-664b-480d-9e79-0146110b5b40\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Unusual network connections from non-browser processes\",\"panelRefName\":\"panel_d6e81b2b-664b-480d-9e79-0146110b5b40\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":102,\"w\":48,\"h\":10,\"i\":\"cf6d87aa-3642-443d-8535-ffc445bb0de8\"},\"panelIndex\":\"cf6d87aa-3642-443d-8535-ffc445bb0de8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network Connection Events (Sysmon ID 3)\",\"panelRefName\":\"panel_cf6d87aa-3642-443d-8535-ffc445bb0de8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":112,\"w\":48,\"h\":4,\"i\":\"e7d0f621-25db-4fc2-b342-de3356d27d22\"},\"panelIndex\":\"e7d0f621-25db-4fc2-b342-de3356d27d22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e7d0f621-25db-4fc2-b342-de3356d27d22\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":116,\"w\":48,\"h\":14,\"i\":\"8dba12cb-b13b-4885-be71-4f0b80b741a1\"},\"panelIndex\":\"8dba12cb-b13b-4885-be71-4f0b80b741a1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Spawned Processes\",\"panelRefName\":\"panel_8dba12cb-b13b-4885-be71-4f0b80b741a1\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":130,\"w\":10,\"h\":15,\"i\":\"d91877f5-6b32-4f10-b31c-a7dfc609b37e\"},\"panelIndex\":\"d91877f5-6b32-4f10-b31c-a7dfc609b37e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell Events\",\"panelRefName\":\"panel_d91877f5-6b32-4f10-b31c-a7dfc609b37e\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":130,\"w\":20,\"h\":15,\"i\":\"57e03c45-07da-4b09-84ad-8f536cbdbb58\"},\"panelIndex\":\"57e03c45-07da-4b09-84ad-8f536cbdbb58\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events over time\",\"panelRefName\":\"panel_57e03c45-07da-4b09-84ad-8f536cbdbb58\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":130,\"w\":18,\"h\":15,\"i\":\"6286154f-2b14-43a6-a3a5-9e85cf465162\"},\"panelIndex\":\"6286154f-2b14-43a6-a3a5-9e85cf465162\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events by computer\",\"panelRefName\":\"panel_6286154f-2b14-43a6-a3a5-9e85cf465162\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":145,\"w\":48,\"h\":16,\"i\":\"376ac409-1f80-4cc4-a94f-71431233ffc1\"},\"panelIndex\":\"376ac409-1f80-4cc4-a94f-71431233ffc1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Potentially suspicious powershell\",\"panelRefName\":\"panel_376ac409-1f80-4cc4-a94f-71431233ffc1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":161,\"w\":48,\"h\":14,\"i\":\"570dff9d-ac96-4d3b-a4f3-a81e09fce159\"},\"panelIndex\":\"570dff9d-ac96-4d3b-a4f3-a81e09fce159\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell network connections\",\"panelRefName\":\"panel_570dff9d-ac96-4d3b-a4f3-a81e09fce159\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":175,\"w\":48,\"h\":4,\"i\":\"fb24e6b0-f665-4798-8540-31d38b4b78cb\"},\"panelIndex\":\"fb24e6b0-f665-4798-8540-31d38b4b78cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fb24e6b0-f665-4798-8540-31d38b4b78cb\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":179,\"w\":24,\"h\":15,\"i\":\"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\"},\"panelIndex\":\"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"References to temporary files\",\"panelRefName\":\"panel_f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":179,\"w\":24,\"h\":15,\"i\":\"5b06e280-9804-408b-b8c5-c75f21bb7d00\"},\"panelIndex\":\"5b06e280-9804-408b-b8c5-c75f21bb7d00\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"RawAccessRead (Sysmon Event 9)\",\"panelRefName\":\"panel_5b06e280-9804-408b-b8c5-c75f21bb7d00\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":194,\"w\":48,\"h\":4,\"i\":\"05382728-1306-4e59-b08e-d899afdf22b3\"},\"panelIndex\":\"05382728-1306-4e59-b08e-d899afdf22b3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_05382728-1306-4e59-b08e-d899afdf22b3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":198,\"w\":12,\"h\":14,\"i\":\"ba231616-e45f-4299-87a6-56f785c53354\"},\"panelIndex\":\"ba231616-e45f-4299-87a6-56f785c53354\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Defender event count\",\"panelRefName\":\"panel_ba231616-e45f-4299-87a6-56f785c53354\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":198,\"w\":12,\"h\":14,\"i\":\"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\"},\"panelIndex\":\"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":198,\"w\":24,\"h\":14,\"i\":\"af3a8a33-8efa-422f-b024-f2c4a158586f\"},\"panelIndex\":\"af3a8a33-8efa-422f-b024-f2c4a158586f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"AV Detections (Event 1116)\",\"panelRefName\":\"panel_af3a8a33-8efa-422f-b024-f2c4a158586f\"}]","timeRestore":false,"title":"User Security","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T10:41:57.358Z","id":"e5f203f0-6182-11ee-b035-d5f231e90733","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"cb956d23-9d5b-4af8-becf-a2d2d108b5f7:panel_cb956d23-9d5b-4af8-becf-a2d2d108b5f7","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"d962c0d4-f80a-426c-9a1b-43e2fb6296f2:panel_d962c0d4-f80a-426c-9a1b-43e2fb6296f2","type":"visualization"},{"id":"a71b5fa0-860c-11ea-a720-c7a0431f179d","name":"acae805a-1f8b-4298-99e6-9624fdc45fee:panel_acae805a-1f8b-4298-99e6-9624fdc45fee","type":"visualization"},{"id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","name":"669e458b-ac6a-41d1-b3e2-945a0c8571bd:panel_669e458b-ac6a-41d1-b3e2-945a0c8571bd","type":"visualization"},{"id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","name":"b5483ec3-77b5-4e4c-b532-32ce796aa1de:panel_b5483ec3-77b5-4e4c-b532-32ce796aa1de","type":"visualization"},{"id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","name":"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae:panel_0eb6fcd2-cd91-4c3e-b652-4f06922da3ae","type":"visualization"},{"id":"22170f50-853c-11ea-b6c5-5d9149593ce4","name":"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f:panel_2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f","type":"visualization"},{"id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","name":"13240516-125d-434d-8929-d9a334308aa6:panel_13240516-125d-434d-8929-d9a334308aa6","type":"visualization"},{"id":"489f7350-853d-11ea-b6c5-5d9149593ce4","name":"4b488bfa-a881-46c9-933b-ed762dfb6884:panel_4b488bfa-a881-46c9-933b-ed762dfb6884","type":"visualization"},{"id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","name":"1d6bc214-21e6-4f94-b4df-94585768f0d1:panel_1d6bc214-21e6-4f94-b4df-94585768f0d1","type":"visualization"},{"id":"2325be20-8616-11ea-a720-c7a0431f179d","name":"5db1345f-28a0-43fd-9cd2-d51e9349cfad:panel_5db1345f-28a0-43fd-9cd2-d51e9349cfad","type":"search"},{"id":"a1229110-860f-11ea-a720-c7a0431f179d","name":"dc8de60f-b44b-4e88-9f4c-603ebc8be78b:panel_dc8de60f-b44b-4e88-9f4c-603ebc8be78b","type":"visualization"},{"id":"ec7ad2d0-8641-11ea-907a-33d103156187","name":"3b38696a-cc17-47fb-91f4-96884a7262de:panel_3b38696a-cc17-47fb-91f4-96884a7262de","type":"visualization"},{"id":"9a7600a0-8ba9-11ea-b494-03608db93b61","name":"c7fa573d-ea88-4f5f-aabe-40c9878d97e0:panel_c7fa573d-ea88-4f5f-aabe-40c9878d97e0","type":"visualization"},{"id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","name":"8053a0e5-33e4-46d0-adcc-5baa505a07e4:panel_8053a0e5-33e4-46d0-adcc-5baa505a07e4","type":"visualization"},{"id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","name":"85d08841-be8d-45e6-8d57-e79d3e63b315:panel_85d08841-be8d-45e6-8d57-e79d3e63b315","type":"visualization"},{"id":"245778d0-8641-11ea-907a-33d103156187","name":"d6e81b2b-664b-480d-9e79-0146110b5b40:panel_d6e81b2b-664b-480d-9e79-0146110b5b40","type":"visualization"},{"id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","name":"cf6d87aa-3642-443d-8535-ffc445bb0de8:panel_cf6d87aa-3642-443d-8535-ffc445bb0de8","type":"search"},{"id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","name":"e7d0f621-25db-4fc2-b342-de3356d27d22:panel_e7d0f621-25db-4fc2-b342-de3356d27d22","type":"visualization"},{"id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","name":"8dba12cb-b13b-4885-be71-4f0b80b741a1:panel_8dba12cb-b13b-4885-be71-4f0b80b741a1","type":"search"},{"id":"60553d40-ec18-11e9-befc-81397a291157","name":"d91877f5-6b32-4f10-b31c-a7dfc609b37e:panel_d91877f5-6b32-4f10-b31c-a7dfc609b37e","type":"visualization"},{"id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","name":"57e03c45-07da-4b09-84ad-8f536cbdbb58:panel_57e03c45-07da-4b09-84ad-8f536cbdbb58","type":"visualization"},{"id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","name":"6286154f-2b14-43a6-a3a5-9e85cf465162:panel_6286154f-2b14-43a6-a3a5-9e85cf465162","type":"visualization"},{"id":"ff5a53b0-ebf7-11e9-befc-81397a291157","name":"376ac409-1f80-4cc4-a94f-71431233ffc1:panel_376ac409-1f80-4cc4-a94f-71431233ffc1","type":"search"},{"id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","name":"570dff9d-ac96-4d3b-a4f3-a81e09fce159:panel_570dff9d-ac96-4d3b-a4f3-a81e09fce159","type":"search"},{"id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","name":"fb24e6b0-f665-4798-8540-31d38b4b78cb:panel_fb24e6b0-f665-4798-8540-31d38b4b78cb","type":"visualization"},{"id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","name":"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a:panel_f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a","type":"visualization"},{"id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","name":"5b06e280-9804-408b-b8c5-c75f21bb7d00:panel_5b06e280-9804-408b-b8c5-c75f21bb7d00","type":"search"},{"id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","name":"05382728-1306-4e59-b08e-d899afdf22b3:panel_05382728-1306-4e59-b08e-d899afdf22b3","type":"visualization"},{"id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","name":"ba231616-e45f-4299-87a6-56f785c53354:panel_ba231616-e45f-4299-87a6-56f785c53354","type":"visualization"},{"id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","name":"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931:panel_9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931","type":"visualization"},{"id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","name":"af3a8a33-8efa-422f-b024-f2c4a158586f:panel_af3a8a33-8efa-422f-b024-f2c4a158586f","type":"search"}],"type":"dashboard","updated_at":"2023-11-20T10:41:57.358Z","version":"WzE5Mzc1OCw4XQ=="} {"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":41,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file From c458832a52ea6564d92a874493f5eeddd8f84d05 Mon Sep 17 00:00:00 2001 From: Michael Reeves <147089975+mreeve-snl@users.noreply.github.com> Date: Mon, 20 Nov 2023 13:05:37 -0500 Subject: [PATCH 20/29] Lme update functionality (#30) * adding updates to chapter3 for deploy.sh changes * adding updates to dashboard and lme_update to log and run as better cron jobs * adding in more notes to chapter3 on update functionality * Added the following features to deploy.sh: - update function to add lme_upadte.sh and dashboard_update.sh to root's crontab - fixed final permissions so that /opt/lme is readable by `sudo` group - y/n on the uninstall options fixed - upgrade function updated to check for 1.0 version and only remove crontab in upgrading from 0.5.1 - usage function to print the usage * fixing read/write on the files_for_windows.zip * fixing backups permissions --- Chapter 3 Files/dashboard_update.sh | 51 +++++++++- Chapter 3 Files/deploy.sh | 148 ++++++++++++++++------------ Chapter 3 Files/lme_update.sh | 57 ++++++++++- docs/markdown/chapter3/chapter3.md | 51 +++++++++- 4 files changed, 237 insertions(+), 70 deletions(-) diff --git a/Chapter 3 Files/dashboard_update.sh b/Chapter 3 Files/dashboard_update.sh index c00e276c..970e1881 100644 --- a/Chapter 3 Files/dashboard_update.sh +++ b/Chapter 3 Files/dashboard_update.sh @@ -4,6 +4,45 @@ IFS=$'\n' Dashboards="$(ls -1 ${LME_DIR}Chapter\ 4\ Files/dashboards/*.ndjson)" echo $Dashboards +# -------------- cron job automatic logger code START -------------- + +# See my ans: https://stackoverflow.com/a/60157372/4561887 +FULL_PATH_TO_SCRIPT="$(realpath "${BASH_SOURCE[-1]}")" +SCRIPT_DIRECTORY="$(dirname "$FULL_PATH_TO_SCRIPT")" +SCRIPT_FILENAME="$(basename "$FULL_PATH_TO_SCRIPT")" + +LOG_DIR=/var/log/cron_logs +mkdir -p $LOG_DIR +DATE="$(date '+%Y-%m-%d-%H:%M:%S')" + +# Automatically log the output of this script to a file! +begin_logging() { + + # Redirect all future prints in this script from this call-point forward to + # both the screen and a log file! + # + # This is about as magic as it gets! This line uses `exec` + bash "process + # substitution" to redirect all future print statements in this script + # after this line from `stdout` to the `tee` command used below, instead. + # This way, they get printed to the screen *and* to the specified log file + # here! The `2>&1` part redirects `stderr` to `stdout` as well, so that + # `stderr` output gets logged into the file too. + # See: + # 1. *****+++ https://stackoverflow.com/a/49514467/4561887 - + # shows `exec > >(tee $LOG_FILE) 2>&1` + # 1. https://superuser.com/a/569315/425838 - shows `exec &>>` (similar) + exec > >(tee -a "${LOG_DIR}/${SCRIPT_FILENAME}"+$DATE".log") 2>&1 + + echo "" + echo "=====================================================================" + echo "Running cronjob \"$FULL_PATH_TO_SCRIPT\"" + echo "on $DATE" + echo "Cmd: $0 $@" + echo "=====================================================================" +} + + +main() { if [ -r /opt/lme/lme.conf ]; then #reference this file as a source . /opt/lme/lme.conf @@ -12,7 +51,7 @@ if [ -r /opt/lme/lme.conf ]; then echo -e "\e[32m[X]\e[0m Updating from git repo" git -C /opt/lme/ pull #make sure the hostname variable is present - #echo -e "\e[32m[X]\e[0m Updating stored dashboard file" + echo -e "\e[32m[X]\e[0m Updating dashbaords in Kibana" if [ -n "$hostname" ]; then echo -e "\e[32m[X]\e[0m Uploading the new dashboards to Kibana" @@ -25,3 +64,13 @@ if [ -r /opt/lme/lme.conf ]; then fi fi fi +} + +# ------------------------------------------------------------------------------ +# main program entry point +# ------------------------------------------------------------------------------ +if [ "$1" == "log" ]; +then + begin_logging "$@" +fi +time main "$@" diff --git a/Chapter 3 Files/deploy.sh b/Chapter 3 Files/deploy.sh index a39c5832..ad0a4099 100755 --- a/Chapter 3 Files/deploy.sh +++ b/Chapter 3 Files/deploy.sh @@ -160,6 +160,7 @@ function zipfiles() { zip -rmT /opt/lme/files_for_windows.zip /tmp/lme # Give global read permissions to new archive for later retrieval chmod 664 /opt/lme/files_for_windows.zip + } function generateCA() { @@ -409,22 +410,6 @@ get_distribution() { echo "$lsb_dist" } -#DEPRECATED -#function dashboard_update() { -# echo -e "\e[32m[X]\e[0m Creating dashboard update crontab" -# crontab -l | { -# cat -# echo "0 1 * * * /opt/lme/dashboard_update.sh" -# } | crontab - -#} -#DEPRECATED -#function auto_lme_update() { -# echo -e "\e[32m[X]\e[0m Creating LME update crontab" -# crontab -l | { -# cat -# echo "30 1 * * * /opt/lme/lme_update.sh" -# } | crontab - -#} function indexmappingupdate() { echo -e "\n\e[32m[X]\e[0m Uploading the LME index template" @@ -652,23 +637,37 @@ function zipnewcerts() { zip -rmT /opt/lme/new_client_certificates.zip /tmp/lme } -#Deprecated -#function promptupdate() { -# read -e -p "Do you want to automatically update LME ([y]es/[n]o): " -i "y" autoupdate_enabled -# if [ "$autoupdate_enabled" == "y" ]; then -# echo -e "\e[32m[X]\e[0m Enabling LME Automatic Update" -# #cron lme update -# auto_lme_update -# -# read -e -p "Do you want to automatically update Dashboards ([y]es/[n]o): " -i "y" dashboardupdate_enabled -# if [ "$dashboardupdate_enabled" == "y" ]; then -# echo -e "\e[32m[X]\e[0m Enabling Dashboard Automatic Update" -# #cron dash update -# dashboard_update -# fi -# fi -#} -# +function update() { + read -e -p "Do you want to automatically upgrade LME ([y]es/[n]o): " -i "y" autoupdate_enabled + if [ "$autoupdate_enabled" == "y" ]; then + echo -e "**Before proceeding**: Use https://crontab.cronhub.io/ to create a crontab expression.\nPress Any key to continue when done. (Enter) " + read + + echo -e "\e[33m[X]\e[0m Enabling LME Automatic Update" + read -e -p "Specify the crontab entry in quotes: " -i "\"0 1 * * *\"" crb + crb="$(echo "$crb" | tr -d \")" + echo -e "\e[32m[X]\e[0m Creating lme_update with crontab: $crb" + echo -e "\e[32m[X]\e[0m Creating LME update crontab" + crontab -l | { + cat + echo -e "$crb\t/opt/lme/lme_update.sh log" + } | crontab - + + fi + + read -e -p "Do you want to automatically update Dashboards ([y]es/[n]o): " -i "y" dashboardupdate_enabled + if [ "$dashboardupdate_enabled" == "y" ]; then + echo -e "\e[32m[X]\e[0m Enabling Dashboard Automatic Update" + read -e -p "Specify the crontab entry in quotes: " -i "\"0 1 * * *\"" crb + crb="$(echo "$crb" | tr -d \")" + echo -e "\e[32m[X]\e[0m Creating dashboard update with crontab: $crb" + crontab -l | { + cat + echo -e "$crb\t/opt/lme/dashboard_update.sh log" + } | crontab - + fi +} + function bootstrapindex() { if [[ "$(curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -s -o /dev/null -w ''%{http_code}'' https://127.0.0.1:9200/winlogbeat-000001)" != "200" ]]; then @@ -690,6 +689,16 @@ function bootstrapindex() { function fixreadability() { cd /opt/lme/ chmod -077 -R . + + #some permissions to help with seeing files + chown root:sudo /opt/lme/ + chmod 750 /opt/lme/ + chmod 644 files_for_windows.zip + + #fix backups + chown -R 1000:1000 /opt/lme/backups + chmod -R go-rwx /opt/lme/backups + } function install() { @@ -861,36 +870,40 @@ function uninstall() { read -e -p "Proceed ([y]es/[n]o):" -i "n" check if [ "$check" == "n" ]; then return + elif [ "$check" == "y" ];then + echo -e "\e[32m[X]\e[0m Removing Docker stack and configuration" + docker stack rm lme + docker secret rm ca.crt logstash.crt logstash.key elasticsearch.key elasticsearch.crt + docker secret rm kibana.crt kibana.key + docker config rm logstash.conf logstash_custom.conf + echo -e "\e[32m[X]\e[0m Attempting to remove legacy LME files (this will cause expected errors if these no longer exist)" + docker secret rm winlogbeat.crt winlogbeat.key nginx.crt nginx.key + docker config rm osmap.csv + echo -e "\e[32m[X]\e[0m Leaving Docker swarm" + docker swarm leave --force + echo -e "\e[32m[X]\e[0m Removing LME config files and configured auto-updates" + rm -r certs + crontab -l | sed -E '/lme_update.sh|dashboard_update.sh/d' | crontab - + echo -e "\e[33m[!]\e[0m NOTICE!" + echo -e "\e[33m[!]\e[0m No data has been deleted:" + echo -e "\e[33m[!]\e[0m - Run 'sudo docker volume rm lme_esdata' to delete the elasticsearch database" + echo -e "\e[33m[!]\e[0m - Run 'sudo docker volume rm lme_logstashdata' to delete the logstash data directory" + return + else + echo -e "\e[33m[!]\e[0m ONLY PROVIDE y or n" fi - - echo -e "\e[32m[X]\e[0m Removing Docker stack and configuration" - docker stack rm lme - docker secret rm ca.crt logstash.crt logstash.key elasticsearch.key elasticsearch.crt - docker secret rm kibana.crt kibana.key - docker config rm logstash.conf logstash_custom.conf - echo -e "\e[32m[X]\e[0m Attempting to remove legacy LME files (this will cause expected errors if these no longer exist)" - docker secret rm winlogbeat.crt winlogbeat.key nginx.crt nginx.key - docker config rm osmap.csv - echo -e "\e[32m[X]\e[0m Leaving Docker swarm" - docker swarm leave --force - echo -e "\e[32m[X]\e[0m Removing LME config files and configured auto-updates" - rm -r certs - crontab -l | sed -E '/lme_update.sh|dashboard_update.sh/d' | crontab - - echo -e "\e[33m[!]\e[0m NOTICE!" - echo -e "\e[33m[!]\e[0m No data has been deleted:" - echo -e "\e[33m[!]\e[0m - Run 'sudo docker volume rm lme_esdata' to delete the elasticsearch database" - echo -e "\e[33m[!]\e[0m - Run 'sudo docker volume rm lme_logstashdata' to delete the logstash data directory" } -function update() { - #remove auto updates - crontab -l | sed -E '/lme_update.sh|dashboard_update.sh/d' | crontab - +function upgrade() { #check if the config file we're now creating on new installs exists if [ -r /opt/lme/lme.conf ]; then #reference this file as a source . /opt/lme/lme.conf #check if the version number is equal to the one we want if [ "$version" == "0.5.1" ]; then + #remove auto updates + crontab -l | sed -E '/lme_update.sh|dashboard_update.sh/d' | crontab - + echo -e "\e[32m[X]\e[0m Updating from git repo" git -C /opt/lme/ pull @@ -953,9 +966,11 @@ function update() { fi zipfiles fixreadability - fi + elif [ "$version" == "1.0" ]; then + echo -e "\e[32m[X]\e[0m You're on 1.0 the latest version!" else echo -e "\e[31m[!]\e[0m Updating directly to LME 1.0 from versions prior to 0.5.1 is not supported. Update to 0.5.1 first." + fi fi } @@ -1010,6 +1025,13 @@ function renew() { deploylme } +function usage(){ + echo -e "\e[31m[!]\e[0m Invalid operation specified" + echo "Usage: ./deploy.sh (install/uninstall/renew/upgrade/update)" + echo "Example: ./deploy.sh install" + exit 1 +} + ############ #START HERE# ############ @@ -1033,21 +1055,17 @@ cd "$DIR" || exit #What action is the user wanting to perform if [ "$1" == "" ]; then - echo -e "\e[31m[!]\e[0m No operation specified" - echo "Usage: ./deploy.sh (install/uninstall/renew)" - echo "Example: ./deploy.sh install" - exit 1 + usage elif [ "$1" == "install" ]; then install elif [ "$1" == "uninstall" ]; then uninstall -elif [ "$1" == "update" ]; then - update +elif [ "$1" == "upgrade" ]; then + upgrade elif [ "$1" == "renew" ]; then renew +elif [ "$1" == "update" ]; then + update else - echo -e "\e[31m[!]\e[0m Invalid operation specified" - echo "Usage: ./deploy.sh (install/uninstall/renew)" - echo "Example: ./deploy.sh install" - exit 1 + usage fi diff --git a/Chapter 3 Files/lme_update.sh b/Chapter 3 Files/lme_update.sh index 83d3b893..b8dca25b 100644 --- a/Chapter 3 Files/lme_update.sh +++ b/Chapter 3 Files/lme_update.sh @@ -1,2 +1,57 @@ #!/bin/bash -/opt/lme/Chapter\ 3\ Files/deploy.sh update +#!/bin/bash +LME_DIR=/opt/lme/ +IFS=$'\n' +Dashboards="$(ls -1 ${LME_DIR}Chapter\ 4\ Files/dashboards/*.ndjson)" +echo $Dashboards + +# -------------- cron job automatic logger code START -------------- + +# See my ans: https://stackoverflow.com/a/60157372/4561887 +FULL_PATH_TO_SCRIPT="$(realpath "${BASH_SOURCE[-1]}")" +SCRIPT_DIRECTORY="$(dirname "$FULL_PATH_TO_SCRIPT")" +SCRIPT_FILENAME="$(basename "$FULL_PATH_TO_SCRIPT")" + +LOG_DIR=/var/log/cron_logs +mkdir -p $LOG_DIR +DATE="$(date '+%Y-%m-%d-%H:%M:%S')" + +# Automatically log the output of this script to a file! +begin_logging() { + + # Redirect all future prints in this script from this call-point forward to + # both the screen and a log file! + # + # This is about as magic as it gets! This line uses `exec` + bash "process + # substitution" to redirect all future print statements in this script + # after this line from `stdout` to the `tee` command used below, instead. + # This way, they get printed to the screen *and* to the specified log file + # here! The `2>&1` part redirects `stderr` to `stdout` as well, so that + # `stderr` output gets logged into the file too. + # See: + # 1. *****+++ https://stackoverflow.com/a/49514467/4561887 - + # shows `exec > >(tee $LOG_FILE) 2>&1` + # 1. https://superuser.com/a/569315/425838 - shows `exec &>>` (similar) + exec > >(tee -a "${LOG_DIR}/${SCRIPT_FILENAME}"+$DATE".log") 2>&1 + + echo "" + echo "=====================================================================" + echo "Running cronjob \"$FULL_PATH_TO_SCRIPT\"" + echo "on $DATE" + echo "Cmd: $0 $@" + echo "=====================================================================" +} + + +main() { + /opt/lme/Chapter\ 3\ Files/deploy.sh upgrade +} + +# ------------------------------------------------------------------------------ +# main program entry point +# ------------------------------------------------------------------------------ +if [ "$1" == "log" ]; +then + begin_logging "$@" +fi +time main "$@" diff --git a/docs/markdown/chapter3/chapter3.md b/docs/markdown/chapter3/chapter3.md index ed4d3391..d389d288 100644 --- a/docs/markdown/chapter3/chapter3.md +++ b/docs/markdown/chapter3/chapter3.md @@ -139,7 +139,52 @@ If you wish to update log retention time, refer to the [Retention doc](/docs/mar **Note:** The software starts deleting events based upon whichever retention criteria is met first. -### 3.2.4 Download Files for Windows Event Collector +### 3.2.4 LME automatic updates + +Optionally you can choose to have dashboard_update.sh and lme_update.sh run in cron jobs. If you desire this (**NOTE**: If you automatically upgrade LME, your ELK services will go down while upgrades occur. Plan accordingly.). + +To have dashboard and lme update run as cron jobs: +``` +# Change to the LME directory containing files for the Linux server +cd /opt/lme/Chapter\ 3\ Files/ +# Execute script with root privileges +sudo ./deploy.sh update +``` + +Default Input of the script. You can customize when updates will occur using crontab. +``` +root@master:/opt/lme/Chapter 3 Files# sudo ./deploy.sh update +Do you want to automatically upgrade LME ([y]es/[n]o): y +**Before proceeding**: Use https://crontab.cronhub.io/ to create a crontab expression. +Press Any key to continue when done. (Enter) + +[X] Enabling LME Automatic Update +Specify the crontab entry in quotes: "0 1 * * *" +[X] Creating lme_update with crontab: 0 1 * * * +[X] Creating LME update crontab +Do you want to automatically update Dashboards ([y]es/[n]o): y +[X] Enabling Dashboard Automatic Update +Specify the crontab entry in quotes: "0 1 * * *" +[X] Creating dashboard update with crontab: 0 1 * * * +``` + +These scripts utilize git to pull updates, and will work seamlessly if you have pulled the repository as directed above, and you allow port 443 outbound on your linux server. You can check this via the below command: +``` +$ git remote get-url origin +https://github.com/cisagov/LME.git +``` + +In addition, when the cronjobs run you should see logs appear in: `/var/log/cron_logs/`. You can check that below: +``` +$ ls /var/log/cron_logs +dashboard_update.sh+2023-11-10-18:50:01.log dashboard_update.sh+2023-11-10-18:54:01.log lme_update.sh+2023-11-10-18:52:01.log +dashboard_update.sh+2023-11-10-18:51:01.log dashboard_update.sh+2023-11-10-18:55:01.log lme_update.sh+2023-11-10-18:53:01.log +dashboard_update.sh+2023-11-10-18:52:01.log lme_update.sh+2023-11-10-18:50:01.log lme_update.sh+2023-11-10-18:54:01.log +dashboard_update.sh+2023-11-10-18:53:01.log lme_update.sh+2023-11-10-18:51:01.log lme_update.sh+2023-11-10-18:55:01.log +``` +During testing we set the cron expression to run everyminute, so the above date stamps reflect that. You can choose whatever time period is best for you and your organization. + +### 3.2.5 Download Files for Windows Event Collector The deploy.sh script has created files on the Linux server that need to be copied across and used on the Windows Event Collector server. The files have been zipped for convenience, with the filename and location ``` /opt/lme/files_for_windows.zip ```. @@ -193,7 +238,7 @@ Now you need to install Winlogbeat on the Windows Event Collector. Winlogbeat re ### 3.3.1 Files Required -Whichever method you used in [step 3.2.4](#324-download-files-for-windows-event-collector), you should have downloaded the `files_for_windows.zip` archive containing the following files: +Whichever method you used in [step 3.2.5](#325-download-files-for-windows-event-collector), you should have downloaded the `files_for_windows.zip` archive containing the following files: - root-ca.crt - wlbclient.key - wlbclient.crt @@ -243,7 +288,7 @@ Figure 5: Winlogbeat Service Running ## Trusting the certs that secure LME's services Theres a few steps we need to follow to trust the self-signed cert: -1. Grab the self-signed certificate authority for LME (done in step [3.2.4](docs/markdown/chapter3/chapter3.md#324-download-files-for-windows-event-collector)). +1. Grab the self-signed certificate authority for LME (done in step [3.2.5](docs/markdown/chapter3/chapter3.md#325-download-files-for-windows-event-collector)). 2. Have our clients trust the certificate authority (see command below). This will trust the self signed cert and any other certificates it signs. If this certificate is stolen by an attacker, they can use it to trick your browser into trusting any website they setup. Make sure this cert is kept safe and secure. From 6800f54e7ecb5a0070d231e581945ab126faf4e1 Mon Sep 17 00:00:00 2001 From: Dmytro Korzhevin Date: Mon, 20 Nov 2023 14:01:21 -0500 Subject: [PATCH 21/29] Update chapter3.md (#29) * Update chapter3.md Changed winlogbeat 8.5.0 link to one, that allows user to download not only zip, but also sha512 control sum and also choose between zip and MSI. * Update chapter3.md Changed Winlogbeat to 8.11.1 --- docs/markdown/chapter3/chapter3.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/markdown/chapter3/chapter3.md b/docs/markdown/chapter3/chapter3.md index d389d288..e518f36b 100644 --- a/docs/markdown/chapter3/chapter3.md +++ b/docs/markdown/chapter3/chapter3.md @@ -248,7 +248,7 @@ These are certificates, keys, and configuration files required for the Event Col **Download winlogbeat:** -You will also require the latest supported version of `Winlogbeat`. You can download it as a zip file from Elastic's website [here](https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-8.5.0-windows-x86_64.zip). **The current version officially supported by LME is 8.5.0.** +You will also require the latest supported version of `Winlogbeat`. You can download it as a zip or MSI file from Elastic's website [here]([https://www.elastic.co/downloads/past-releases/winlogbeat-8-11-1](https://www.elastic.co/downloads/past-releases/winlogbeat-8-11-1)). **The current version officially supported by LME is 8.11.1.** ### 3.3.2 Install Winlogbeat On the Windows Event Collector server extract the 'files_for_windows.zip' archive and copy the 'lme' folder (contained within 'tmp' inside the extracted files) to the following location: From 4fd3eb71a1e0e8b7cc6fa34867f5e52452a499c8 Mon Sep 17 00:00:00 2001 From: Clint Baxley Date: Mon, 20 Nov 2023 16:01:52 -0500 Subject: [PATCH 22/29] Update the readmes to delete old dashboards and import new ones. (#54) Co-authored-by: Clint Baxley --- Chapter 4 Files/dashboards/Readme.md | 15 ++++++++++++++- docs/markdown/maintenance/upgrading.md | 6 +++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/Chapter 4 Files/dashboards/Readme.md b/Chapter 4 Files/dashboards/Readme.md index bc12cdd4..47f0afd3 100644 --- a/Chapter 4 Files/dashboards/Readme.md +++ b/Chapter 4 Files/dashboards/Readme.md @@ -6,7 +6,20 @@ ./dashboard_update.sh ``` -## Exporting dashboards: +### Updating to new dashboards and removing old ones (Starting with 1.1.0) +Browse to `Kibana->Stack Management` then select `Saved Objects`. +On the Saved Objects page, you can filter by dashboards. + +Select the filter `Type` and select `dashboard`. + +* It is suggested that you export the dashboards first (readme below) so you have a backup. +You can delete all of the dashboards before importing the new ones. + +After having backed up the dashboards and deleting them, you can then run +`dashboard_update.sh` in the `/opt/lme` directory. + + +### Exporting dashboards: It is recommended that you export your dashboards before updating them, especially if you have customized them or created new ones. To export the dashboards use the `export_dashboards.py` file in the Chapter 4 directory. It is easiest to export them from the ubuntu machine where you have installed the ELK stack because the diff --git a/docs/markdown/maintenance/upgrading.md b/docs/markdown/maintenance/upgrading.md index 5cdc2a00..0708be93 100644 --- a/docs/markdown/maintenance/upgrading.md +++ b/docs/markdown/maintenance/upgrading.md @@ -7,7 +7,11 @@ Below you can find the upgrade paths that are currently supported and what steps Applying these changes is automated for any new installations. But, if you have an existing installation, you need to conduct some extra steps. **Before performing any of these steps it is advised to take a backup of the current installation using the method described [here](/docs/markdown/maintenance/backups.md).** -### 1.1 Upgrade from v0.5 +### 1.1 Upgrade from v1.0.0 +You may want to delete and reimport the dashboards on upgrade from 1.0.0 to 1.1.0. [Updating dashboards](/Chapter%204%20Files/dashboards/Readme.md). This way you are not left with old dashboards when you export. + + +### 1.2 Upgrade from v0.5 Since LME's transition from the NCSC to CISA, the location of the LME repository has changed from `https://github.com/ukncsc/lme` to `https://github.com/cisagov/lme`. To obtain any further updates to LME on the ELK server, you will need to transition to the new git repository. Because vital configuration files are stored within the same folder as the git repo, it's simpler to copy the old LME folder to a different location, clone the new repo, copy the files and folders unique to your system, and then optionally delete the old folder. You can do this by running the following commands: From fb4058eea83be7a1271728f8a31bced616265178 Mon Sep 17 00:00:00 2001 From: Dmytro Korzhevin Date: Mon, 20 Nov 2023 16:51:55 -0500 Subject: [PATCH 23/29] Update Uninstall_Sysmon64.ps1 (#27) Check if Sysmon is installed, run the uninstall command with elevated privileges, and handle potential errors. Remove the Sysmon executable if the uninstallation is successful. --- .../SCCM Deployment/Uninstall_Sysmon64.ps1 | 21 ++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 b/Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 index b0ee57be..85a92f3e 100644 --- a/Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 +++ b/Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 @@ -1,5 +1,16 @@ -## Sysinternals Sysmon64.exe Uninstaller -# Perform automated uninstall -& C:\Windows\Sysmon64.exe -u -# House keep remaining file -Remove-Item C:\Windows\Sysmon64.exe \ No newline at end of file +## Sysinternals Sysmon64.exe Uninstaller +# Check if Sysmon is installed +if (Test-Path "C:\Windows\Sysmon64.exe") { + try { + # Perform automated uninstall with elevated privileges + Start-Process "C:\Windows\Sysmon64.exe" -ArgumentList "-u" -Verb RunAs -Wait + + # Housekeep remaining file + Remove-Item "C:\Windows\Sysmon64.exe" -Force + Write-Output "Sysmon uninstalled and removed successfully." + } catch { + Write-Error "Error occurred during Sysmon uninstallation: $_" + } +} else { + Write-Warning "Sysmon is not installed." +} From 9d09c4d1876c085ed98f55279b430a9c23e61ad8 Mon Sep 17 00:00:00 2001 From: Michael Reeves <147089975+mreeve-snl@users.noreply.github.com> Date: Tue, 21 Nov 2023 09:33:45 -0500 Subject: [PATCH 24/29] Deploy upgrade 1.1.0 (#58) * adding in upgrade command to go from 1.0 -> 1.1.0 * pushing upgrade notes * adding updates to deploy.sh for upgrading 1.0 -> 1.1.0 --- .gitignore | 11 ++ Chapter 3 Files/.gitignore | 1 + Chapter 3 Files/deploy.sh | 165 ++++++++++++++++++++----- docs/markdown/maintenance/upgrading.md | 24 ++++ 4 files changed, 167 insertions(+), 34 deletions(-) create mode 100644 Chapter 3 Files/.gitignore diff --git a/.gitignore b/.gitignore index 476d50a7..5b650322 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,14 @@ /.vscode/ /Chapter 4 Files/*.dumped.ndjson /Chapter 4 Files/exported/ + +#created files should be ignored: +Chapter 3 Files/certs/ +Chapter 3 Files/docker-compose-stack-live.yml +Chapter 3 Files/logstash.edited.conf +Chapter 3 Files/logstash_custom.conf +LME/ +dashboard_update.sh +files_for_windows.zip +lme.conf +lme_update.sh diff --git a/Chapter 3 Files/.gitignore b/Chapter 3 Files/.gitignore new file mode 100644 index 00000000..750e3bcb --- /dev/null +++ b/Chapter 3 Files/.gitignore @@ -0,0 +1 @@ +*-live.* diff --git a/Chapter 3 Files/deploy.sh b/Chapter 3 Files/deploy.sh index 3459390f..29779379 100755 --- a/Chapter 3 Files/deploy.sh +++ b/Chapter 3 Files/deploy.sh @@ -3,36 +3,38 @@ # LME Deploy Script # ############################ # This script configures a host for LME including generating certificates and populating configuration files. +DATE="$(date '+%Y-%m-%d-%H:%M:%S')" #prompt for y/n prompt() { - if [ -z "$1" ]; - then - str="Are you sure?" - else - str=$1 - fi - - while true - do - read -r -p "$str? [Y/n] " input - - case $input in - [yY][eE][sS]|[yY]) - return 0 #true - break - ;; - [nN][oO]|[nN]) - return 1 #false - break - ;; - *) - echo "Invalid input..." - ;; - esac - done + if [ -z "$1" ]; + then + str="Are you sure?" + else + str=$1 + fi + + while true + do + read -r -p "$str? [Y/n] " input + + case $input in + [yY][eE][sS]|[yY]) + return 0 #true + break + ;; + [nN][oO]|[nN]) + return 1 #false + break + ;; + *) + echo "Invalid input..." + ;; + esac + done } + function customlogstashconf() { #add option for custom logstash config CUSTOM_LOGSTASH_CONF=/opt/lme/Chapter\ 3\ Files/logstash_custom.conf @@ -480,6 +482,43 @@ function pipelineupdate() { ' } +function compose_upgrade() { + #vars: + old_old_live="/opt/lme/Chapter 3 Files/docker-compose-stack-live.yml" + old_live="/opt/lme/Chapter 3 Files/docker-compose-stack-live.yml.old-$(echo -n $version | sed 's/\./-/g')-$DATE" + new_template="/opt/lme/Chapter 3 Files/docker-compose-stack.yml" + new_live="/opt/lme/Chapter 3 Files/docker-compose-stack-live.yml" + + echo -e "\e[32m[X]\e[0m Upgrading $new_live, backing up $old_old_live to $old_live" + + #Update Docker Config + #Move old docker config to .old + cp "$old_old_live" "$old_live" + #copy new git version + cp "$new_template" "$new_live" + + # copy ramcount into var + Ram_from_conf="$(grep -P -o "(?<=Xms)\d+" "$old_live")" + # update Config file with ramcount + sed -i "s/ram-count/$Ram_from_conf/g" "$new_live" + # copy elastic pass into var + Kibanapass_from_conf="$(grep -P -o "(?<=ELASTICSEARCH_PASSWORD: ).*" "$old_live")" + #update config with kibana password + sed -i "s/insertkibanapasswordhere/$Kibanapass_from_conf/g" "$new_live" + #copy kibana encryption key + kibanakey="$(grep -P -o "(?<=XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: ).*" "$old_live")" + #update config with kibana key + sed -i "s/kibanakey/$kibanakey/g" "$new_live" + # copy publicbaseurl + baseurl_from_conf="$(grep -P -o "(?<=SERVER_PUBLICBASEURL: ).*" "$old_live")" + #update config with publicbaseurl + if [ -n "$baseurl_from_conf" ] && [ "$baseurl_from_conf" != "insertpublicurlhere" ]; then + sed -i "s,insertpublicurlhere,$baseurl_from_conf,g" "$new_live" + elif [ -n "$hostname" ]; then + sed -i "s/insertpublicurlhere/https:\/\/$hostname/g" "$new_live" + fi +} + function data_retention() { #show ext4 disk DF_OUTPUT="$(df -h -l -t ext4 --output=source,size /var/lib/docker)" @@ -606,6 +645,27 @@ function configelasticsearch() { curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X PUT "https://127.0.0.1:9200/_all/_settings" -H 'Content-Type: application/json' -d '{"index" : {"number_of_replicas" : 0}}' } +function set_version() { + new_version=$1 + replace_string="s/([0-9]+)\.([0-9]+)(\.[0-9]+)?/$new_version/g" + sed -i -E $replace_string /opt/lme/lme.conf +} + +function write_update_scripts() { + update_user_pass=$1 + + echo $update_user_pass + + cp dashboard_update.sh /opt/lme/ + chmod 700 /opt/lme/dashboard_update.sh + + echo -e "\e[32m[X]\e[0m Updating dashboard update configuration with dashboard update user credentials" + sed -i "s/dashboardupdatepassword/$update_user_pass/g" /opt/lme/dashboard_update.sh + + cp lme_update.sh /opt/lme/ + chmod 700 /opt/lme/lme_update.sh +} + function writeconfig() { echo -e "\n\e[32m[X]\e[0m Writing LME Config" #write LME version @@ -755,13 +815,13 @@ function install() { if [ "$old_elastic_user_pass" == "y" ]; then - res= false - while [ ! $res ];do - read -e -p "PASSWORD: " OLD_ELASTIC_PASS - prompt "confirm password \"$OLD_ELASTIC_PASS\"" - res=$? - done - fi + res= false + while [ ! $res ];do + read -e -p "PASSWORD: " OLD_ELASTIC_PASS + prompt "confirm password \"$OLD_ELASTIC_PASS\"" + res=$? + done + fi if [ "$selfsignedyn" == "y" ]; then #make certs @@ -904,6 +964,9 @@ function uninstall() { } function upgrade() { + #TODO: get current/latest from git + latest="1.1.0" + #check if the config file we're now creating on new installs exists if [ -r /opt/lme/lme.conf ]; then #reference this file as a source @@ -975,8 +1038,42 @@ function upgrade() { fi zipfiles fixreadability - elif [ "$version" == "1.0" ]; then - echo -e "\e[32m[X]\e[0m You're on 1.0 the latest version!" + elif [[ ("$version" == "1.0.0" || "$version" == "1.0") ]]; then + echo -e "\e[32m[X]\e[0m You're on $version Time to upgrade to $latest" + + echo -e "\e[32m[X]\e[0m Updating from git repo" + git -C /opt/lme/ pull + + echo -e "\e[32m[X]\e[0m Removing existing Docker stack" + docker stack rm lme + + echo -e "\e[32m[X]\e[0m Sleeping for one minute to allow Docker actions to complete..." + sleep 1m + + #Update Docker Config + compose_upgrade + + #Update update_scripts + upgradepass="$(grep -o -P '(?<=dashboard_update:)[0-9A-Za-z]+' /opt/lme/dashboard_update.sh)" + write_update_scripts $upgradepass + + #deploy: + echo -e "\e[32m[X]\e[0m Pulling newest images" + docker pull elasticsearch:8.11.1 + docker pull kibana:8.11.1 + docker pull logstash:8.11.1 + + echo -e "\e[32m[X]\e[0m Deploying LME" + deploylme + + #finaly dashbaord_update + /opt/lme/dashboard_update.sh + + #now updated :) + set_version "1.1.0" + + elif [ "$version" == $latest ]; then + echo -e "\e[32m[X]\e[0m You're on $version the latest version!" else echo -e "\e[31m[!]\e[0m Updating directly to LME 1.0 from versions prior to 0.5.1 is not supported. Update to 0.5.1 first." fi diff --git a/docs/markdown/maintenance/upgrading.md b/docs/markdown/maintenance/upgrading.md index 0708be93..18cf09f4 100644 --- a/docs/markdown/maintenance/upgrading.md +++ b/docs/markdown/maintenance/upgrading.md @@ -8,6 +8,30 @@ Below you can find the upgrade paths that are currently supported and what steps Applying these changes is automated for any new installations. But, if you have an existing installation, you need to conduct some extra steps. **Before performing any of these steps it is advised to take a backup of the current installation using the method described [here](/docs/markdown/maintenance/backups.md).** ### 1.1 Upgrade from v1.0.0 +This upgrade assumes your `/opt/lme` directory is on the `main` branch, which it will be by default. To confirm this run the command below. You may need to run as `sudo` depending if you installed lme as root (which is the default instructions). + +``` +cd /opt/lme/ +git status +``` + +You should see the output like below: +``` +On branch main +Your branch is up to date with 'origin/main'. +``` + +This upgrade does the following: +1. pulls the new updates to the `main` branch using git (if this step fails, git pull manually, and rerun) +2. removes the lme stack so it can be reset with the new updates +3. upgrades the compose live file +4. upgrades the lme_update and dashboard_update files +5. docker pull's elastic `8.11.1` +6. redeploy's LME +7. Update's LME's dashboards +8. Sets the version in lme.conf: `1.1.0` + +#### Optional step: You may want to delete and reimport the dashboards on upgrade from 1.0.0 to 1.1.0. [Updating dashboards](/Chapter%204%20Files/dashboards/Readme.md). This way you are not left with old dashboards when you export. From d6767be282981634f7979d7151d42fdbe82d7e3c Mon Sep 17 00:00:00 2001 From: Michael Reeves <147089975+mreeve-snl@users.noreply.github.com> Date: Tue, 21 Nov 2023 09:58:31 -0500 Subject: [PATCH 25/29] adding CONTRIBUTING.md,RELEASES.md, and Custom PR-Template (#41) * adding Contribution and release documentation to help standardize these processes * Update CONTRIBUTING.md fixed typos. * documenting PR template to standardize and streamline Pull Requests * adding a few more changes * adding formatting changes * Rename pull_request_template.md to pull_request_template.md Actually renamed directory PULL_REUQEST_TEMPLATE to PULL_REQUEST_TEMPLATE --------- Co-authored-by: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com> --- .../pull_request_template.md | 39 ++++++++++++++++ CONTRIBUTING.md | 45 +++++++++++++++++++ RELEASES.md | 43 ++++++++++++++++++ 3 files changed, 127 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE/pull_request_template.md create mode 100644 CONTRIBUTING.md create mode 100644 RELEASES.md diff --git a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md b/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md new file mode 100644 index 00000000..12d7fd5a --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md @@ -0,0 +1,39 @@ + +## 🗣 Description ## + + + +### 💭 Motivation and context + + + + + + +### 📷 Screenshots (DELETE IF UNAPPLICABLE) + +## 🧪 Testing + + + + + +## ✅ Pre-approval checklist ## + +- [ ] Changes are limited to a single goal **AND** + the title reflects this in a clear human readable format +- [ ] I have read and agree to LME's [CONTRIBUTING.md](https://github.com/cisagov/LME/CONTRIBUTING.md) document. +- [ ] The PR adheres to LME's requirements in [RELEASES.md](https://github.com/cisagov/LME/RELEASES.md#steps-to-submit-a-PR) +- [ ] These code changes follow [cisagov code standards](https://github.com/cisagov/development-guide). +- [ ] All relevant repo and/or project documentation has been updated to reflect the changes in this PR. + +## ✅ Pre-merge Checklist + +- [ ] All tests pass +- [ ] PR has been tested and the documentation for testing is above + +## ✅ Post-merge Checklist + +- [ ] Squash all commits into one PR level commit +- [ ] Delete the branch to keep down number of branches + diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..0b5672de --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,45 @@ +# Welcome # + +We're so glad you're thinking about contributing to this open-source project! If you're unsure or hesitant to make a recommendation, just ask, submit the issue, or pull request. The worst that can happen is that you'll be politely asked to change something. We appreciate any sort of contribution(s), and don't want a wall of rules to stifle innovation. + +Before contributing, we encourage you to read our CONTRIBUTING policy (you are here), our LICENSE, and our README, all of which are in this repository. + +## Issues + +If you want to report a bug or request a new feature, the most direct method is to [create an issue](https://github.com/cisagov/development-guide/issues) in this repository. +We recommend that you first search through existing issues (both open and closed) to check if your particular issue has already been reported. + +If it has then you might want to add a comment to the existing issue. + +If it hasn't then feel free to create a new one. + +Please follow the provided template and fill out all sections. We have a `BUG` and `FEATURE REQUEST` Template + +## Pull Requests (PR) + +If you choose to submit a pull request, it will be required to pass various sanity checks in our continuous integration (CI) pipeline, before we merge it. Your pull request may fail these checks, and that's OK. If you want you can stop there and wait for us to make the necessary corrections to ensure your code passes the CI checks, you're more than within your rights; however, it helps our team greatly if you fix the issues found by our CI pipeline. + +Below are some loose requirements we'd like all PR's to follow. Our release process is documented in [Releases](releases.md). + +### Quality assurance and code reviews + +All PRs will be tested, vetted, and reviewed by our team before being merged with the main code base. All should be pull requested into whatever the upcoming release branch is. Find that by searching for the highest SEMVER `release-X.Y.Z` branch or following our release documentation. + +### Steps to submit a PR + - All PRs should request merges back into LME's *CLOSEST* Major or Minor upcoming release branch `release-X.Y.Z`. This will be viewable in the branch list on Github. You can also refer to our release documentation for guidance. + - If the PR corresponds to an issue we are already tracking on LME's public Github [project](https://github.com/orgs/cisagov/projects/68), please comment the PR in the issue, and we will update the issue. + - If the PR does not have an issue, please add a comment at the top of the pull request describing the PR and how it fits into LME's project/code. If the PR follows our other requirements listed here, we'll add it into our public project linked previously. + - We'll work with you to mold it to our development goals/process, so your work can be merged into LME and your Github profile gets credit for the contributions. + - Before merging we request that all commits be squashed into one commit. This way your changes to the repository are tracked, but our `git log` history does not rapidly expand. + - Thanks for wanting to submit and develop improvements for LME!! + +## Public domain + +This project is in the public domain within the United States, and +copyright and related rights in the work worldwide are waived through +the [CC0 1.0 Universal public domain +dedication](https://creativecommons.org/publicdomain/zero/1.0/). + +All contributions to this project will be released under the CC0 +dedication. By submitting a pull request, you are agreeing to comply +with this waiver of copyright interest. diff --git a/RELEASES.md b/RELEASES.md new file mode 100644 index 00000000..a1e6c27c --- /dev/null +++ b/RELEASES.md @@ -0,0 +1,43 @@ +# Release Workflow: + +## SEMVER Number Decisions + +Our versioning scheme for LME adheres to [SEMVER 2.0](https://semver.org/): X.Y.Z (Major.Minor.Patch). +The patch versions will generally adhere to the following guidelines: +1. Major SEMVER: Denotes a major release, e.g., a new capability, or LME architecture change. +2. Minor SEMVER: Denotes updates which are less than major but introduces noticeable changes. +3. Patch SEMVER: Fix bug issues or vulnerability issues but do not introduce new features or updates. + +### Timelines + +Development lifecycle timelines will vary depending on project goals, tasking, community contributions, and vision. + + +## Current Release Branch: +To determine the current release branch, it will either be clearly documented in our wiki or on our public [project](https://github.com/orgs/cisagov/projects/68) board. The below example can also be used to determine our current release branch. + +- For example, if the current latest release (as seen on the main [README](/README.md)) version `1.1.0`, and the `release-*` branches are: `release-1.1.1` and `release-1.2.0` then the `1.2.0` branch would be the branch where submit the PR, since it is the closest release that is a Major or Minor release, while 1.1.1 is a patch release. + +- All `release-*` have various branch protections enabled, and will require review by the development team before being merged. +The team requests a brief description if one submits a fix for a current issue on the public project, that context will allow us to help determine if it warrants inclusion. If the PR is well documented following our processes in our CONTRIBUTING.md, it will most likely be worked into LME. We value inclusion and recognize the importance of the open-source community. + +## Content: + +Each release generally notes the Additions, Changes, and Fixes addressed in the release and the contributors that provided code for the release. Additionally, relevant builds of the release will be attached with the release. Tagging the release will correspond with its originating branch's SEMVER number. + +## Update Process: +Developments and changes will accrue in a release-X.Y.Z branch according to the level of the release as documented in [Pull Requests](#pull-requests). The process of merging all changes into a release branch and preparing it for release is documented below. + +### Code Freeze: +Each code freeze will have an announced end date/time in accordance with our public [project](https://github.com/orgs/cisagov/projects/68). Any PRs with new content will need to be in by the announced time in order to be included into the release. + +### Steps: + +1. Goals/changes/updates to LME will be tracked in LME's public [project](https://github.com/orgs/cisagov/projects/68). These updates to LME will be tracked by pull requests (and may be backed by corresponding issues for documentation purposes for documentation purposes) to a specific `release-X.Y.Z` branch. +2. As commits are pushed to the PRs set to pull into a release branch, we will determine a time to cease developments. When its determined the features developed in a `release` branch meet a goal or publish point, we will merge all the release's PR's into one combined state onto the `release-.X.Y.Z` branch. This will make sure all testing happens from a unified branch state, and will minimize the number of merge conflicts that occur, easing coordination of merge conflicts. +3. Once all work has been merged into an initial release, we will mark the pull request for the release with a `code freeze` label to denote that the release is no longer excepting new features/developments/etc...., all PRs that commit to the release branch should only be to fix breaking changes or failed tests. We’ll also invite the community to pull the frozen `release` branch to test and validate if the new changes cause issues in their environment. +4. Finally, when all testing and community feedback is complete we'll merge into main with a new tag denoting the `release-X.Y.Z` SEMVER value `X.Y.Z`. + +### Caveats: +Major or Minor SEMVER LME versions will only be pushed to `main` with testing and validation of code to ensure stability and compatibility. However, new major changes will not always be backwards compatible. + From 8269646f7d346cc3a34585503daa6952ecbd4914 Mon Sep 17 00:00:00 2001 From: "mreeve.snl" Date: Tue, 21 Nov 2023 18:22:48 +0000 Subject: [PATCH 26/29] remove updates that break the installation process, need more refactoring/testing before we can push these changes --- .../SCCM Deployment/Uninstall_Sysmon64.ps1 | 21 +- Chapter 3 Files/dashboard_update.sh | 51 +-- Chapter 3 Files/deploy.sh | 322 ++++++------------ Chapter 3 Files/docker-compose-stack.yml | 6 +- Chapter 3 Files/lme_update.sh | 57 +--- docs/markdown/chapter3/chapter3.md | 54 +-- docs/markdown/maintenance/upgrading.md | 32 +- 7 files changed, 115 insertions(+), 428 deletions(-) diff --git a/Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 b/Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 index 85a92f3e..b0ee57be 100644 --- a/Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 +++ b/Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 @@ -1,16 +1,5 @@ -## Sysinternals Sysmon64.exe Uninstaller -# Check if Sysmon is installed -if (Test-Path "C:\Windows\Sysmon64.exe") { - try { - # Perform automated uninstall with elevated privileges - Start-Process "C:\Windows\Sysmon64.exe" -ArgumentList "-u" -Verb RunAs -Wait - - # Housekeep remaining file - Remove-Item "C:\Windows\Sysmon64.exe" -Force - Write-Output "Sysmon uninstalled and removed successfully." - } catch { - Write-Error "Error occurred during Sysmon uninstallation: $_" - } -} else { - Write-Warning "Sysmon is not installed." -} +## Sysinternals Sysmon64.exe Uninstaller +# Perform automated uninstall +& C:\Windows\Sysmon64.exe -u +# House keep remaining file +Remove-Item C:\Windows\Sysmon64.exe \ No newline at end of file diff --git a/Chapter 3 Files/dashboard_update.sh b/Chapter 3 Files/dashboard_update.sh index 970e1881..c00e276c 100644 --- a/Chapter 3 Files/dashboard_update.sh +++ b/Chapter 3 Files/dashboard_update.sh @@ -4,45 +4,6 @@ IFS=$'\n' Dashboards="$(ls -1 ${LME_DIR}Chapter\ 4\ Files/dashboards/*.ndjson)" echo $Dashboards -# -------------- cron job automatic logger code START -------------- - -# See my ans: https://stackoverflow.com/a/60157372/4561887 -FULL_PATH_TO_SCRIPT="$(realpath "${BASH_SOURCE[-1]}")" -SCRIPT_DIRECTORY="$(dirname "$FULL_PATH_TO_SCRIPT")" -SCRIPT_FILENAME="$(basename "$FULL_PATH_TO_SCRIPT")" - -LOG_DIR=/var/log/cron_logs -mkdir -p $LOG_DIR -DATE="$(date '+%Y-%m-%d-%H:%M:%S')" - -# Automatically log the output of this script to a file! -begin_logging() { - - # Redirect all future prints in this script from this call-point forward to - # both the screen and a log file! - # - # This is about as magic as it gets! This line uses `exec` + bash "process - # substitution" to redirect all future print statements in this script - # after this line from `stdout` to the `tee` command used below, instead. - # This way, they get printed to the screen *and* to the specified log file - # here! The `2>&1` part redirects `stderr` to `stdout` as well, so that - # `stderr` output gets logged into the file too. - # See: - # 1. *****+++ https://stackoverflow.com/a/49514467/4561887 - - # shows `exec > >(tee $LOG_FILE) 2>&1` - # 1. https://superuser.com/a/569315/425838 - shows `exec &>>` (similar) - exec > >(tee -a "${LOG_DIR}/${SCRIPT_FILENAME}"+$DATE".log") 2>&1 - - echo "" - echo "=====================================================================" - echo "Running cronjob \"$FULL_PATH_TO_SCRIPT\"" - echo "on $DATE" - echo "Cmd: $0 $@" - echo "=====================================================================" -} - - -main() { if [ -r /opt/lme/lme.conf ]; then #reference this file as a source . /opt/lme/lme.conf @@ -51,7 +12,7 @@ if [ -r /opt/lme/lme.conf ]; then echo -e "\e[32m[X]\e[0m Updating from git repo" git -C /opt/lme/ pull #make sure the hostname variable is present - echo -e "\e[32m[X]\e[0m Updating dashbaords in Kibana" + #echo -e "\e[32m[X]\e[0m Updating stored dashboard file" if [ -n "$hostname" ]; then echo -e "\e[32m[X]\e[0m Uploading the new dashboards to Kibana" @@ -64,13 +25,3 @@ if [ -r /opt/lme/lme.conf ]; then fi fi fi -} - -# ------------------------------------------------------------------------------ -# main program entry point -# ------------------------------------------------------------------------------ -if [ "$1" == "log" ]; -then - begin_logging "$@" -fi -time main "$@" diff --git a/Chapter 3 Files/deploy.sh b/Chapter 3 Files/deploy.sh index 29779379..a39c5832 100755 --- a/Chapter 3 Files/deploy.sh +++ b/Chapter 3 Files/deploy.sh @@ -3,38 +3,36 @@ # LME Deploy Script # ############################ # This script configures a host for LME including generating certificates and populating configuration files. -DATE="$(date '+%Y-%m-%d-%H:%M:%S')" #prompt for y/n prompt() { - if [ -z "$1" ]; - then - str="Are you sure?" - else - str=$1 - fi - - while true - do - read -r -p "$str? [Y/n] " input - - case $input in - [yY][eE][sS]|[yY]) - return 0 #true - break - ;; - [nN][oO]|[nN]) - return 1 #false - break - ;; - *) - echo "Invalid input..." - ;; - esac - done + if [ -z "$1" ]; + then + str="Are you sure?" + else + str=$1 + fi + + while true + do + read -r -p "$str? [Y/n] " input + + case $input in + [yY][eE][sS]|[yY]) + return 0 #true + break + ;; + [nN][oO]|[nN]) + return 1 #false + break + ;; + *) + echo "Invalid input..." + ;; + esac + done } - function customlogstashconf() { #add option for custom logstash config CUSTOM_LOGSTASH_CONF=/opt/lme/Chapter\ 3\ Files/logstash_custom.conf @@ -103,19 +101,10 @@ function setpasswords() { temp=$OLD_ELASTIC_PASS fi - echo -e "\e[32m[X]\e[0m Waiting for Elasticsearch to be ready" - max_attempts=60 - attempt=0 - while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' --cacert certs/root-ca.crt --user elastic:${temp} https://127.0.0.1:9200)" != "200" ]]; do - printf '.' + echo -e "\e[32m[X]\e[0m Waiting for elasticsearch to be ready" + while [[ "$(curl --cacert certs/root-ca.crt --user elastic:${temp} -s -o /dev/null -w ''%{http_code}'' https://127.0.0.1:9200)" != "200" ]]; do sleep 1 - ((attempt++)) - if ((attempt > max_attempts)); then - echo "Elasticsearch is not responding after $max_attempts attempts - exiting." - exit 1 - fi done - echo "Elasticsearch is up and running." echo -e "\e[32m[X]\e[0m Setting elastic user password" curl --cacert certs/root-ca.crt --user elastic:${temp} -X POST "https://127.0.0.1:9200/_security/user/elastic/_password" -H 'Content-Type: application/json' -d' { "password" : "'"$elastic_user_pass"'"} ' @@ -171,7 +160,6 @@ function zipfiles() { zip -rmT /opt/lme/files_for_windows.zip /tmp/lme # Give global read permissions to new archive for later retrieval chmod 664 /opt/lme/files_for_windows.zip - } function generateCA() { @@ -421,6 +409,22 @@ get_distribution() { echo "$lsb_dist" } +#DEPRECATED +#function dashboard_update() { +# echo -e "\e[32m[X]\e[0m Creating dashboard update crontab" +# crontab -l | { +# cat +# echo "0 1 * * * /opt/lme/dashboard_update.sh" +# } | crontab - +#} +#DEPRECATED +#function auto_lme_update() { +# echo -e "\e[32m[X]\e[0m Creating LME update crontab" +# crontab -l | { +# cat +# echo "30 1 * * * /opt/lme/lme_update.sh" +# } | crontab - +#} function indexmappingupdate() { echo -e "\n\e[32m[X]\e[0m Uploading the LME index template" @@ -482,43 +486,6 @@ function pipelineupdate() { ' } -function compose_upgrade() { - #vars: - old_old_live="/opt/lme/Chapter 3 Files/docker-compose-stack-live.yml" - old_live="/opt/lme/Chapter 3 Files/docker-compose-stack-live.yml.old-$(echo -n $version | sed 's/\./-/g')-$DATE" - new_template="/opt/lme/Chapter 3 Files/docker-compose-stack.yml" - new_live="/opt/lme/Chapter 3 Files/docker-compose-stack-live.yml" - - echo -e "\e[32m[X]\e[0m Upgrading $new_live, backing up $old_old_live to $old_live" - - #Update Docker Config - #Move old docker config to .old - cp "$old_old_live" "$old_live" - #copy new git version - cp "$new_template" "$new_live" - - # copy ramcount into var - Ram_from_conf="$(grep -P -o "(?<=Xms)\d+" "$old_live")" - # update Config file with ramcount - sed -i "s/ram-count/$Ram_from_conf/g" "$new_live" - # copy elastic pass into var - Kibanapass_from_conf="$(grep -P -o "(?<=ELASTICSEARCH_PASSWORD: ).*" "$old_live")" - #update config with kibana password - sed -i "s/insertkibanapasswordhere/$Kibanapass_from_conf/g" "$new_live" - #copy kibana encryption key - kibanakey="$(grep -P -o "(?<=XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: ).*" "$old_live")" - #update config with kibana key - sed -i "s/kibanakey/$kibanakey/g" "$new_live" - # copy publicbaseurl - baseurl_from_conf="$(grep -P -o "(?<=SERVER_PUBLICBASEURL: ).*" "$old_live")" - #update config with publicbaseurl - if [ -n "$baseurl_from_conf" ] && [ "$baseurl_from_conf" != "insertpublicurlhere" ]; then - sed -i "s,insertpublicurlhere,$baseurl_from_conf,g" "$new_live" - elif [ -n "$hostname" ]; then - sed -i "s/insertpublicurlhere/https:\/\/$hostname/g" "$new_live" - fi -} - function data_retention() { #show ext4 disk DF_OUTPUT="$(df -h -l -t ext4 --output=source,size /var/lib/docker)" @@ -645,27 +612,6 @@ function configelasticsearch() { curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X PUT "https://127.0.0.1:9200/_all/_settings" -H 'Content-Type: application/json' -d '{"index" : {"number_of_replicas" : 0}}' } -function set_version() { - new_version=$1 - replace_string="s/([0-9]+)\.([0-9]+)(\.[0-9]+)?/$new_version/g" - sed -i -E $replace_string /opt/lme/lme.conf -} - -function write_update_scripts() { - update_user_pass=$1 - - echo $update_user_pass - - cp dashboard_update.sh /opt/lme/ - chmod 700 /opt/lme/dashboard_update.sh - - echo -e "\e[32m[X]\e[0m Updating dashboard update configuration with dashboard update user credentials" - sed -i "s/dashboardupdatepassword/$update_user_pass/g" /opt/lme/dashboard_update.sh - - cp lme_update.sh /opt/lme/ - chmod 700 /opt/lme/lme_update.sh -} - function writeconfig() { echo -e "\n\e[32m[X]\e[0m Writing LME Config" #write LME version @@ -706,37 +652,23 @@ function zipnewcerts() { zip -rmT /opt/lme/new_client_certificates.zip /tmp/lme } -function update() { - read -e -p "Do you want to automatically upgrade LME ([y]es/[n]o): " -i "y" autoupdate_enabled - if [ "$autoupdate_enabled" == "y" ]; then - echo -e "**Before proceeding**: Use https://crontab.cronhub.io/ to create a crontab expression.\nPress Any key to continue when done. (Enter) " - read - - echo -e "\e[33m[X]\e[0m Enabling LME Automatic Update" - read -e -p "Specify the crontab entry in quotes: " -i "\"0 1 * * *\"" crb - crb="$(echo "$crb" | tr -d \")" - echo -e "\e[32m[X]\e[0m Creating lme_update with crontab: $crb" - echo -e "\e[32m[X]\e[0m Creating LME update crontab" - crontab -l | { - cat - echo -e "$crb\t/opt/lme/lme_update.sh log" - } | crontab - - - fi - - read -e -p "Do you want to automatically update Dashboards ([y]es/[n]o): " -i "y" dashboardupdate_enabled - if [ "$dashboardupdate_enabled" == "y" ]; then - echo -e "\e[32m[X]\e[0m Enabling Dashboard Automatic Update" - read -e -p "Specify the crontab entry in quotes: " -i "\"0 1 * * *\"" crb - crb="$(echo "$crb" | tr -d \")" - echo -e "\e[32m[X]\e[0m Creating dashboard update with crontab: $crb" - crontab -l | { - cat - echo -e "$crb\t/opt/lme/dashboard_update.sh log" - } | crontab - - fi -} - +#Deprecated +#function promptupdate() { +# read -e -p "Do you want to automatically update LME ([y]es/[n]o): " -i "y" autoupdate_enabled +# if [ "$autoupdate_enabled" == "y" ]; then +# echo -e "\e[32m[X]\e[0m Enabling LME Automatic Update" +# #cron lme update +# auto_lme_update +# +# read -e -p "Do you want to automatically update Dashboards ([y]es/[n]o): " -i "y" dashboardupdate_enabled +# if [ "$dashboardupdate_enabled" == "y" ]; then +# echo -e "\e[32m[X]\e[0m Enabling Dashboard Automatic Update" +# #cron dash update +# dashboard_update +# fi +# fi +#} +# function bootstrapindex() { if [[ "$(curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -s -o /dev/null -w ''%{http_code}'' https://127.0.0.1:9200/winlogbeat-000001)" != "200" ]]; then @@ -758,16 +690,6 @@ function bootstrapindex() { function fixreadability() { cd /opt/lme/ chmod -077 -R . - - #some permissions to help with seeing files - chown root:sudo /opt/lme/ - chmod 750 /opt/lme/ - chmod 644 files_for_windows.zip - - #fix backups - chown -R 1000:1000 /opt/lme/backups - chmod -R go-rwx /opt/lme/backups - } function install() { @@ -815,13 +737,13 @@ function install() { if [ "$old_elastic_user_pass" == "y" ]; then - res= false - while [ ! $res ];do - read -e -p "PASSWORD: " OLD_ELASTIC_PASS - prompt "confirm password \"$OLD_ELASTIC_PASS\"" - res=$? - done - fi + res= false + while [ ! $res ];do + read -e -p "PASSWORD: " OLD_ELASTIC_PASS + prompt "confirm password \"$OLD_ELASTIC_PASS\"" + res=$? + done + fi if [ "$selfsignedyn" == "y" ]; then #make certs @@ -939,43 +861,36 @@ function uninstall() { read -e -p "Proceed ([y]es/[n]o):" -i "n" check if [ "$check" == "n" ]; then return - elif [ "$check" == "y" ];then - echo -e "\e[32m[X]\e[0m Removing Docker stack and configuration" - docker stack rm lme - docker secret rm ca.crt logstash.crt logstash.key elasticsearch.key elasticsearch.crt - docker secret rm kibana.crt kibana.key - docker config rm logstash.conf logstash_custom.conf - echo -e "\e[32m[X]\e[0m Attempting to remove legacy LME files (this will cause expected errors if these no longer exist)" - docker secret rm winlogbeat.crt winlogbeat.key nginx.crt nginx.key - docker config rm osmap.csv - echo -e "\e[32m[X]\e[0m Leaving Docker swarm" - docker swarm leave --force - echo -e "\e[32m[X]\e[0m Removing LME config files and configured auto-updates" - rm -r certs - crontab -l | sed -E '/lme_update.sh|dashboard_update.sh/d' | crontab - - echo -e "\e[33m[!]\e[0m NOTICE!" - echo -e "\e[33m[!]\e[0m No data has been deleted:" - echo -e "\e[33m[!]\e[0m - Run 'sudo docker volume rm lme_esdata' to delete the elasticsearch database" - echo -e "\e[33m[!]\e[0m - Run 'sudo docker volume rm lme_logstashdata' to delete the logstash data directory" - return - else - echo -e "\e[33m[!]\e[0m ONLY PROVIDE y or n" fi -} -function upgrade() { - #TODO: get current/latest from git - latest="1.1.0" + echo -e "\e[32m[X]\e[0m Removing Docker stack and configuration" + docker stack rm lme + docker secret rm ca.crt logstash.crt logstash.key elasticsearch.key elasticsearch.crt + docker secret rm kibana.crt kibana.key + docker config rm logstash.conf logstash_custom.conf + echo -e "\e[32m[X]\e[0m Attempting to remove legacy LME files (this will cause expected errors if these no longer exist)" + docker secret rm winlogbeat.crt winlogbeat.key nginx.crt nginx.key + docker config rm osmap.csv + echo -e "\e[32m[X]\e[0m Leaving Docker swarm" + docker swarm leave --force + echo -e "\e[32m[X]\e[0m Removing LME config files and configured auto-updates" + rm -r certs + crontab -l | sed -E '/lme_update.sh|dashboard_update.sh/d' | crontab - + echo -e "\e[33m[!]\e[0m NOTICE!" + echo -e "\e[33m[!]\e[0m No data has been deleted:" + echo -e "\e[33m[!]\e[0m - Run 'sudo docker volume rm lme_esdata' to delete the elasticsearch database" + echo -e "\e[33m[!]\e[0m - Run 'sudo docker volume rm lme_logstashdata' to delete the logstash data directory" +} +function update() { + #remove auto updates + crontab -l | sed -E '/lme_update.sh|dashboard_update.sh/d' | crontab - #check if the config file we're now creating on new installs exists if [ -r /opt/lme/lme.conf ]; then #reference this file as a source . /opt/lme/lme.conf #check if the version number is equal to the one we want if [ "$version" == "0.5.1" ]; then - #remove auto updates - crontab -l | sed -E '/lme_update.sh|dashboard_update.sh/d' | crontab - - echo -e "\e[32m[X]\e[0m Updating from git repo" git -C /opt/lme/ pull @@ -1038,45 +953,9 @@ function upgrade() { fi zipfiles fixreadability - elif [[ ("$version" == "1.0.0" || "$version" == "1.0") ]]; then - echo -e "\e[32m[X]\e[0m You're on $version Time to upgrade to $latest" - - echo -e "\e[32m[X]\e[0m Updating from git repo" - git -C /opt/lme/ pull - - echo -e "\e[32m[X]\e[0m Removing existing Docker stack" - docker stack rm lme - - echo -e "\e[32m[X]\e[0m Sleeping for one minute to allow Docker actions to complete..." - sleep 1m - - #Update Docker Config - compose_upgrade - - #Update update_scripts - upgradepass="$(grep -o -P '(?<=dashboard_update:)[0-9A-Za-z]+' /opt/lme/dashboard_update.sh)" - write_update_scripts $upgradepass - - #deploy: - echo -e "\e[32m[X]\e[0m Pulling newest images" - docker pull elasticsearch:8.11.1 - docker pull kibana:8.11.1 - docker pull logstash:8.11.1 - - echo -e "\e[32m[X]\e[0m Deploying LME" - deploylme - - #finaly dashbaord_update - /opt/lme/dashboard_update.sh - - #now updated :) - set_version "1.1.0" - - elif [ "$version" == $latest ]; then - echo -e "\e[32m[X]\e[0m You're on $version the latest version!" + fi else echo -e "\e[31m[!]\e[0m Updating directly to LME 1.0 from versions prior to 0.5.1 is not supported. Update to 0.5.1 first." - fi fi } @@ -1131,13 +1010,6 @@ function renew() { deploylme } -function usage(){ - echo -e "\e[31m[!]\e[0m Invalid operation specified" - echo "Usage: ./deploy.sh (install/uninstall/renew/upgrade/update)" - echo "Example: ./deploy.sh install" - exit 1 -} - ############ #START HERE# ############ @@ -1161,17 +1033,21 @@ cd "$DIR" || exit #What action is the user wanting to perform if [ "$1" == "" ]; then - usage + echo -e "\e[31m[!]\e[0m No operation specified" + echo "Usage: ./deploy.sh (install/uninstall/renew)" + echo "Example: ./deploy.sh install" + exit 1 elif [ "$1" == "install" ]; then install elif [ "$1" == "uninstall" ]; then uninstall -elif [ "$1" == "upgrade" ]; then - upgrade -elif [ "$1" == "renew" ]; then - renew elif [ "$1" == "update" ]; then update +elif [ "$1" == "renew" ]; then + renew else - usage + echo -e "\e[31m[!]\e[0m Invalid operation specified" + echo "Usage: ./deploy.sh (install/uninstall/renew)" + echo "Example: ./deploy.sh install" + exit 1 fi diff --git a/Chapter 3 Files/docker-compose-stack.yml b/Chapter 3 Files/docker-compose-stack.yml index 25d893d7..0fb59abd 100644 --- a/Chapter 3 Files/docker-compose-stack.yml +++ b/Chapter 3 Files/docker-compose-stack.yml @@ -5,7 +5,7 @@ version: '3.9' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.11.1 + image: docker.elastic.co/elasticsearch/elasticsearch:8.7.1 environment: - node.name=es01 # - discovery.seed_hosts=es01 @@ -65,7 +65,7 @@ services: # depends_on: # elasticsearch: # condition: service_healthy - image: docker.elastic.co/kibana/kibana:8.11.1 + image: docker.elastic.co/kibana/kibana:8.7.1 environment: SERVER_NAME: kibana ELASTICSEARCH_HOSTS: https://elasticsearch:9200 @@ -101,7 +101,7 @@ services: retries: 120 logstash: - image: docker.elastic.co/logstash/logstash:8.11.1 + image: docker.elastic.co/logstash/logstash:8.7.1 environment: XPACK_MONITORING_ENABLED: "false" PIPELINE_ECS_COMPATIBILITY: v8 diff --git a/Chapter 3 Files/lme_update.sh b/Chapter 3 Files/lme_update.sh index b8dca25b..83d3b893 100644 --- a/Chapter 3 Files/lme_update.sh +++ b/Chapter 3 Files/lme_update.sh @@ -1,57 +1,2 @@ #!/bin/bash -#!/bin/bash -LME_DIR=/opt/lme/ -IFS=$'\n' -Dashboards="$(ls -1 ${LME_DIR}Chapter\ 4\ Files/dashboards/*.ndjson)" -echo $Dashboards - -# -------------- cron job automatic logger code START -------------- - -# See my ans: https://stackoverflow.com/a/60157372/4561887 -FULL_PATH_TO_SCRIPT="$(realpath "${BASH_SOURCE[-1]}")" -SCRIPT_DIRECTORY="$(dirname "$FULL_PATH_TO_SCRIPT")" -SCRIPT_FILENAME="$(basename "$FULL_PATH_TO_SCRIPT")" - -LOG_DIR=/var/log/cron_logs -mkdir -p $LOG_DIR -DATE="$(date '+%Y-%m-%d-%H:%M:%S')" - -# Automatically log the output of this script to a file! -begin_logging() { - - # Redirect all future prints in this script from this call-point forward to - # both the screen and a log file! - # - # This is about as magic as it gets! This line uses `exec` + bash "process - # substitution" to redirect all future print statements in this script - # after this line from `stdout` to the `tee` command used below, instead. - # This way, they get printed to the screen *and* to the specified log file - # here! The `2>&1` part redirects `stderr` to `stdout` as well, so that - # `stderr` output gets logged into the file too. - # See: - # 1. *****+++ https://stackoverflow.com/a/49514467/4561887 - - # shows `exec > >(tee $LOG_FILE) 2>&1` - # 1. https://superuser.com/a/569315/425838 - shows `exec &>>` (similar) - exec > >(tee -a "${LOG_DIR}/${SCRIPT_FILENAME}"+$DATE".log") 2>&1 - - echo "" - echo "=====================================================================" - echo "Running cronjob \"$FULL_PATH_TO_SCRIPT\"" - echo "on $DATE" - echo "Cmd: $0 $@" - echo "=====================================================================" -} - - -main() { - /opt/lme/Chapter\ 3\ Files/deploy.sh upgrade -} - -# ------------------------------------------------------------------------------ -# main program entry point -# ------------------------------------------------------------------------------ -if [ "$1" == "log" ]; -then - begin_logging "$@" -fi -time main "$@" +/opt/lme/Chapter\ 3\ Files/deploy.sh update diff --git a/docs/markdown/chapter3/chapter3.md b/docs/markdown/chapter3/chapter3.md index e518f36b..3a74c219 100644 --- a/docs/markdown/chapter3/chapter3.md +++ b/docs/markdown/chapter3/chapter3.md @@ -139,52 +139,7 @@ If you wish to update log retention time, refer to the [Retention doc](/docs/mar **Note:** The software starts deleting events based upon whichever retention criteria is met first. -### 3.2.4 LME automatic updates - -Optionally you can choose to have dashboard_update.sh and lme_update.sh run in cron jobs. If you desire this (**NOTE**: If you automatically upgrade LME, your ELK services will go down while upgrades occur. Plan accordingly.). - -To have dashboard and lme update run as cron jobs: -``` -# Change to the LME directory containing files for the Linux server -cd /opt/lme/Chapter\ 3\ Files/ -# Execute script with root privileges -sudo ./deploy.sh update -``` - -Default Input of the script. You can customize when updates will occur using crontab. -``` -root@master:/opt/lme/Chapter 3 Files# sudo ./deploy.sh update -Do you want to automatically upgrade LME ([y]es/[n]o): y -**Before proceeding**: Use https://crontab.cronhub.io/ to create a crontab expression. -Press Any key to continue when done. (Enter) - -[X] Enabling LME Automatic Update -Specify the crontab entry in quotes: "0 1 * * *" -[X] Creating lme_update with crontab: 0 1 * * * -[X] Creating LME update crontab -Do you want to automatically update Dashboards ([y]es/[n]o): y -[X] Enabling Dashboard Automatic Update -Specify the crontab entry in quotes: "0 1 * * *" -[X] Creating dashboard update with crontab: 0 1 * * * -``` - -These scripts utilize git to pull updates, and will work seamlessly if you have pulled the repository as directed above, and you allow port 443 outbound on your linux server. You can check this via the below command: -``` -$ git remote get-url origin -https://github.com/cisagov/LME.git -``` - -In addition, when the cronjobs run you should see logs appear in: `/var/log/cron_logs/`. You can check that below: -``` -$ ls /var/log/cron_logs -dashboard_update.sh+2023-11-10-18:50:01.log dashboard_update.sh+2023-11-10-18:54:01.log lme_update.sh+2023-11-10-18:52:01.log -dashboard_update.sh+2023-11-10-18:51:01.log dashboard_update.sh+2023-11-10-18:55:01.log lme_update.sh+2023-11-10-18:53:01.log -dashboard_update.sh+2023-11-10-18:52:01.log lme_update.sh+2023-11-10-18:50:01.log lme_update.sh+2023-11-10-18:54:01.log -dashboard_update.sh+2023-11-10-18:53:01.log lme_update.sh+2023-11-10-18:51:01.log lme_update.sh+2023-11-10-18:55:01.log -``` -During testing we set the cron expression to run everyminute, so the above date stamps reflect that. You can choose whatever time period is best for you and your organization. - -### 3.2.5 Download Files for Windows Event Collector +### 3.2.4 Download Files for Windows Event Collector The deploy.sh script has created files on the Linux server that need to be copied across and used on the Windows Event Collector server. The files have been zipped for convenience, with the filename and location ``` /opt/lme/files_for_windows.zip ```. @@ -238,7 +193,7 @@ Now you need to install Winlogbeat on the Windows Event Collector. Winlogbeat re ### 3.3.1 Files Required -Whichever method you used in [step 3.2.5](#325-download-files-for-windows-event-collector), you should have downloaded the `files_for_windows.zip` archive containing the following files: +Whichever method you used in [step 3.2.4](#324-download-files-for-windows-event-collector), you should have downloaded the `files_for_windows.zip` archive containing the following files: - root-ca.crt - wlbclient.key - wlbclient.crt @@ -248,7 +203,7 @@ These are certificates, keys, and configuration files required for the Event Col **Download winlogbeat:** -You will also require the latest supported version of `Winlogbeat`. You can download it as a zip or MSI file from Elastic's website [here]([https://www.elastic.co/downloads/past-releases/winlogbeat-8-11-1](https://www.elastic.co/downloads/past-releases/winlogbeat-8-11-1)). **The current version officially supported by LME is 8.11.1.** +You will also require the latest supported version of `Winlogbeat`. You can download it as a zip file from Elastic's website [here](https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-8.5.0-windows-x86_64.zip). **The current version officially supported by LME is 8.5.0.** ### 3.3.2 Install Winlogbeat On the Windows Event Collector server extract the 'files_for_windows.zip' archive and copy the 'lme' folder (contained within 'tmp' inside the extracted files) to the following location: @@ -266,7 +221,6 @@ Figure 3: Winlogbeat Install Location Then, move the 'winlogbeat.yml' file located at ```C:\Program Files\lme\winlogbeat.yml``` into the winlogbeat folder ```C:\Program Files\lme\winlogbeat-8.[x].[y]-windows-x86_64```, overwriting the existing file when prompted to do so. Now, open PowerShell as an administrator and run the following command from the winlogbeat directory, allowing the script to run if prompted to do so: ```./install-service-winlogbeat.ps1``` -If you receive a permissions error you can run ```Set-ExecutionPolicy Unrestricted -Scope Process``` to be able to run the installer. ![Winlogbeat Install Script](/docs/imgs/winlogbeat-install.png)

@@ -288,7 +242,7 @@ Figure 5: Winlogbeat Service Running ## Trusting the certs that secure LME's services Theres a few steps we need to follow to trust the self-signed cert: -1. Grab the self-signed certificate authority for LME (done in step [3.2.5](docs/markdown/chapter3/chapter3.md#325-download-files-for-windows-event-collector)). +1. Grab the self-signed certificate authority for LME (done in step [3.2.4](docs/markdown/chapter3/chapter3.md#324-download-files-for-windows-event-collector)). 2. Have our clients trust the certificate authority (see command below). This will trust the self signed cert and any other certificates it signs. If this certificate is stolen by an attacker, they can use it to trick your browser into trusting any website they setup. Make sure this cert is kept safe and secure. diff --git a/docs/markdown/maintenance/upgrading.md b/docs/markdown/maintenance/upgrading.md index 18cf09f4..bdb28433 100644 --- a/docs/markdown/maintenance/upgrading.md +++ b/docs/markdown/maintenance/upgrading.md @@ -7,35 +7,7 @@ Below you can find the upgrade paths that are currently supported and what steps Applying these changes is automated for any new installations. But, if you have an existing installation, you need to conduct some extra steps. **Before performing any of these steps it is advised to take a backup of the current installation using the method described [here](/docs/markdown/maintenance/backups.md).** -### 1.1 Upgrade from v1.0.0 -This upgrade assumes your `/opt/lme` directory is on the `main` branch, which it will be by default. To confirm this run the command below. You may need to run as `sudo` depending if you installed lme as root (which is the default instructions). - -``` -cd /opt/lme/ -git status -``` - -You should see the output like below: -``` -On branch main -Your branch is up to date with 'origin/main'. -``` - -This upgrade does the following: -1. pulls the new updates to the `main` branch using git (if this step fails, git pull manually, and rerun) -2. removes the lme stack so it can be reset with the new updates -3. upgrades the compose live file -4. upgrades the lme_update and dashboard_update files -5. docker pull's elastic `8.11.1` -6. redeploy's LME -7. Update's LME's dashboards -8. Sets the version in lme.conf: `1.1.0` - -#### Optional step: -You may want to delete and reimport the dashboards on upgrade from 1.0.0 to 1.1.0. [Updating dashboards](/Chapter%204%20Files/dashboards/Readme.md). This way you are not left with old dashboards when you export. - - -### 1.2 Upgrade from v0.5 +### 1.1 Upgrade from v0.5 Since LME's transition from the NCSC to CISA, the location of the LME repository has changed from `https://github.com/ukncsc/lme` to `https://github.com/cisagov/lme`. To obtain any further updates to LME on the ELK server, you will need to transition to the new git repository. Because vital configuration files are stored within the same folder as the git repo, it's simpler to copy the old LME folder to a different location, clone the new repo, copy the files and folders unique to your system, and then optionally delete the old folder. You can do this by running the following commands: @@ -113,7 +85,7 @@ LME v1.0 make a minor change to the file structure used in the SYSVOL folder, so 3. Update the path to update.bat used in the LME-Sysmon-Task GPO (refer to [2.2.3 - Scheduled task GPO Policy](/docs/markdown/chapter2.md#223---scheduled-task-gpo-policy)). #### 1.1.4 Checklist -1. Have the ELK stack components been upgraded on the Linux server? While on the Linux server, run `sudo docker ps | grep lme`. Version 8.11.1 of Logstash, Kibana, and Elasticsearch should be running. +1. Have the ELK stack components been upgraded on the Linux server? While on the Linux server, run `sudo docker ps | grep lme`. Version 8.7.1 of Logstash, Kibana, and Elasticsearch should be running. 2. Has Winlogbeat been updated to version 8.5.0? From Event Collector, using PowerShell, navigate to the location of the Winlogbeat executable ("C:\Program Files\lme\winlogbeat-x.x.x-windows-x86_64") and run `.\winlogbeat version`. 3. Is the LME folder inside SYSVOL properly structured? Refer to the checklist listed at the end of chapter 2. 4. Are the events from all clients visible inside elastic? Refer to [4.1.2 Check you are receiving logs](/docs/markdown/chapter4.md#412-check-you-are-receiving-logs). From ec4fae48b829b1c834f590eebf0a4afcb3c470e1 Mon Sep 17 00:00:00 2001 From: Michael Reeves <147089975+mreeve-snl@users.noreply.github.com> Date: Tue, 21 Nov 2023 14:54:05 -0500 Subject: [PATCH 27/29] Release 1.1.0 small updates (#61) * updating deploy.sh with fixes that solve permissions issues and still provide security for files with plaintext passwords * updating docs to state more accurate required disk sizes --- Chapter 3 Files/deploy.sh | 202 +++++++++++++++++---------------- docs/markdown/prerequisites.md | 4 +- 2 files changed, 106 insertions(+), 100 deletions(-) diff --git a/Chapter 3 Files/deploy.sh b/Chapter 3 Files/deploy.sh index a39c5832..18e2cb7a 100755 --- a/Chapter 3 Files/deploy.sh +++ b/Chapter 3 Files/deploy.sh @@ -3,36 +3,38 @@ # LME Deploy Script # ############################ # This script configures a host for LME including generating certificates and populating configuration files. +DATE="$(date '+%Y-%m-%d-%H:%M:%S')" #prompt for y/n prompt() { - if [ -z "$1" ]; - then - str="Are you sure?" - else - str=$1 - fi - - while true - do - read -r -p "$str? [Y/n] " input - - case $input in - [yY][eE][sS]|[yY]) - return 0 #true - break - ;; - [nN][oO]|[nN]) - return 1 #false - break - ;; - *) - echo "Invalid input..." - ;; - esac - done + if [ -z "$1" ]; + then + str="Are you sure?" + else + str=$1 + fi + + while true + do + read -r -p "$str? [Y/n] " input + + case $input in + [yY][eE][sS]|[yY]) + return 0 #true + break + ;; + [nN][oO]|[nN]) + return 1 #false + break + ;; + *) + echo "Invalid input..." + ;; + esac + done } + function customlogstashconf() { #add option for custom logstash config CUSTOM_LOGSTASH_CONF=/opt/lme/Chapter\ 3\ Files/logstash_custom.conf @@ -101,10 +103,19 @@ function setpasswords() { temp=$OLD_ELASTIC_PASS fi - echo -e "\e[32m[X]\e[0m Waiting for elasticsearch to be ready" - while [[ "$(curl --cacert certs/root-ca.crt --user elastic:${temp} -s -o /dev/null -w ''%{http_code}'' https://127.0.0.1:9200)" != "200" ]]; do + echo -e "\e[32m[X]\e[0m Waiting for Elasticsearch to be ready" + max_attempts=60 + attempt=0 + while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' --cacert certs/root-ca.crt --user elastic:${temp} https://127.0.0.1:9200)" != "200" ]]; do + printf '.' sleep 1 + ((attempt++)) + if ((attempt > max_attempts)); then + echo "Elasticsearch is not responding after $max_attempts attempts - exiting." + exit 1 + fi done + echo "Elasticsearch is up and running." echo -e "\e[32m[X]\e[0m Setting elastic user password" curl --cacert certs/root-ca.crt --user elastic:${temp} -X POST "https://127.0.0.1:9200/_security/user/elastic/_password" -H 'Content-Type: application/json' -d' { "password" : "'"$elastic_user_pass"'"} ' @@ -160,6 +171,7 @@ function zipfiles() { zip -rmT /opt/lme/files_for_windows.zip /tmp/lme # Give global read permissions to new archive for later retrieval chmod 664 /opt/lme/files_for_windows.zip + } function generateCA() { @@ -409,22 +421,6 @@ get_distribution() { echo "$lsb_dist" } -#DEPRECATED -#function dashboard_update() { -# echo -e "\e[32m[X]\e[0m Creating dashboard update crontab" -# crontab -l | { -# cat -# echo "0 1 * * * /opt/lme/dashboard_update.sh" -# } | crontab - -#} -#DEPRECATED -#function auto_lme_update() { -# echo -e "\e[32m[X]\e[0m Creating LME update crontab" -# crontab -l | { -# cat -# echo "30 1 * * * /opt/lme/lme_update.sh" -# } | crontab - -#} function indexmappingupdate() { echo -e "\n\e[32m[X]\e[0m Uploading the LME index template" @@ -486,6 +482,7 @@ function pipelineupdate() { ' } + function data_retention() { #show ext4 disk DF_OUTPUT="$(df -h -l -t ext4 --output=source,size /var/lib/docker)" @@ -502,7 +499,7 @@ function data_retention() { echo -e "\e[32m[X]\e[0m We think your main disk is $DISK_DEV" if [ "$DISK_80" -lt 30 ]; then - echo -e "\e[31m[!]\e[0m LME Requires 90GB of space usable for log retention - exiting" + echo -e "\e[31m[!]\e[0m LME Requires 128GB of space usable for log retention - exiting" exit 1 elif [ "$DISK_80" -ge 90 ] && [ "$DISK_80" -le 179 ]; then RETENTION="30" @@ -612,6 +609,8 @@ function configelasticsearch() { curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X PUT "https://127.0.0.1:9200/_all/_settings" -H 'Content-Type: application/json' -d '{"index" : {"number_of_replicas" : 0}}' } + + function writeconfig() { echo -e "\n\e[32m[X]\e[0m Writing LME Config" #write LME version @@ -652,23 +651,6 @@ function zipnewcerts() { zip -rmT /opt/lme/new_client_certificates.zip /tmp/lme } -#Deprecated -#function promptupdate() { -# read -e -p "Do you want to automatically update LME ([y]es/[n]o): " -i "y" autoupdate_enabled -# if [ "$autoupdate_enabled" == "y" ]; then -# echo -e "\e[32m[X]\e[0m Enabling LME Automatic Update" -# #cron lme update -# auto_lme_update -# -# read -e -p "Do you want to automatically update Dashboards ([y]es/[n]o): " -i "y" dashboardupdate_enabled -# if [ "$dashboardupdate_enabled" == "y" ]; then -# echo -e "\e[32m[X]\e[0m Enabling Dashboard Automatic Update" -# #cron dash update -# dashboard_update -# fi -# fi -#} -# function bootstrapindex() { if [[ "$(curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -s -o /dev/null -w ''%{http_code}'' https://127.0.0.1:9200/winlogbeat-000001)" != "200" ]]; then @@ -690,6 +672,16 @@ function bootstrapindex() { function fixreadability() { cd /opt/lme/ chmod -077 -R . + + #some permissions to help with seeing files + chown root:sudo /opt/lme/ + chmod 750 /opt/lme/ + chmod 644 files_for_windows.zip + + #fix backups + chown -R 1000:1000 /opt/lme/backups + chmod -R go-rwx /opt/lme/backups + } function install() { @@ -737,13 +729,13 @@ function install() { if [ "$old_elastic_user_pass" == "y" ]; then - res= false - while [ ! $res ];do - read -e -p "PASSWORD: " OLD_ELASTIC_PASS - prompt "confirm password \"$OLD_ELASTIC_PASS\"" - res=$? - done - fi + res= false + while [ ! $res ];do + read -e -p "PASSWORD: " OLD_ELASTIC_PASS + prompt "confirm password \"$OLD_ELASTIC_PASS\"" + res=$? + done + fi if [ "$selfsignedyn" == "y" ]; then #make certs @@ -861,30 +853,38 @@ function uninstall() { read -e -p "Proceed ([y]es/[n]o):" -i "n" check if [ "$check" == "n" ]; then return + elif [ "$check" == "y" ];then + echo -e "\e[32m[X]\e[0m Removing Docker stack and configuration" + docker stack rm lme + docker secret rm ca.crt logstash.crt logstash.key elasticsearch.key elasticsearch.crt + docker secret rm kibana.crt kibana.key + docker config rm logstash.conf logstash_custom.conf + echo -e "\e[32m[X]\e[0m Attempting to remove legacy LME files (this will cause expected errors if these no longer exist)" + docker secret rm winlogbeat.crt winlogbeat.key nginx.crt nginx.key + docker config rm osmap.csv + echo -e "\e[32m[X]\e[0m Leaving Docker swarm" + docker swarm leave --force + echo -e "\e[32m[X]\e[0m Removing LME config files and configured auto-updates" + rm -r certs + crontab -l | sed -E '/lme_update.sh|dashboard_update.sh/d' | crontab - + echo -e "\e[33m[!]\e[0m NOTICE!" + echo -e "\e[33m[!]\e[0m No data has been deleted:" + echo -e "\e[33m[!]\e[0m - Run 'sudo docker volume rm lme_esdata' to delete the elasticsearch database" + echo -e "\e[33m[!]\e[0m - Run 'sudo docker volume rm lme_logstashdata' to delete the logstash data directory" + return + else + echo -e "\e[33m[!]\e[0m ONLY PROVIDE y or n" fi - - echo -e "\e[32m[X]\e[0m Removing Docker stack and configuration" - docker stack rm lme - docker secret rm ca.crt logstash.crt logstash.key elasticsearch.key elasticsearch.crt - docker secret rm kibana.crt kibana.key - docker config rm logstash.conf logstash_custom.conf - echo -e "\e[32m[X]\e[0m Attempting to remove legacy LME files (this will cause expected errors if these no longer exist)" - docker secret rm winlogbeat.crt winlogbeat.key nginx.crt nginx.key - docker config rm osmap.csv - echo -e "\e[32m[X]\e[0m Leaving Docker swarm" - docker swarm leave --force - echo -e "\e[32m[X]\e[0m Removing LME config files and configured auto-updates" - rm -r certs - crontab -l | sed -E '/lme_update.sh|dashboard_update.sh/d' | crontab - - echo -e "\e[33m[!]\e[0m NOTICE!" - echo -e "\e[33m[!]\e[0m No data has been deleted:" - echo -e "\e[33m[!]\e[0m - Run 'sudo docker volume rm lme_esdata' to delete the elasticsearch database" - echo -e "\e[33m[!]\e[0m - Run 'sudo docker volume rm lme_logstashdata' to delete the logstash data directory" } -function update() { +function upgrade() { + #remove auto updates crontab -l | sed -E '/lme_update.sh|dashboard_update.sh/d' | crontab - + + #grab latest version + latest="1.0" + #check if the config file we're now creating on new installs exists if [ -r /opt/lme/lme.conf ]; then #reference this file as a source @@ -953,9 +953,12 @@ function update() { fi zipfiles fixreadability - fi + + elif [ "$version" == $latest ]; then + echo -e "\e[32m[X]\e[0m You're on the latest version!" else echo -e "\e[31m[!]\e[0m Updating directly to LME 1.0 from versions prior to 0.5.1 is not supported. Update to 0.5.1 first." + fi fi } @@ -1010,6 +1013,13 @@ function renew() { deploylme } +function usage(){ + echo -e "\e[31m[!]\e[0m Invalid operation specified" + echo "Usage: ./deploy.sh (install/uninstall/renew/upgrade/update)" + echo "Example: ./deploy.sh install" + exit 1 +} + ############ #START HERE# ############ @@ -1033,21 +1043,17 @@ cd "$DIR" || exit #What action is the user wanting to perform if [ "$1" == "" ]; then - echo -e "\e[31m[!]\e[0m No operation specified" - echo "Usage: ./deploy.sh (install/uninstall/renew)" - echo "Example: ./deploy.sh install" - exit 1 + usage elif [ "$1" == "install" ]; then install elif [ "$1" == "uninstall" ]; then uninstall -elif [ "$1" == "update" ]; then - update +elif [ "$1" == "upgrade" ]; then + upgrade elif [ "$1" == "renew" ]; then renew +elif [ "$1" == "update" ]; then + update else - echo -e "\e[31m[!]\e[0m Invalid operation specified" - echo "Usage: ./deploy.sh (install/uninstall/renew)" - echo "Example: ./deploy.sh install" - exit 1 + usage fi diff --git a/docs/markdown/prerequisites.md b/docs/markdown/prerequisites.md index 1f265ddd..fc54e515 100644 --- a/docs/markdown/prerequisites.md +++ b/docs/markdown/prerequisites.md @@ -66,8 +66,8 @@ To begin your Logging Made Easy installation, you will need access to (or creati ### Minimum Hardware Requirements: - CPU: 2 processor cores, - MEMORY: 16GB RAM, (32GB+ recommended by [Elastic](https://www.elastic.co/guide/en/cloud-enterprise/current/ece-hardware-prereq.html)), - - STORAGE: dedicated 90GB storage for ELK (not including storage for OS and other files) - - This is estimated to only support ~17 clients of log streaming data/day, and Elasticsearch will automatically purge old logs to make space for new ones. We **highly** suggest more storage than 90GB for any other sized enterprise network. + - STORAGE: dedicated 128GB storage for ELK (not including storage for OS and other files) + - This is estimated to only support ~17 clients of log streaming data/day, and Elasticsearch will automatically purge old logs to make space for new ones. We **highly** suggest more storage than 128GB for any other sized enterprise network. ### Notes: * **DO NOT install Docker from the "Featured Snaps" section of the Ubuntu Server install procedure, we install the Docker community edition later.** From 07e695b858e2de462a99775b35bca8650d8f2ddb Mon Sep 17 00:00:00 2001 From: "Grant (SNL)" <108766839+rgbrow1949@users.noreply.github.com> Date: Wed, 22 Nov 2023 01:14:44 +0000 Subject: [PATCH 28/29] Deleting to replace alerting dashboard after removing broken links --- .../dashboards/alerting_dashboard.ndjson | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 Chapter 4 Files/dashboards/alerting_dashboard.ndjson diff --git a/Chapter 4 Files/dashboards/alerting_dashboard.ndjson b/Chapter 4 Files/dashboards/alerting_dashboard.ndjson deleted file mode 100644 index e86a1875..00000000 --- a/Chapter 4 Files/dashboards/alerting_dashboard.ndjson +++ /dev/null @@ -1,19 +0,0 @@ -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Alerting Dashboard](#/dashboard/ac1078e0-8a32-11ea-8939-89f508ff7909)\\n| [Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-20T11:11:46.893Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-20T11:11:46.893Z","version":"WzE5NjYwOCw4XQ=="} -{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","runtimeFieldMap":"{\"Column1\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { if (doc['process.pid'].size() != 0) { emit (doc['process.pid'].value.toString()) } } else if(doc['event.code'].value.equals(Integer.toString(3))) { if (doc['destination.address'].size() != 0) { emit (doc['destination.address'].value.toString()) } } } emit (\\\"No Data\\\") } } emit (\\\"Signal Closed\\\")\"}},\"Column2\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { def args = \\\"\\\"; if (doc['process.args'].size() != 0) { for(int i=0; i Date: Wed, 22 Nov 2023 01:17:21 +0000 Subject: [PATCH 29/29] Replacing alert dashboard because of a widget that had broken links --- .../dashboards/alerting_dashboard.ndjson | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 Chapter 4 Files/dashboards/alerting_dashboard.ndjson diff --git a/Chapter 4 Files/dashboards/alerting_dashboard.ndjson b/Chapter 4 Files/dashboards/alerting_dashboard.ndjson new file mode 100644 index 00000000..abd15cd3 --- /dev/null +++ b/Chapter 4 Files/dashboards/alerting_dashboard.ndjson @@ -0,0 +1,18 @@ +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Alerting Dashboard](#/dashboard/ac1078e0-8a32-11ea-8939-89f508ff7909)\\n| [Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-21T22:05:07.057Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-21T22:05:07.057Z","version":"WzI0NDQyLDVd"} +{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","runtimeFieldMap":"{\"Column1\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { if (doc['process.pid'].size() != 0) { emit (doc['process.pid'].value.toString()) } } else if(doc['event.code'].value.equals(Integer.toString(3))) { if (doc['destination.address'].size() != 0) { emit (doc['destination.address'].value.toString()) } } } emit (\\\"No Data\\\") } } emit (\\\"Signal Closed\\\")\"}},\"Column2\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { def args = \\\"\\\"; if (doc['process.args'].size() != 0) { for(int i=0; i