From 2705a1a9fcb12fdebb8799bf02468caf1c295074 Mon Sep 17 00:00:00 2001 From: RecordedFutureOskbo Date: Tue, 16 Apr 2024 00:09:24 +0200 Subject: [PATCH 01/33] SubscriptionID fix, EntraID renaming and SolutionV3 repack --- .../Data/Solution_RecordedFutureIdentity.json | 16 +- .../Package/3.0.0.zip | Bin 0 -> 13887 bytes .../Package/createUiDefinition.json | 2 +- .../Package/mainTemplate.json | 500 ++++++------ .../Package/testParameters.json | 24 + .../azuredeploy.json} | 38 +- .../azuredeploy.json} | 50 +- .../azuredeploy.json} | 22 +- .../azuredeploy.json} | 44 +- .../azuredeploy.json} | 46 +- .../add_risky_user_to_security_group.json | 376 --------- ...tity_protection_confirm_user_is_risky.json | 406 --------- .../Playbooks/base_external.json | 543 ------------- .../Playbooks/base_workforce.json | 768 ------------------ .../Playbooks/lookup_and_save.json | 322 -------- .../Playbooks/readme.md | 230 +----- .../Recorded Future Identity/ReleaseNotes.md | 4 + 17 files changed, 475 insertions(+), 2916 deletions(-) create mode 100644 Solutions/Recorded Future Identity/Package/3.0.0.zip create mode 100644 Solutions/Recorded Future Identity/Package/testParameters.json rename Solutions/Recorded Future Identity/Playbooks/{RecordedFutureIdentity-add-AAD-security-group-user.json => RecordedFutureIdentity-add-EntraID-security-group-user/azuredeploy.json} (94%) rename Solutions/Recorded Future Identity/Playbooks/{RecordedFutureIdentity-confirm-AAD-risky-user.json => RecordedFutureIdentity-confirm-EntraID-risky-user/azuredeploy.json} (93%) rename Solutions/Recorded Future Identity/Playbooks/{RecordedFutureIdentity-lookup-and-save-user.json => RecordedFutureIdentity-lookup-and-save-user/azuredeploy.json} (97%) rename Solutions/Recorded Future Identity/Playbooks/{RecordedFutureIdentity-search-external-user.json => RecordedFutureIdentity-search-external-user/azuredeploy.json} (94%) rename Solutions/Recorded Future Identity/Playbooks/{RecordedFutureIdentity-search-workforce-user.json => RecordedFutureIdentity-search-workforce-user/azuredeploy.json} (95%) delete mode 100644 Solutions/Recorded Future Identity/Playbooks/add_risky_user_to_security_group.json delete mode 100644 Solutions/Recorded Future Identity/Playbooks/azure_identity_protection_confirm_user_is_risky.json delete mode 100644 Solutions/Recorded Future Identity/Playbooks/base_external.json delete mode 100644 Solutions/Recorded Future Identity/Playbooks/base_workforce.json delete mode 100644 Solutions/Recorded Future Identity/Playbooks/lookup_and_save.json create mode 100644 Solutions/Recorded Future Identity/ReleaseNotes.md diff --git a/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json b/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json index edbde1de13..53af46c742 100644 --- a/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json +++ b/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json @@ -5,15 +5,15 @@ "Description": "[Recorded Future](https://www.recordedfuture.com/) Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:\n1. searches for compromised workforce or external customer users\n2. looking up existing users and saving the compromised user data to a Log file\n3. confirming high risk Azure Active Directory (AAD) users\n4. adding a compromised user to an AAD security group\n\nFor more information, see the [Documentation for this Solution](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/Playbooks).\n\nThe playbooks have internal dependencies where you have to install: \n- RecordedFutureIdentity-add-AAD-security-group-user \n- RecordedFutureIdentity-confirm-AAD-risky-user \n- RecordedFutureIdentity-lookup-and-save-user \n\nBefore: \n- RecordedFutureIdentity-search-workforce-user \n- RecordedFutureIdentity-search-external-user.", "PlaybooksBladeDescription": "This solution will install playbooks that import users with leaked credentials from Recorded Future and set them as RiskyUsers in Azure Active Directory.", "Playbooks": [ - "/Playbooks/RecordedFutureIdentity-add-AAD-security-group-user.json", - "/Playbooks/RecordedFutureIdentity-confirm-AAD-risky-user.json", - "/Playbooks/RecordedFutureIdentity-lookup-and-save-user.json", - "/Playbooks/RecordedFutureIdentity-search-workforce-user.json", - "/Playbooks/RecordedFutureIdentity-search-external-user.json" + "/Playbooks/RecordedFutureIdentity-add-EntraID-security-group-user/azuredeploy.json", + "/Playbooks/RecordedFutureIdentity-confirm-EntraID-risky-user/azuredeploy.json", + "/Playbooks/RecordedFutureIdentity-lookup-and-save-user/azuredeploy.json", + "/Playbooks/RecordedFutureIdentity-search-workforce-user/azuredeploy.json", + "/Playbooks/RecordedFutureIdentity-search-external-user/azuredeploy.json" ], - "BasePath": "c:\\github\\Azure-Sentinel\\Solutions\\Recorded Future Identity\\", - "Version": "2.0.0", + "BasePath": "D:\\Azure-Sentinel\\Solutions\\Recorded Future Identity\\", + "Version": "3.0.0", "Metadata": "SolutionMetadata.json", - "TemplateSpec": true, + "TemplateSpec": false, "Is1PConnector": false } diff --git a/Solutions/Recorded Future Identity/Package/3.0.0.zip b/Solutions/Recorded Future Identity/Package/3.0.0.zip new file mode 100644 index 0000000000000000000000000000000000000000..d6abcff2f08048b91223c9ceee431733bfd8f1f9 GIT binary patch literal 13887 zcmZ{LbFe6|)7`ag+qP}nwr$(CZ5!{}wr$&bSAD;BI_>vOo6KxBna%!{Ois?6RgeY- zK>+{&fB=95OwgDBBapiV2LPBs1pq+*w`%NUYUpCBYAIrBW@%^XVrg$jXXR{f*Q#-4 zcQlInqhE06P|((3B9XFYJ3n|s=CImmi?EzU?&ouB4I6h0Fik>atRJ=Z*1lI zoMBsjXGBk@{b2!BR4w+^3s=+2VG$L1xrK;qiVLiXz>?BwBS~g-M_OD?jPz7B2b7Di zxL(wBBQj(Ij@H(xRZ zVd&C{(139PXqph2!{E#41D+bVw zIJd~b2$WQ_3|Ulc6jcGMf=m%bOO*AU4(3s8F@Skz$a--Jb!gV0lxlujNrfP{fTE!a zNX{v?R&*?JGdg=g*$Q`udUWvlyE%nS;fR^t^dupv?>Lw>f8qN0*Ia3odQOXNV*)=o zh6AaORe;SaWe_Nkq!+3)(3s8OOYCr`i~sRKBPNDjM(L%?c&TDgb$n#1Bv>z`GViv(=T^ho=bE?ZW^qbOhzu zki8x(tK(tgL2I2GT7ihizy<=!Lj zBEb(S%PpocH>aSFcUk&s3h2`48U$nYIS3)}`augPW$@mcIvHI@eb^hJVvo~r-S%e{ zU_S){4%GU92vq_MUv42=B#lX&Z=(?B8sICovYJptZ<*9BRWjOH>cHqG$VE1RXfl~- zazc@$#6I%YWmIUbPVJ1iJA*|521F(RVN+uMi9VQ~|KbExQ!-isKC7C&g#ga6Fq^#m z*0WRd4^2w~w!|4K&hU214?yj;YdeDjE3KW#Z<#NxZBPF0_UqX2aIuwJl{l{YY*(|K zIn*E#3W$=w=?t+4w~XeSF68B`!(Q>8+VNWxE>?N%N!^Muc4+S`E`P_;_PM=u%RG6@i%JL;4LD4k_Wj3uol<-(KiidrT%O9Zux={*~qZgNzfyKcINf|{IRn+4c5aUDD8cNqMB z-Y>_P*|+LUo5oAqHI&q|IY*RWZZbIrUVRXYIJfPfax0UJUaz> zBs+$hZ$HdBQnw1z-sg*k^x*@FLkRJs<^^H-&{Te7h?j7IB&^;DnBI@ex_B8Ka~~|4 zLB4&)Ydkp&rHS_vXDq%K0AE5V)=GM%xw*O7IWqI#j2vF>z@hLeZojIiD|woI=ww5c z=(-xpI)=ozlGY6AnZxjf05O!QWsBi)p?YE8dGGj)T|q&hXvjT`RVnL59rt8o2OD>H zgo7V>2@ZS5-22=6fy9Y;q2lAhfJ}-oRD$r82aLRD`2GnBFOvtx6(?e^A5M5mA7e*h zd%J>#RqKi`h-U5YTY?`k1Pm(r<^u5M%;X^~QSv);)mii4=#707n5sn0b=I=v4Feu* z5P7(IKaRjlye4ZKV-2ZS&Z6u_T2j|gs{&q@>%hj+cM8vzp$S8R)^E4=)}3XfZ>Ixn zAgNM;l@~~V#9oYhigoM(clmP1-oCrZV_l_NQT{ceMEA*X5S#}Djw7;;H8uCHF+D6Y zJmWDvZEi1^JA!Xgu30PlXvpoR@N+5LEsI&z&rpJ#YOl*HnAiiAN|#c;>_MLdAE<9h4Dxj_KaN}@%VjIO*NY^bRvRpxHhxqD%r=h*^>HzfS z1N)Oz#&@`RTQ?9Vo9XsjCdF3?4g^bN;dqfQ;^X~ZPmEWQwwpLpI1TGg_i@UfgFAnP z{{j)r%Of+CX#oI8SbzW!|3L&>LrXgqQ(Fg{e?Z}Xf`c31t0e4>#?#-}b$5Y#k6_w- zvJLf(Jlr{{G#0mdR^nPMW@KwgLG@++u2$1JeDa7eAObzTwmD-ckOWI-}QEl$Un z91BjVBRP2T)~wE{rhu!x#L-(iq|b3>zE%; zY%%tS$;^X9f~WlR*UfBQVtO&UxbC_66CSAamiMbOidq5l^skTD?_gOLn4-;+jjuHF zrUw^afVfaN_^`YCASTHOjOb#G`&bR^eO?1TnLj}ch?w~VXuYowF<;gm8ICgp3SWFa zkH^V=*P(>eVrp}?V!}U?&*4A>DN;jM4uN^#asKHZ%^0gl!6H6qGerz=XONvFMTiFZ zH1;vcFI7w_IrBblL~|XFj(TPSksf@d8uXn@E%)IqmBEDHP7ui%XvkAfyfK1hJW7Fe z%j1;gOERp2kc#_*qcNSx^O;*5E<#E&OI6|smA7J~6?HJM7Ay=Pw)o2^Otfb*;F z>V_Ue=+_zcKlrl?ArS`K?%|3gN%2~=Tqh+*Ub3H`~B@W9bwkTZInq4$M zJdn@8(7}?@Cx)JgnH~=aX{Hl?fEywIm>~CWRn*E=_nw$EfVnu2dL=f5B!n)utTON_ zu)P_~p~v8RKFs9G$x~2WsDyO#1K%j@1qd$MC^y7}qn%5x9SvuxwtiBi$Bs5h)De|mD9a>%u zOk^uT9aQQ-$a^CXDiag(>*x6!_$4PQGo-PQGR8^-dM5IOF|*lA+Bag&peB z*ir1H@=b?!DX0>Lo@r6?*zE33whL`4^C2u zhMy?5VVG?DB@903J(_&J#J6XNU4j%0F$81mq+XH?f+-lfRJq*NbHP(kqr|1w08 z`*eaBk8#e`H9tDpO(hp6E4$${Yl*%$hub@gMk=?22qko$MWYUw z#sRbYA)7D@_5BL8z{GIEFuBhK>X25LOCDSTMvD?I1%c*nz;4^8vd9J^I^q45-xxP= z4QLpi`fN6pdvV{>JJ*SkkihMHNxHh`x@6YYP;n4j;_JV_jUc6V>kIAbZYjRZ-32c- zrW(Vrfg)YAxQI8B`-9#0+{U%tLGxhmxBM|f%YW8Avmn_xBH7(5#TkFC`7!6i$GI8hS2 z?WHE_dko6AZ8^V_+?e+1b25TFsV(<2OGN6gRm#66`XjD+qlE;8?&j)Vb_{{+qtu># zIgV9YRH6N--R`O*ZJv{$svv?CmSV$qD6i^Km904Om=q!9SxtC(h_f78V!;)Qf0^0E zlzQTO8jSfgv01s{wzwBvt!(le11UX4n0h%`h0-3`GS+!RM2kQ!lOFs?@ZGVZ$e4Qu zs`r7`tx!_Tw^SVDLuE06O?<%3~ z{dxN6>uVi?2>MI0$!u^gWC*@`#hllPw;fMz=)&$QY&3Xoed%V=T&k={G#x_8io8Gg zgBMZ6F0E`-SRx4Ln_Tc$Q&xXdu>y(2l)TRsoll(nA^5D0dq&m-NiM&+)laj1b>F(g z^r$jo^Qcy> zfp!`FuL}3~%cO7(?Yiwo@2cvCPUvl}nm>;>T2e#_BkG?4W~DQOcl8_@e}X60tlmGP z&DoXg`9c*K=&}0U9FeBU>^_fud@#K38at7)WPlMJaDvEJ6tir2z_H{s1?HZ>6n*Zn z`92s>!XHcFITzlAc;QNEsln5)0jQXDRp*n1fsw%z=If2*Dq4pV&GZ;J>~uc|J0sB! zkTP)IpMZNPzd~v8H9>lPaQwUKX65$G zV2`3Zl%>1FR*i}0Jz<*FUba?dwP$yYosst7(iMU9)hj^kI$b&NXW9xg>!jHE$}jXi z+il{Jn@Em4;G{0%5Q8@oo$~U@7&B=&dt$v6mrER$jn~hRDBYm4?+ft{T;KoqAubUFS?IIK280 zc9H9B=%Kih%#>zgeIKGm$!@IL0hsped05Vq)3IN1C>K%Zl6GwZf3C7?mdi2B;5US2JoT;#&Dh}?-@Ls%(sAJh zE)gYoi+Z@uxBydD`il49HX#@>O?0c2>g9Oo=6wf-qn;cOgs*sI=WEKp& zk&T1+5c%4mv76UU?-@$pp?R z)KZJ)rL_|pv5q8^hH@k*8ix?*d(&SU#2_ z#x{kJvp!2TliX)ZIdggPg^h;jHF=%$x}|Xey>Q}7u?j*_I2>w|O95eKA=83(zLo{} z4R&IxcV&*7370QF;zx7Pvud(&TtvoqkrP&U%Rc{XMkgYWAI<{S!vrA)y=r(lm?wF; z<^Vj{N&Vz7dckiu^(z4J2zo^7#*;G?QX0&oimlxvLo$X^A9$XB9?$}@C!Dj0?ZY45 z%}}8a0~dk#YYc4fzu_6pf_J)vg?vB+*=(5YVQYp!TfpjB}!Q8!iRjxl~=Sf?7H z9hYCCthGcoCjKiOo%WmYNy{&@eotYvw}+~wpHeAURt?1Im$V{hOQ@+DX-aWv`4;7a z+Y7G0NO0H*!lLVLt@w5qHPdMW$QH7MEkVd@s-m`Nn-Y1VW?S6}OB0(_Bkc{ft~or_ z9FV&Mz~dbw16%_u`&Pkx=!UYTh$pV{72Q6Q@z=-iio`{!&<`$9lb zUUi5+b)~JK0_vf?pyCZI%4^*jolDm$QG*uAdejmv(sk{hdu|C|P=1k22|w3t~0n1B7!e>CP zT=Na@Vl!0X%yPDVH~jvYXb>KPZyBO76y|e~6`%nLfndjc1H?olQnz&oV)(6qf0{93 z3MzyVM1#R#qh_51pKU_C8MdmQZ&ia;i6wSUgN<9%IM0WsLQ6Yf)%JY;7O&D0 z3)za$c}m$l_sj;b=IJYO|H?_1ut42O&bf>cs@FL>XG=v{y6wc&hh5|+QXTu<=1X+#d~*swmK-7i-+ zc_0ihX;*6h3dHr-oy=e2s7V-iy@<$Q^|{|KVt$hi?b$w$;Y1J=EiyONR&i zp+~w~^9#wQ8olstiJK3VhE*4gUx%ZJtZ~w;$jrFLs$-^%sKCOyiCh>Sov6#L%yoVN z9+^|S?Hx^oyC+5Q2#=UDBBP1Ny&*{6XE72$O60S#Luu*_PJqXdDmX%rZYmz zEVzW;)^IAb%zM_QEiTzXvaclZ9}TIPq|E42GA&yCbGX*>hvIsacpYUB;~w*7 zNu+}v0oC;9YO7y2o?*ojfpvNrbC@aFU*@QL{RG;KV{yVN+<3t!g$RExq_1ixWCw*FT2wKvnD)&9nyDCS#~2L zm1}0NlgQOjP-Yt5p&Pm*SMt8cAclE^qCo?wTnN@eXdiZ;>ZPDyWj^DE`pu(fr4?2k z=9?BHT$U!UCq;8z&iWtc+6h*VvRtd;vSsP{bC*&LEMXHT8A|PI63w9#*{` zJ7ib?b!Xn8rh&G=3<*LaUbF`raKt$)w_sV`X7)g)YKzOyVb!b8hVB8+EhZ2hZFe#0 zcCjONk8F(&pq&(ZI9}eQKSOMLsUL4#LaJZ2=@)raaeDi)-l!pn3WlP^++=GGu66rM8#u@`tch= zHvZUGgzAm9Yr<6(5>W9CVH;lTf9BJcSQ%`94JZ0Dw z38||5%(8Oo0{WCE`0kdsxt(`?(_6zE-ulk)hSvu4fVnSozPVOfKX8w+UtZsNRumF) zsC_)YgLh1C(CT+xTEp9q_CA=mFH6sQ>*c%dq}NS_UZyR;yPHoIEumNxvgP)S z9`HL=A+44TZl)007CSH1wfU0fCIB@L-~QQBEHJPUSGD}J?s;C~T=c|D89(*-Af0kL+2h4$f z9zK76muJ-P&v+?TyJ@wrz~Gcc)vTz37N3!of^r)CBF~361-;Ev^wuh_G-4xDYfnUv zVNdb`kwg4Nrl-dDD9~uIR z0e_2tF*?$)&pZW1`wPWM1$mCR-9m=S6rR8;RIcDr$e5cy*Fu-;*SmYYs zOYYcNiLP?cqq;Uz=U>hgjab%Se#q(}@ZjXQy{wuu9%Sdim|!8Cu4JFg!N`k?-@j$x zsh|0IK&NGj=g1fma5M8j$h;;6*+e^inzNWF^vsZ z5p>|^y8=1Y7gOU0{n4xA;vr!ZUG$I5#lAK(Ohj!h zuYCEDp@e?pi@ax#1Z8mG3Zj0>%z7p+Hd3(96C_|oAzs|8&*gskhi%=II07%UX^eId zj1iKDbYSYvEwS_Z!c}UUjR}j#UH4JLFw1*DVSBmk9X&z@%vW@es~?su=Qx1xk!}FA zEt^Xb1bJylJN&nKlt4&SOG3tCTHBk{KT^;mbKK4MogglsUC;v?C66tEFnMkf zdsIrMRbbDKCsX**B%rMb!o~itN7#_d`#qxE^)xS|8)~%$b~bPE07RwSCsH_B?bwPL)7! zF!L!(f4jq=bGeLsTHCmXm#AAAX{J_DvMLvd2dZ!vXX}QprJ}Bu8%sqK=6Nii*5yZ( zhg7*k7sjy2sK6-{c9YvDt)=YZ=I1?UW$9jD468+8&r^%o6XkFOOMA++UO_2oGYbNq z2vdNH>j7>o(+Y2~8iYQy_t3n@A*0)F{V^<)?v5n~y#s7!;7;p8-wDx%p6I@QfBRHe zCL}~^9A%`#LfoE=?(yu;m4G9Zg6Rljs!zkDsz`GS*&v1ca29v3eon}a5}ZJmKl@AN zQbKIM4*YmY*HV*mscjPOsb5Iv0fYNfK@09g9k#c1WgX6tSBeE@qgoa>Eo-XDJ6N1h z7sbTmO-E5xIk*fl--dVPjc+?EE0s6GQncrH-qnbS#U|}aMRAavg!leuhZE3D%}-sn zcQI^l!vwV~v2Xb#t$uT%HDI~l7LEu~0wBx%I?&GGkfq4odt$G5VvjzfHUS>6;i-#M z_3=nU>4dgjxb!^hurRTP zi%Y0uz`1g?11@ro^y9~69G^w8ATz|UUZhdS4egy_zEGETQBP;_V;}+VpCSYO6ssW$z|@w$3faZD{Lh!!CF`Lwp+-37YoRGovJax8JSg@4JByONpLEK{pWW1r;8n z@O^6F6Mgr`WDgi`j^mz!1@4KIeNrrM34K$r-pw%N0K#r`C^&<23EJWG$nu2xwCdwH zP&jLa5i10gx-SQ};C+0+6G9X)13EH7pjuHq-@GDf4t?PO)&U{#hrpnQh6oz)0V(yV zgv-1JFvy}2?@=@+3T=zpCU&HjUN~U>2Y}b!?rX9@m@JCf!y6Y_&Sc+Nnp>qM-O?z< zxkZo%eJAX?j?u+XLJSg6CXo74Q_f{UD5I+ywcatjWts7%u-O(25Z2>hnUT+#Qsf#! zGbR3)L&>nh(3%kekxO!C3l7R|vSQWAyQv6FIjPk?T11tl%ck;rvAG85_!ss=|4Vh~ z?A|%L7E@Jw@fB_44Ski6CLyt^`h#i+%X%}7Wi>?V9}UrNMNyh1ozF7g>_T}Itrjj1 z_-TFXkky$OR-vx*Uaua@rlSDk)?1z zagR{LyMx=tBev>|dERxR`_kW#x=RhHL>0G9#*wQ+MK^p`%0mj5y_(dBtq15 zJhoi?kDkrooNPFxoJME;_`b(^y~&MjlYm+bye=`@4q%_nn%M-gTkPEiY^pfDyt>s8weLv}yB!_EF=B2d0CzQZSVM1)WhU3&dx_Aag)W$2viUi37$-vQP9$czAe zSf`3kR%)eub~+iZ<$={HDkQ(_UC~f3ipp4b-y1~zG7|9w3^7N;UPYhQo=2jXS+BAz zMZgwYQ^&+HOQ6Jk{yOvni1F$&w1moTQ*`afF1*oJNIlKyB4w4_tNG3Rafc!oJ{A9A z9>Z$(V$OE2X0P47R1v$X7F6&fpS+}yJ*SAiLK5d8zWb3gIC*hG0=2=2jtpL%%UIA#T*k$=Zs}2 z=%&>;O4YHqvN^--yOx?H$i7^YbZtG6&Qt`eB!Nkmuo!#*w|tt)7sH_%b}f1O%G@9s zG4UAQb|JPC{d#lJV`{yOF&RbSA9|efy|ZNy;kNN0^C7VISC8JG($q2PD_bjstb5)60-|!cqZm5gbP60n%(UB3#{4}qh%_YGK{S}vHaet1 zlgBE`&gGJvmmDfd!6?_)I%MO?#Yg;caX$=PTzCr*$TS1T5G#85M=7M0`?UuROJg!6_b$V7(fOfo<$1P_63)d&_30^5z zHI0>!H@`;a8bC~AVVQDTX{?3=qTZI(K&G9APSie0jgwdOo z3l!BP(-{AlL@4Sq8>+s~SE2ek(IIhEXDm&mI>E*+1QV#0WR=QEHa%F>ogC6vy!2r%l)ln8x=@Js;bqY|2L}; zM5WKrP8HN_>jE5Ld?Gt#|!z4Usr z+_BxW{QGCuHeFoxPjm$b(iA#s6es6SIkf%?O-_~BfeJIU`KQ}eWmY8fip+S9Z?Klv zWADa6IFk!4Jq!{j3}5AztnD~fv9uyP^K(`Eopfny`fg`hO$(7GYRGsJ68g8KTsc|Z z3sPL^1SzzJ+L?hSCB6Ek>pq#iqSf@{^V?@c!loI@Y*;Y=B(9&8BRyaqv(+iQ-a`7- zB6|KX$zz0g#SgCVQm`PekL&IDy^9Nof4s8g_;>;?CW<)teMV|LXDkp*tT2o-(Tvgz z3#>LQ@%l=Sex-$J#N8s_gtR z4ei}EZ?2#EygHt~yH{(JBW^BPTGvQFrxnwvUiB zO73GAcKMwR(7rxCVUO_AvMvlzvP%LyTADyP29?QaqOQd6(%NOWbV;*G7j_Z~^J84J zega+445)kaT!C1)#V6??|A zR#BU+r*%NCy0tBqCbzd{A^&}lUjo!-NqcQ3M%MltU`e~ZL0C2)4P~=w)LeW=9XVK8 z#pfT+)~YxBN@`Iro>T*`ULD9P!e$jU&AQTSy*uTxg*Jxe? z&dMZ|C)8+3;R_=kq=xavbC1QfC-fDLzUrGzRN*aZd&{nn*Nx(U*kQLe1prC}$tWMo zVQ8Ki`3!sdd?7++lY9p@nEjqR=|q+sv^_l%C!l6~YTT&WTn_YdYp(?Uj2UUARJWa6 z0Z(vRF}vHGN(p51Ui<0ZY^VepaoNyO&|)=m7E~=8Jq_}r=rFLMt9ZmSb{1^?1KZqD z@T&4-OIN`=`TZ~C#BBUDsHvmC#mB%|@ZUZ*^kp_@!CZSDbQRS3Zcn7pC)(qns+*zz z8H6WJM`6krU|Sj_<(LPj0mBlPw_c*aMyZk)ZL36)jbc@wER_3}jZ&p%-#!QFx=To| z@{ef(wt?m>6!|G~qb$@qbFG^3d)6FLsgfy%^=O{v27{CYuYO6r8(HJ_5mo~8dwB`*7qYj+6GS=SjDyeuX(T>HfXCWR5}3Dg6M5`P z(6TUlnHdAX`t|?)&^Pc+Af-kT(C0qK%KCX4Tc*?Yn0WacwQ0C~)&G-SR+~?PIJ)l{ zYv@RB^mr7B@%hWaX;d8UA2AV(->egHRQl<75Bm$YP~V%!v4;ZT3-27gu-HLtNmz}- z#XjpHY4D37YDB{b`}1<>5o>%NTnQ~IuEM_4aC&41d46a5Ape3LN0RzP|`nXU+iby_M3eN(t z5$-t<-Fh$bi+i|vNG0YBM~?(o^l)3Cc#71Gcad_a+VEm22h{`g-4-NjjrpBSOa)@z z`7Z)a4+{K%rE=w0POO{2k&kpXZM5~S>)lm(VBJc$p@gP92syd-+)S4{)c&n9SS zpdj|pMlkSagC)5z0Ay~cKsS0qC})UZl5iw6>Np<2@*d!p?h*Gwl7eKR{Lhv5UI}=~ z-{p1?P;neT5ccNcxiw^qz*b?R-3Xg{b%hM^g(W7JM5D82g}4tsi&q{eHj<^Iga9v= zH=i8qw7zDt)Otf`(c@fKTy`8D|DUA%2`5^CZoJAH6>c(LFbFDBAbDbZ(G$q*k`;Ck z@CX9vL6Rl|0jhMyQ5OO2g@eIIqN*2D4(((e{1muOJ5VtaD7vMThIdZCq6R~hvK$(+ zDO})b*lhmJQX*&cI!(e1oH`HCsT$BJ3V>JxCesRnj+6NkPBK^%`-_(s6MKQB7h{xv zR{(lPLS~F`#-gfR#Ox`Kx&(rnSa&X`(y?xR_q|Mdh-P>ey5=5>3l_tkOC3RhVj;|> z?-Sl+)uc1C>p*7JXRUlhzfbJ!O$H=` zrr@qZ4~;V;*b1r{(X@s!j=!D{PJi7g+1mU7{;Yam|CqH*9MHv?JT`{*dV`6FzPF*lJI!uiNx=Jy} zK#k!E?Ndl1dFMa=*CsB{L@L@_3lEo@id z-Af1I@rXIg5NMP(W-u&me>Y7MZd+ZGQ@E&@;q|eAN9hl>^^UHZtCnUrLSWvn(3s%w zS--x26{G=yPyqh_Wm^Aa*#B4i{}gTg_ay&a$o+pZ5JUVwWZeqVpkV(A0s7ZN{*9%q H|C#*{bXmJq literal 0 HcmV?d00001 diff --git a/Solutions/Recorded Future Identity/Package/createUiDefinition.json b/Solutions/Recorded Future Identity/Package/createUiDefinition.json index 83d484fa80..3526085340 100644 --- a/Solutions/Recorded Future Identity/Package/createUiDefinition.json +++ b/Solutions/Recorded Future Identity/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\n[Recorded Future](https://www.recordedfuture.com/) Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:\n1. searches for compromised workforce or external customer users\n2. looking up existing users and saving the compromised user data to a Log file\n3. confirming high risk Azure Active Directory (AAD) users\n4. adding a compromised user to an AAD security group\n\nFor more information, see the [Documentation for this Solution](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/Playbooks).\n\nThe playbooks have internal dependencies where you have to install: \n- RecordedFutureIdentity-add-AAD-security-group-user \n- RecordedFutureIdentity-confirm-AAD-risky-user \n- RecordedFutureIdentity-lookup-and-save-user \n\nBefore: \n- RecordedFutureIdentity-search-workforce-user \n- RecordedFutureIdentity-search-external-user.\n\n**Playbooks:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Recorded Future](https://www.recordedfuture.com/) Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:\n1. searches for compromised workforce or external customer users\n2. looking up existing users and saving the compromised user data to a Log file\n3. confirming high risk Azure Active Directory (AAD) users\n4. adding a compromised user to an AAD security group\n\nFor more information, see the [Documentation for this Solution](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/Playbooks).\n\nThe playbooks have internal dependencies where you have to install: \n- RecordedFutureIdentity-add-AAD-security-group-user \n- RecordedFutureIdentity-confirm-AAD-risky-user \n- RecordedFutureIdentity-lookup-and-save-user \n\nBefore: \n- RecordedFutureIdentity-search-workforce-user \n- RecordedFutureIdentity-search-external-user.\n\n**Playbooks:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions", diff --git a/Solutions/Recorded Future Identity/Package/mainTemplate.json b/Solutions/Recorded Future Identity/Package/mainTemplate.json index 7fd20b9547..ead0f62889 100644 --- a/Solutions/Recorded Future Identity/Package/mainTemplate.json +++ b/Solutions/Recorded Future Identity/Package/mainTemplate.json @@ -30,80 +30,79 @@ } }, "variables": { - "solutionId": "recordedfuture1605638642586.recorded_future_identity_sentinel_solution", - "_solutionId": "[variables('solutionId')]", "email": "support@recordedfuture.com", "_email": "[variables('email')]", - "Playbooks": "Playbooks", - "_Playbooks": "[variables('Playbooks')]", + "_solutionName": "Recorded Future Identity", + "_solutionVersion": "3.0.0", + "solutionId": "recordedfuture1605638642586.recorded_future_identity_sentinel_solution", + "_solutionId": "[variables('solutionId')]", + "RecordedFutureIdentity-add-EntraID-security-group-user": "RecordedFutureIdentity-add-EntraID-security-group-user", + "_RecordedFutureIdentity-add-EntraID-security-group-user": "[variables('RecordedFutureIdentity-add-EntraID-security-group-user')]", "playbookVersion1": "1.0", - "playbookContentId1": "Playbooks1", + "playbookContentId1": "RecordedFutureIdentity-add-EntraID-security-group-user", "_playbookContentId1": "[variables('playbookContentId1')]", "playbookId1": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId1'))]", - "playbookTemplateSpecName1": "[concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1')))]", + "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1'))))]", "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", - "blanks": "[replace('b', 'b', '')]", + "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]", + "RecordedFutureIdentity-confirm-EntraID-risky-user": "RecordedFutureIdentity-confirm-EntraID-risky-user", + "_RecordedFutureIdentity-confirm-EntraID-risky-user": "[variables('RecordedFutureIdentity-confirm-EntraID-risky-user')]", "playbookVersion2": "1.0", - "playbookContentId2": "Playbooks2", + "playbookContentId2": "RecordedFutureIdentity-confirm-EntraID-risky-user", "_playbookContentId2": "[variables('playbookContentId2')]", "playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]", - "playbookTemplateSpecName2": "[concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2')))]", + "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))))]", + "_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]", + "RecordedFutureIdentity-lookup-and-save-user": "RecordedFutureIdentity-lookup-and-save-user", + "_RecordedFutureIdentity-lookup-and-save-user": "[variables('RecordedFutureIdentity-lookup-and-save-user')]", "playbookVersion3": "1.0", - "playbookContentId3": "Playbooks3", + "playbookContentId3": "RecordedFutureIdentity-lookup-and-save-user", "_playbookContentId3": "[variables('playbookContentId3')]", "playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]", - "playbookTemplateSpecName3": "[concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3')))]", + "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]", + "_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]", + "RecordedFutureIdentity-search-workforce-user": "RecordedFutureIdentity-search-workforce-user", + "_RecordedFutureIdentity-search-workforce-user": "[variables('RecordedFutureIdentity-search-workforce-user')]", + "TemplateEmptyObject": "[json('{}')]", + "blanks": "[replace('b', 'b', '')]", "playbookVersion4": "1.0", - "playbookContentId4": "Playbooks4", + "playbookContentId4": "RecordedFutureIdentity-search-workforce-user", "_playbookContentId4": "[variables('playbookContentId4')]", "playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]", - "playbookTemplateSpecName4": "[concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4')))]", + "playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))))]", + "_playbookcontentProductId4": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId4'),'-', variables('playbookVersion4'))))]", + "RecordedFutureIdentity-search-external-user": "RecordedFutureIdentity-search-external-user", + "_RecordedFutureIdentity-search-external-user": "[variables('RecordedFutureIdentity-search-external-user')]", "playbookVersion5": "1.0", - "playbookContentId5": "Playbooks5", + "playbookContentId5": "RecordedFutureIdentity-search-external-user", "_playbookContentId5": "[variables('playbookContentId5')]", "playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]", - "playbookTemplateSpecName5": "[concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5')))]" + "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))))]", + "_playbookcontentProductId5": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId5'),'-', variables('playbookVersion5'))))]", + "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" }, "resources": [ { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2021-05-01", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", "name": "[variables('playbookTemplateSpecName1')]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Playbook" - }, - "properties": { - "description": "RecordedFutureIdentity-add-AAD-security-group-user playbook", - "displayName": "RecordedFutureIdentity-add-AAD-security-group-user playbook" - } - }, - { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2021-05-01", - "name": "[concat(variables('playbookTemplateSpecName1'),'/',variables('playbookVersion1'))]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Playbook" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('playbookTemplateSpecName1'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureIdentity-add-AAD-security-group-user Playbook with template version 2.0.0", + "description": "RFI-add-EntraID-security-group-user Playbook with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion1')]", "parameters": { "PlaybookName": { - "defaultValue": "RecordedFutureIdentity-add-AAD-security-group-user", + "defaultValue": "RFI-add-EntraID-security-group-user", "type": "string" } }, "variables": { - "AzureADConnectionName": "[[concat('azuread-', parameters('PlaybookName'))]", + "EntraIDConnectionName": "[[concat('EntraID-', parameters('PlaybookName'))]", "connection-2": "[[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',variables('workspace-location-inline'),'/managedApis/azuread')]", "_connection-2": "[[variables('connection-2')]", "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", @@ -117,7 +116,7 @@ "name": "[[parameters('PlaybookName')]", "location": "[[variables('workspace-location-inline')]", "dependsOn": [ - "[[resourceId('Microsoft.Web/connections', variables('AzureADConnectionName'))]" + "[[resourceId('Microsoft.Web/connections', variables('EntraIDConnectionName'))]" ], "properties": { "state": "Enabled", @@ -441,8 +440,8 @@ "$connections": { "value": { "azuread": { - "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureADConnectionName'))]", - "connectionName": "[[variables('AzureADConnectionName')]", + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('EntraIDConnectionName'))]", + "connectionName": "[[variables('EntraIDConnectionName')]", "id": "[[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',variables('workspace-location-inline'),'/managedApis/azuread')]" } } @@ -456,13 +455,13 @@ { "type": "Microsoft.Web/connections", "apiVersion": "2018-07-01-preview", - "name": "[[variables('AzureADConnectionName')]", + "name": "[[variables('EntraIDConnectionName')]", "location": "[[variables('workspace-location-inline')]", "properties": { "api": { "id": "[[variables('_connection-2')]" }, - "displayName": "[[variables('AzureADConnectionName')]" + "displayName": "[[variables('EntraIDonnectionName')]" } }, { @@ -493,63 +492,65 @@ } ], "metadata": { - "title": "RecordedFutureIdentity-add-AAD-security-group-user", - "description": "This playbook adds a compromised user to an AAD security group. Triage and remediation should be handled in follow up playbooks or actions.", - "lastUpdateTime": "2022-09-09T00:00:00Z", + "title": "RecordedFutureIdentity-add-EntraID-security-group-user", + "description": "This playbook adds a compromised user to an EntraID security group. Triage and remediation should be handled in follow up playbooks or actions.", + "lastUpdateTime": "2024-04-15T00:00:00Z", "tags": [ "Identity protection" ], - "releaseNotes": { - "version": "1.0", - "title": "[variables('blanks')]", - "notes": [ - "Initial version" - ] - } + "releaseNotes": [ + { + "version": "1.0", + "title": "Initial version", + "notes": [ + "Initial version" + ] + }, + { + "version": "1.1", + "title": "Updates", + "notes": [ + "Solution update." + ] + } + ] } - } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId1')]", + "contentKind": "Playbook", + "displayName": "RFI-add-EntraID-security-group-user", + "contentProductId": "[variables('_playbookcontentProductId1')]", + "id": "[variables('_playbookcontentProductId1')]", + "version": "[variables('playbookVersion1')]" } }, { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2021-05-01", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", "name": "[variables('playbookTemplateSpecName2')]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Playbook" - }, - "properties": { - "description": "RecordedFutureIdentity-confirm-AAD-risky-user playbook", - "displayName": "RecordedFutureIdentity-confirm-AAD-risky-user playbook" - } - }, - { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2021-05-01", - "name": "[concat(variables('playbookTemplateSpecName2'),'/',variables('playbookVersion2'))]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Playbook" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('playbookTemplateSpecName2'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureIdentity-confirm-AAD-risky-user Playbook with template version 2.0.0", + "description": "RFI-confirm-EntraID-risky-user Playbook with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion2')]", "parameters": { "PlaybookName": { - "defaultValue": "RecordedFutureIdentity-confirm-AAD-risky-user", + "defaultValue": "RFI-confirm-EntraID-risky-user", "type": "string" } }, "variables": { - "AzureADConnectionName": "[[concat('azuread-', parameters('PlaybookName'))]", - "AzureADIdentityProtectionConnectionName": "[[concat('azureadip-', parameters('PlaybookName'))]", + "EntraIDConnectionName": "[[concat('EntraID-', parameters('PlaybookName'))]", + "EntraIDIdentityProtectionConnectionName": "[[concat('EntraIDip-', parameters('PlaybookName'))]", "connection-2": "[[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',variables('workspace-location-inline'),'/managedApis/azuread')]", "_connection-2": "[[variables('connection-2')]", "connection-3": "[[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',variables('workspace-location-inline'),'/managedApis/azureadip')]", @@ -565,8 +566,8 @@ "name": "[[parameters('PlaybookName')]", "location": "[[variables('workspace-location-inline')]", "dependsOn": [ - "[[resourceId('Microsoft.Web/connections', variables('AzureADConnectionName'))]", - "[[resourceId('Microsoft.Web/connections', variables('AzureADIdentityProtectionConnectionName'))]" + "[[resourceId('Microsoft.Web/connections', variables('EntraIDConnectionName'))]", + "[[resourceId('Microsoft.Web/connections', variables('EntraIDIdentityProtectionConnectionName'))]" ], "properties": { "state": "Enabled", @@ -902,13 +903,13 @@ "$connections": { "value": { "azuread": { - "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureADConnectionName'))]", - "connectionName": "[[variables('AzureADConnectionName')]", + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('EntraIDConnectionName'))]", + "connectionName": "[[variables('EntraIDConnectionName')]", "id": "[[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',variables('workspace-location-inline'),'/managedApis/azuread')]" }, "azureadip": { - "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureADIdentityProtectionConnectionName'))]", - "connectionName": "[[variables('AzureADIdentityProtectionConnectionName')]", + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('EntraIDIdentityProtectionConnectionName'))]", + "connectionName": "[[variables('EntraIDIdentityProtectionConnectionName')]", "id": "[[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',variables('workspace-location-inline'),'/managedApis/azureadip')]" } } @@ -922,25 +923,25 @@ { "type": "Microsoft.Web/connections", "apiVersion": "2018-07-01-preview", - "name": "[[variables('AzureADConnectionName')]", + "name": "[[variables('EntraIDConnectionName')]", "location": "[[variables('workspace-location-inline')]", "properties": { "api": { "id": "[[variables('_connection-2')]" }, - "displayName": "[[variables('AzureADConnectionName')]" + "displayName": "[[variables('EntraIDConnectionName')]" } }, { "type": "Microsoft.Web/connections", "apiVersion": "2018-07-01-preview", - "name": "[[variables('AzureADIdentityProtectionConnectionName')]", + "name": "[[variables('EntraIDIdentityProtectionConnectionName')]", "location": "[[variables('workspace-location-inline')]", "properties": { "api": { "id": "[[variables('_connection-3')]" }, - "displayName": "[[variables('AzureADIdentityProtectionConnectionName')]" + "displayName": "[[variables('EntraIDIdentityProtectionConnectionName')]" } }, { @@ -971,57 +972,59 @@ } ], "metadata": { - "title": "RecordedFutureIdentity-confirm-AAD-risky-user", - "description": "This playbook confirms compromise of users deemed 'high risk' by AAD.", - "lastUpdateTime": "2022-09-09T00:00:00Z", + "title": "RecordedFutureIdentity-confirm-EntraID-risky-user", + "description": "This playbook confirms compromise of users deemed 'high risk' by EntraID.", + "lastUpdateTime": "2024-04-15T00:00:00Z", "tags": [ "Identity protection" ], - "releaseNotes": { - "version": "1.0", - "title": "[variables('blanks')]", - "notes": [ - "Initial version" - ] - } + "releaseNotes": [ + { + "version": "1.0", + "title": "Initial version", + "notes": [ + "Initial version" + ] + }, + { + "version": "1.1", + "title": "Updates", + "notes": [ + "Solution update." + ] + } + ] } - } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId2')]", + "contentKind": "Playbook", + "displayName": "RFI-confirm-EntraID-risky-user", + "contentProductId": "[variables('_playbookcontentProductId2')]", + "id": "[variables('_playbookcontentProductId2')]", + "version": "[variables('playbookVersion2')]" } }, { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2021-05-01", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", "name": "[variables('playbookTemplateSpecName3')]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Playbook" - }, - "properties": { - "description": "RecordedFutureIdentity-lookup-and-save-user playbook", - "displayName": "RecordedFutureIdentity-lookup-and-save-user playbook" - } - }, - { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2021-05-01", - "name": "[concat(variables('playbookTemplateSpecName3'),'/',variables('playbookVersion3'))]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Playbook" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('playbookTemplateSpecName3'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureIdentity-lookup-and-save-user Playbook with template version 2.0.0", + "description": "RFI-lookup-and-save-user Playbook with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion3')]", "parameters": { "PlaybookName": { - "defaultValue": "RecordedFutureIdentity-lookup-and-save-user", + "defaultValue": "RFI-lookup-and-save-user", "type": "string" } }, @@ -1407,67 +1410,69 @@ "metadata": { "title": "RecordedFutureIdentity-lookup-and-save-user", "description": "This playbook gets compromise identity details from Recorded Future Identity Intelligence and saves the data for further review and analysis.", - "lastUpdateTime": "2022-09-15T00:00:00Z", + "lastUpdateTime": "2024-04-15T00:00:00Z", "tags": [ "Identity protection" ], - "releaseNotes": { - "version": "1.0", - "title": "[variables('blanks')]", - "notes": [ - "Initial version" - ] - } + "releaseNotes": [ + { + "version": "1.0", + "title": "Initial version", + "notes": [ + "Initial version" + ] + }, + { + "version": "1.1", + "title": "Updates", + "notes": [ + "Solution update." + ] + } + ] } - } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId3')]", + "contentKind": "Playbook", + "displayName": "RFI-lookup-and-save-user", + "contentProductId": "[variables('_playbookcontentProductId3')]", + "id": "[variables('_playbookcontentProductId3')]", + "version": "[variables('playbookVersion3')]" } }, { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2021-05-01", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", "name": "[variables('playbookTemplateSpecName4')]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Playbook" - }, - "properties": { - "description": "RecordedFutureIdentity-search-workforce-user playbook", - "displayName": "RecordedFutureIdentity-search-workforce-user playbook" - } - }, - { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2021-05-01", - "name": "[concat(variables('playbookTemplateSpecName4'),'/',variables('playbookVersion4'))]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Playbook" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('playbookTemplateSpecName4'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureIdentity-search-workforce-user Playbook with template version 2.0.0", + "description": "RFI-search-workforce-user Playbook with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion4')]", "parameters": { "PlaybookName": { - "defaultValue": "RecordedFutureIdentity-search-workforce-user", + "defaultValue": "RFI-search-workforce-user", "type": "string" }, - "Playbook-Name-add-AAD-security-group-user": { - "defaultValue": "RecordedFutureIdentity-add-AAD-security-group-user", + "Playbook-Name-add-EntraID-security-group-user": { + "defaultValue": "RFI-add-EntraID-security-group-user", "type": "string" }, "Playbook-Name-lookup-and-save-user": { - "defaultValue": "RecordedFutureIdentity-lookup-and-save-user", + "defaultValue": "RFI-lookup-and-save-user", "type": "string" }, - "Playbook-Name-confirm-AAD-risky-user": { - "defaultValue": "RecordedFutureIdentity-confirm-AAD-risky-user", + "Playbook-Name-confirm-EntraID-risky-user": { + "defaultValue": "RFI-confirm-EntraID-risky-user", "type": "string" } }, @@ -1732,10 +1737,10 @@ "Current_time": { "type": "Expression", "kind": "CurrentTime", - "inputs": {}, + "inputs": "[variables('TemplateEmptyObject')]", "description": "This block is needed only to create 3 branches in this For each loop." }, - "RecordedFutureIdentity-add-AAD-security-group-user": { + "RecordedFutureIdentity-add-EntraID-security-group-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -1754,7 +1759,7 @@ "host": { "triggerName": "manual", "workflow": { - "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-add-AAD-security-group-user'))]" + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-add-EntraID-security-group-user'))]" } } } @@ -1783,7 +1788,7 @@ } } }, - "RecordedFutureIdentity-confirm-AAD-risky-user": { + "RecordedFutureIdentity-confirm-EntraID-risky-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -1801,7 +1806,7 @@ "host": { "triggerName": "manual", "workflow": { - "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-confirm-AAD-risky-user'))]" + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-confirm-EntraID-risky-user'))]" } } } @@ -1951,7 +1956,7 @@ "resourcegroups": "RF", "resourcename": "RF-log-analyitics", "resourcetype": "Log Analytics Workspace", - "subscriptions": "5129b3ff-c0c6-4e86-bd1c-70e5fcd579cf", + "subscriptions": "@subscription().subscriptionId", "timerange": "@{formatDateTime(addDays(utcNow(), parameters('search_lookback_days')), 'yyyy-MM-dd')}" } } @@ -1976,7 +1981,7 @@ "resourcegroups": "RF", "resourcename": "RF-log-analyitics", "resourcetype": "Log Analytics Workspace", - "subscriptions": "5129b3ff-c0c6-4e86-bd1c-70e5fcd579cf", + "subscriptions": "@subscription().subscriptionId", "timerange": "@{formatDateTime(addDays(utcNow(), parameters('search_lookback_days')), 'yyyy-MM-dd')}" } } @@ -2136,68 +2141,70 @@ ], "metadata": { "title": "RecordedFutureIdentity-search-workforce-user", - "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised workforce users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-AAD-security-group-user\n- RecordedFutureIdentity-confirm-AAD-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2022-09-15T00:00:00Z", + "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised workforce users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-EntraID-security-group-user\n- RecordedFutureIdentity-confirm-EntraID-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", + "lastUpdateTime": "2024-04-15T00:00:00Z", "tags": [ "Identity protection" ], - "releaseNotes": { - "version": "1.0", - "title": "[variables('blanks')]", - "notes": [ - "Initial version" - ] - } + "releaseNotes": [ + { + "version": "1.0", + "title": "Initial version", + "notes": [ + "Initial version" + ] + }, + { + "version": "1.1", + "title": "Updates", + "notes": [ + "Added subscriptionId as a parameter and updated solution to match V3." + ] + } + ] } - } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId4')]", + "contentKind": "Playbook", + "displayName": "RFI-search-workforce-user", + "contentProductId": "[variables('_playbookcontentProductId4')]", + "id": "[variables('_playbookcontentProductId4')]", + "version": "[variables('playbookVersion4')]" } }, { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2021-05-01", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", "name": "[variables('playbookTemplateSpecName5')]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Playbook" - }, - "properties": { - "description": "RecordedFutureIdentity-search-external-user playbook", - "displayName": "RecordedFutureIdentity-search-external-user playbook" - } - }, - { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2021-05-01", - "name": "[concat(variables('playbookTemplateSpecName5'),'/',variables('playbookVersion5'))]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Playbook" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('playbookTemplateSpecName5'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureIdentity-search-external-user Playbook with template version 2.0.0", + "description": "RFI-search-external-user Playbook with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion5')]", "parameters": { "PlaybookName": { - "defaultValue": "RecordedFutureIdentity-search-external-user", + "defaultValue": "RFI-search-external-user", "type": "string" }, - "Playbook-Name-add-AAD-security-group-user": { - "defaultValue": "RecordedFutureIdentity-add-AAD-security-group-user", + "Playbook-Name-add-EntraID-security-group-user": { + "defaultValue": "RFI-add-EntraID-security-group-user", "type": "string" }, "Playbook-Name-lookup-and-save-user": { - "defaultValue": "RecordedFutureIdentity-lookup-and-save-user", + "defaultValue": "RFI-lookup-and-save-user", "type": "string" }, - "Playbook-Name-confirm-AAD-risky-user": { - "defaultValue": "RecordedFutureIdentity-confirm-AAD-risky-user", + "Playbook-Name-confirm-EntraID-risky-user": { + "defaultValue": "RFI-confirm-EntraID-risky-user", "type": "string" } }, @@ -2372,10 +2379,10 @@ "Current_time": { "type": "Expression", "kind": "CurrentTime", - "inputs": {}, + "inputs": "[variables('TemplateEmptyObject')]", "description": "This block is needed only to create 3 branches in this For each loop." }, - "RecordedFutureIdentity-add-AAD-security-group-user": { + "RecordedFutureIdentity-add-EntraID-security-group-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -2394,12 +2401,12 @@ "host": { "triggerName": "manual", "workflow": { - "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-add-AAD-security-group-user'))]" + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-add-EntraID-security-group-user'))]" } } } }, - "RecordedFutureIdentity-confirm-AAD-risky-user": { + "RecordedFutureIdentity-confirm-EntraID-risky-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -2417,7 +2424,7 @@ "host": { "triggerName": "manual", "workflow": { - "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-confirm-AAD-risky-user'))]" + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-confirm-EntraID-risky-user'))]" } } } @@ -2533,7 +2540,7 @@ "resourcegroups": "RF", "resourcename": "RF-log-analyitics", "resourcetype": "Log Analytics Workspace", - "subscriptions": "5129b3ff-c0c6-4e86-bd1c-70e5fcd579cf", + "subscriptions": "@subscription().subscriptionId", "timerange": "@{formatDateTime(addDays(utcNow(), parameters('search_lookback_days')), 'yyyy-MM-dd')}" } } @@ -2662,31 +2669,57 @@ ], "metadata": { "title": "RecordedFutureIdentity-search-external-user", - "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-AAD-security-group-user\n- RecordedFutureIdentity-confirm-AAD-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2022-09-15T00:00:00Z", + "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-EntraID-security-group-user\n- RecordedFutureIdentity-confirm-EntraID-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", + "lastUpdateTime": "2024-04-15T00:00:00Z", "tags": [ "Identity protection" ], - "releaseNotes": { - "version": "1.0", - "title": "[variables('blanks')]", - "notes": [ - "Initial version" - ] - } + "releaseNotes": [ + { + "version": "1.0", + "title": "Initial version", + "notes": [ + "Initial version" + ] + }, + { + "version": "1.1", + "title": "Updates", + "notes": [ + "Added subscriptionId as a parameter and updated solution to match V3." + ] + } + ] } - } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId5')]", + "contentKind": "Playbook", + "displayName": "RFI-search-external-user", + "contentProductId": "[variables('_playbookcontentProductId5')]", + "id": "[variables('_playbookcontentProductId5')]", + "version": "[variables('playbookVersion5')]" } }, { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", + "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]", "properties": { - "version": "2.0.0", + "version": "3.0.0", "kind": "Solution", - "contentSchemaVersion": "2.0.0", + "contentSchemaVersion": "3.0.0", + "displayName": "Recorded Future Identity", + "publisherDisplayName": "Recorded Future Support Team", + "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

• Review the solution Release Notes

\n

• There may be known issues pertaining to this Solution, please refer to them before installing.

\n

Recorded Future Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:

\n
    \n
  1. searches for compromised workforce or external customer users
    2. \n
  2. looking up existing users and saving the compromised user data to a Log file
    3. \n
  3. confirming high risk Azure Active Directory (AAD) users
    4. \n
  4. adding a compromised user to an AAD security group
    5. \n
\n

For more information, see the Documentation for this Solution.

\n

The playbooks have internal dependencies where you have to install:

\n
    \n
  • RecordedFutureIdentity-add-AAD-security-group-user
    • \n
  • RecordedFutureIdentity-confirm-AAD-risky-user
    • \n
  • RecordedFutureIdentity-lookup-and-save-user
    • \n
\n

Before:

\n
    \n
  • RecordedFutureIdentity-search-workforce-user
    • \n
  • RecordedFutureIdentity-search-external-user.
    • \n
\n

Playbooks: 5

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "contentKind": "Solution", + "contentProductId": "[variables('_solutioncontentProductId')]", + "id": "[variables('_solutioncontentProductId')]", + "icon": "", "contentId": "[variables('_solutionId')]", "parentId": "[variables('_solutionId')]", "source": { @@ -2709,27 +2742,27 @@ "criteria": [ { "kind": "Playbook", - "contentId": "[variables('_Playbooks')]", + "contentId": "[variables('_RecordedFutureIdentity-add-EntraID-security-group-user')]", "version": "[variables('playbookVersion1')]" }, { "kind": "Playbook", - "contentId": "[variables('_Playbooks')]", + "contentId": "[variables('_RecordedFutureIdentity-confirm-EntraID-risky-user')]", "version": "[variables('playbookVersion2')]" }, { "kind": "Playbook", - "contentId": "[variables('_Playbooks')]", + "contentId": "[variables('_RecordedFutureIdentity-lookup-and-save-user')]", "version": "[variables('playbookVersion3')]" }, { "kind": "Playbook", - "contentId": "[variables('_Playbooks')]", + "contentId": "[variables('_RecordedFutureIdentity-search-workforce-user')]", "version": "[variables('playbookVersion4')]" }, { "kind": "Playbook", - "contentId": "[variables('_Playbooks')]", + "contentId": "[variables('_RecordedFutureIdentity-search-external-user')]", "version": "[variables('playbookVersion5')]" } ] @@ -2745,7 +2778,8 @@ "Identity" ] } - } + }, + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]" } ], "outputs": {} diff --git a/Solutions/Recorded Future Identity/Package/testParameters.json b/Solutions/Recorded Future Identity/Package/testParameters.json new file mode 100644 index 0000000000..e55ec41a9a --- /dev/null +++ b/Solutions/Recorded Future Identity/Package/testParameters.json @@ -0,0 +1,24 @@ +{ + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + } +} diff --git a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-add-AAD-security-group-user.json b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-add-EntraID-security-group-user/azuredeploy.json similarity index 94% rename from Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-add-AAD-security-group-user.json rename to Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-add-EntraID-security-group-user/azuredeploy.json index da05d9e9a2..4a0dbc6228 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-add-AAD-security-group-user.json +++ b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-add-EntraID-security-group-user/azuredeploy.json @@ -2,26 +2,38 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { - "title": "RecordedFutureIdentity-add-AAD-security-group-user", - "description": "This playbook adds a compromised user to an AAD security group. Triage and remediation should be handled in follow up playbooks or actions.", - "lastUpdateTime": "2022-09-09T00:00:00.000Z", + "title": "RecordedFutureIdentity-add-EntraID-security-group-user", + "description": "This playbook adds a compromised user to an EntraID security group. Triage and remediation should be handled in follow up playbooks or actions.", + "lastUpdateTime": "2024-04-15T00:00:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { - "tier": "developer" + "tier": "Partner" }, "author": { - "name": "Dmytro Branitskyi, Recorded Future (support@recordedfuture.com)" - } + "name": "Recorded Future" + }, + "releaseNotes": [ + { + "version": "1.0", + "title": "Initial version", + "notes": [ "Initial version" ] + }, + { + "version": "1.1", + "title": "Updates", + "notes": [ "Solution update." ] + } + ] }, "parameters": { "PlaybookName": { - "defaultValue": "RecordedFutureIdentity-add-AAD-security-group-user", + "defaultValue": "RFI-add-EntraID-security-group-user", "type": "string" } }, "variables": { - "AzureADConnectionName": "[concat('azuread-', parameters('PlaybookName'))]" + "EntraIDConnectionName": "[concat('EntraID-', parameters('PlaybookName'))]" }, "resources": [ { @@ -30,7 +42,7 @@ "name": "[parameters('PlaybookName')]", "location": "[resourceGroup().location]", "dependsOn": [ - "[resourceId('Microsoft.Web/connections', variables('AzureADConnectionName'))]" + "[resourceId('Microsoft.Web/connections', variables('EntraIDConnectionName'))]" ], "properties": { "state": "Enabled", @@ -359,8 +371,8 @@ "$connections": { "value": { "azuread": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureADConnectionName'))]", - "connectionName": "[variables('AzureADConnectionName')]", + "connectionId": "[resourceId('Microsoft.Web/connections', variables('EntraIDConnectionName'))]", + "connectionName": "[variables('EntraIDConnectionName')]", "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azuread')]" } } @@ -371,13 +383,13 @@ { "type": "Microsoft.Web/connections", "apiVersion": "2018-07-01-preview", - "name": "[variables('AzureADConnectionName')]", + "name": "[variables('EntraIDConnectionName')]", "location": "[resourceGroup().location]", "properties": { "api": { "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azuread')]" }, - "displayName": "[variables('AzureADConnectionName')]" + "displayName": "[variables('EntraIDonnectionName')]" } } ] diff --git a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-confirm-AAD-risky-user.json b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-confirm-EntraID-risky-user/azuredeploy.json similarity index 93% rename from Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-confirm-AAD-risky-user.json rename to Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-confirm-EntraID-risky-user/azuredeploy.json index eab23a55d3..c88f666e82 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-confirm-AAD-risky-user.json +++ b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-confirm-EntraID-risky-user/azuredeploy.json @@ -2,27 +2,39 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { - "title": "RecordedFutureIdentity-confirm-AAD-risky-user", - "description": "This playbook confirms compromise of users deemed 'high risk' by AAD.", - "lastUpdateTime": "2022-09-09T00:00:00.000Z", + "title": "RecordedFutureIdentity-confirm-EntraID-risky-user", + "description": "This playbook confirms compromise of users deemed 'high risk' by EntraID.", + "lastUpdateTime": "2024-04-15T00:00:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { - "tier": "developer" + "tier": "Partner" }, "author": { - "name": "Dmytro Branitskyi, Recorded Future (support@recordedfuture.com)" - } + "name": "Recorded Future" + }, + "releaseNotes": [ + { + "version": "1.0", + "title": "Initial version", + "notes": [ "Initial version" ] + }, + { + "version": "1.1", + "title": "Updates", + "notes": [ "Solution update." ] + } + ] }, "parameters": { "PlaybookName": { - "defaultValue": "RecordedFutureIdentity-confirm-AAD-risky-user", + "defaultValue": "RFI-confirm-EntraID-risky-user", "type": "string" } }, "variables": { - "AzureADConnectionName": "[concat('azuread-', parameters('PlaybookName'))]", - "AzureADIdentityProtectionConnectionName": "[concat('azureadip-', parameters('PlaybookName'))]" + "EntraIDConnectionName": "[concat('EntraID-', parameters('PlaybookName'))]", + "EntraIDIdentityProtectionConnectionName": "[concat('EntraIDip-', parameters('PlaybookName'))]" }, "resources": [ { @@ -31,8 +43,8 @@ "name": "[parameters('PlaybookName')]", "location": "[resourceGroup().location]", "dependsOn": [ - "[resourceId('Microsoft.Web/connections', variables('AzureADConnectionName'))]", - "[resourceId('Microsoft.Web/connections', variables('AzureADIdentityProtectionConnectionName'))]" + "[resourceId('Microsoft.Web/connections', variables('EntraIDConnectionName'))]", + "[resourceId('Microsoft.Web/connections', variables('EntraIDIdentityProtectionConnectionName'))]" ], "properties": { "state": "Enabled", @@ -375,13 +387,13 @@ "$connections": { "value": { "azuread": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureADConnectionName'))]", - "connectionName": "[variables('AzureADConnectionName')]", + "connectionId": "[resourceId('Microsoft.Web/connections', variables('EntraIDConnectionName'))]", + "connectionName": "[variables('EntraIDConnectionName')]", "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azuread')]" }, "azureadip": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureADIdentityProtectionConnectionName'))]", - "connectionName": "[variables('AzureADIdentityProtectionConnectionName')]", + "connectionId": "[resourceId('Microsoft.Web/connections', variables('EntraIDIdentityProtectionConnectionName'))]", + "connectionName": "[variables('EntraIDIdentityProtectionConnectionName')]", "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azureadip')]" } } @@ -392,25 +404,25 @@ { "type": "Microsoft.Web/connections", "apiVersion": "2018-07-01-preview", - "name": "[variables('AzureADConnectionName')]", + "name": "[variables('EntraIDConnectionName')]", "location": "[resourceGroup().location]", "properties": { "api": { "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azuread')]" }, - "displayName": "[variables('AzureADConnectionName')]" + "displayName": "[variables('EntraIDConnectionName')]" } }, { "type": "Microsoft.Web/connections", "apiVersion": "2018-07-01-preview", - "name": "[variables('AzureADIdentityProtectionConnectionName')]", + "name": "[variables('EntraIDIdentityProtectionConnectionName')]", "location": "[resourceGroup().location]", "properties": { "api": { "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azureadip')]" }, - "displayName": "[variables('AzureADIdentityProtectionConnectionName')]" + "displayName": "[variables('EntraIDIdentityProtectionConnectionName')]" } } ] diff --git a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-lookup-and-save-user.json b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-lookup-and-save-user/azuredeploy.json similarity index 97% rename from Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-lookup-and-save-user.json rename to Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-lookup-and-save-user/azuredeploy.json index 4c9e4928e1..e5ef4c7850 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-lookup-and-save-user.json +++ b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-lookup-and-save-user/azuredeploy.json @@ -4,19 +4,31 @@ "metadata": { "title": "RecordedFutureIdentity-lookup-and-save-user", "description": "This playbook gets compromise identity details from Recorded Future Identity Intelligence and saves the data for further review and analysis.", - "lastUpdateTime": "2022-09-09T00:00:00.000Z", + "lastUpdateTime": "2024-04-15T00:00:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { - "tier": "developer" + "tier": "Partner" }, "author": { - "name": "Dmytro Branitskyi, Recorded Future (support@recordedfuture.com)" - } + "name": "Recorded Future" + }, + "releaseNotes": [ + { + "version": "1.0", + "title": "Initial version", + "notes": [ "Initial version" ] + }, + { + "version": "1.1", + "title": "Updates", + "notes": [ "Solution update." ] + } + ] }, "parameters": { "PlaybookName": { - "defaultValue": "RecordedFutureIdentity-lookup-and-save-user", + "defaultValue": "RFI-lookup-and-save-user", "type": "string" } }, diff --git a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-external-user.json b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-external-user/azuredeploy.json similarity index 94% rename from Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-external-user.json rename to Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-external-user/azuredeploy.json index 30b991ec9c..229e1d2b7f 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-external-user.json +++ b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-external-user/azuredeploy.json @@ -3,32 +3,44 @@ "contentVersion": "1.0.0.0", "metadata": { "title": "RecordedFutureIdentity-search-external-user", - "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-AAD-security-group-user\n- RecordedFutureIdentity-confirm-AAD-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2022-09-14T00:00:00.000Z", + "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-EntraID-security-group-user\n- RecordedFutureIdentity-confirm-EntraID-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", + "lastUpdateTime": "2024-04-15T00:00:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { - "tier": "developer" + "tier": "Partner" }, "author": { - "name": "Dmytro Branitskyi, Recorded Future (support@recordedfuture.com)" - } + "name": "Recorded Future" + }, + "releaseNotes": [ + { + "version": "1.0", + "title": "Initial version", + "notes": [ "Initial version" ] + }, + { + "version": "1.1", + "title": "Updates", + "notes": [ "Added subscriptionId as a parameter and updated solution to match V3." ] + } + ] }, "parameters": { "PlaybookName": { - "defaultValue": "RecordedFutureIdentity-search-external-user", + "defaultValue": "RFI-search-external-user", "type": "string" }, - "Playbook-Name-add-AAD-security-group-user": { - "defaultValue": "RecordedFutureIdentity-add-AAD-security-group-user", + "Playbook-Name-add-EntraID-security-group-user": { + "defaultValue": "RFI-add-EntraID-security-group-user", "type": "string" }, "Playbook-Name-lookup-and-save-user": { - "defaultValue": "RecordedFutureIdentity-lookup-and-save-user", + "defaultValue": "RFI-lookup-and-save-user", "type": "string" }, - "Playbook-Name-confirm-AAD-risky-user": { - "defaultValue": "RecordedFutureIdentity-confirm-AAD-risky-user", + "Playbook-Name-confirm-EntraID-risky-user": { + "defaultValue": "RFI-confirm-EntraID-risky-user", "type": "string" } }, @@ -203,7 +215,7 @@ "inputs": {}, "description": "This block is needed only to create 3 branches in this For each loop." }, - "RecordedFutureIdentity-add-AAD-security-group-user": { + "RecordedFutureIdentity-add-EntraID-security-group-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -222,12 +234,12 @@ "host": { "triggerName": "manual", "workflow": { - "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-add-AAD-security-group-user'))]" + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-add-EntraID-security-group-user'))]" } } } }, - "RecordedFutureIdentity-confirm-AAD-risky-user": { + "RecordedFutureIdentity-confirm-EntraID-risky-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -245,7 +257,7 @@ "host": { "triggerName": "manual", "workflow": { - "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-confirm-AAD-risky-user'))]" + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-confirm-EntraID-risky-user'))]" } } } @@ -361,7 +373,7 @@ "resourcegroups": "RF", "resourcename": "RF-log-analyitics", "resourcetype": "Log Analytics Workspace", - "subscriptions": "5129b3ff-c0c6-4e86-bd1c-70e5fcd579cf", + "subscriptions": "@subscription().subscriptionId", "timerange": "@{formatDateTime(addDays(utcNow(), parameters('search_lookback_days')), 'yyyy-MM-dd')}" } } diff --git a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-workforce-user.json b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-workforce-user/azuredeploy.json similarity index 95% rename from Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-workforce-user.json rename to Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-workforce-user/azuredeploy.json index c749ae30ea..9c384f9739 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-workforce-user.json +++ b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-workforce-user/azuredeploy.json @@ -3,32 +3,44 @@ "contentVersion": "1.0.0.0", "metadata": { "title": "RecordedFutureIdentity-search-workforce-user", - "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised workforce users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-AAD-security-group-user\n- RecordedFutureIdentity-confirm-AAD-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2022-09-14T00:00:00.000Z", + "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised workforce users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-EntraID-security-group-user\n- RecordedFutureIdentity-confirm-EntraID-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", + "lastUpdateTime": "2024-04-15T00:00:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { - "tier": "developer" + "tier": "Partner" }, "author": { - "name": "Dmytro Branitskyi, Recorded Future (support@recordedfuture.com)" - } + "name": "Recorded Future" + }, + "releaseNotes": [ + { + "version": "1.0", + "title": "Initial version", + "notes": [ "Initial version" ] + }, + { + "version": "1.1", + "title": "Updates", + "notes": [ "Added subscriptionId as a parameter and updated solution to match V3." ] + } + ] }, "parameters": { "PlaybookName": { - "defaultValue": "RecordedFutureIdentity-search-workforce-user", + "defaultValue": "RFI-search-workforce-user", "type": "string" }, - "Playbook-Name-add-AAD-security-group-user": { - "defaultValue": "RecordedFutureIdentity-add-AAD-security-group-user", + "Playbook-Name-add-EntraID-security-group-user": { + "defaultValue": "RFI-add-EntraID-security-group-user", "type": "string" }, "Playbook-Name-lookup-and-save-user": { - "defaultValue": "RecordedFutureIdentity-lookup-and-save-user", + "defaultValue": "RFI-lookup-and-save-user", "type": "string" }, - "Playbook-Name-confirm-AAD-risky-user": { - "defaultValue": "RecordedFutureIdentity-confirm-AAD-risky-user", + "Playbook-Name-confirm-EntraID-risky-user": { + "defaultValue": "RFI-confirm-EntraID-risky-user", "type": "string" } }, @@ -297,7 +309,7 @@ "inputs": {}, "description": "This block is needed only to create 3 branches in this For each loop." }, - "RecordedFutureIdentity-add-AAD-security-group-user": { + "RecordedFutureIdentity-add-EntraID-security-group-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -316,7 +328,7 @@ "host": { "triggerName": "manual", "workflow": { - "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-add-AAD-security-group-user'))]" + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-add-EntraID-security-group-user'))]" } } } @@ -345,7 +357,7 @@ } } }, - "RecordedFutureIdentity-confirm-AAD-risky-user": { + "RecordedFutureIdentity-confirm-EntraID-risky-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -363,7 +375,7 @@ "host": { "triggerName": "manual", "workflow": { - "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-confirm-AAD-risky-user'))]" + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-confirm-EntraID-risky-user'))]" } } } @@ -513,7 +525,7 @@ "resourcegroups": "RF", "resourcename": "RF-log-analyitics", "resourcetype": "Log Analytics Workspace", - "subscriptions": "5129b3ff-c0c6-4e86-bd1c-70e5fcd579cf", + "subscriptions": "@subscription().subscriptionId", "timerange": "@{formatDateTime(addDays(utcNow(), parameters('search_lookback_days')), 'yyyy-MM-dd')}" } } @@ -538,7 +550,7 @@ "resourcegroups": "RF", "resourcename": "RF-log-analyitics", "resourcetype": "Log Analytics Workspace", - "subscriptions": "5129b3ff-c0c6-4e86-bd1c-70e5fcd579cf", + "subscriptions": "@subscription().subscriptionId", "timerange": "@{formatDateTime(addDays(utcNow(), parameters('search_lookback_days')), 'yyyy-MM-dd')}" } } diff --git a/Solutions/Recorded Future Identity/Playbooks/add_risky_user_to_security_group.json b/Solutions/Recorded Future Identity/Playbooks/add_risky_user_to_security_group.json deleted file mode 100644 index b8c838c00e..0000000000 --- a/Solutions/Recorded Future Identity/Playbooks/add_risky_user_to_security_group.json +++ /dev/null @@ -1,376 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "comment": "", - "author": "Dmytro Branitskyi, Recorded Future" - }, - "parameters": { - "PlaybookName": { - "defaultValue": "Recorded_Future_Identity_Add_Risky_User_to_Security_Group", - "type": "string" - } - }, - "variables": { - "AzureADConnectionName": "[concat('azuread-', parameters('PlaybookName'))]" - }, - "resources": [ - { - "type": "Microsoft.Logic/workflows", - "apiVersion": "2019-05-01", - "name": "[parameters('PlaybookName')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Web/connections', variables('AzureADConnectionName'))]" - ], - "properties": { - "state": "Enabled", - "definition": { - "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "$connections": { - "defaultValue": {}, - "type": "Object" - } - }, - "triggers": { - "manual": { - "type": "Request", - "kind": "Http", - "inputs": { - "method": "POST", - "schema": { - "properties": { - "active_directory_domain": { - "type": "string" - }, - "active_directory_security_group_id": { - "type": "string" - }, - "risky_user_email": { - "type": "string" - } - }, - "type": "object" - } - } - } - }, - "actions": { - "Add_risky_user_to_Active_Directory_security_group_for_users_at_risk": { - "runAfter": { - "Response_-_Risky_user_was_not_found_in_Active_Directory": [ - "Skipped" - ] - }, - "type": "ApiConnection", - "inputs": { - "body": { - "@@odata.id": "@body('Get_User_-_Check_if_the_user_exists_in_Active_Directory')?['id']" - }, - "host": { - "connection": { - "name": "@parameters('$connections')['azuread']['connectionId']" - } - }, - "method": "post", - "path": "/v1.0/groups/@{encodeURIComponent(triggerBody()?['active_directory_security_group_id'])}/members/$ref" - } - }, - "Get_User_-_Check_if_the_user_exists_in_Active_Directory": { - "runAfter": { - "If_Active_Directory_domain_parameter_is_not_null_and_not_empty": [ - "Succeeded" - ] - }, - "type": "ApiConnection", - "inputs": { - "host": { - "connection": { - "name": "@parameters('$connections')['azuread']['connectionId']" - } - }, - "method": "get", - "path": "/v1.0/users/@{encodeURIComponent(variables('user_principal_name'))}" - }, - "description": "Use the user's email as Active Directory user principal name." - }, - "If_Active_Directory_domain_parameter_is_not_null_and_not_empty": { - "actions": { - "Set_Active_Directory_user_principal_name_to_user_email's_username_+_AD_domain": { - "runAfter": {}, - "type": "SetVariable", - "inputs": { - "name": "user_principal_name", - "value": "@{concat(split(triggerBody()?['risky_user_email'], '@')[0], '@', triggerBody()?['active_directory_domain'])}" - }, - "description": "Use [user email's username + Active Directory domain] as Active Directory user principal name." - } - }, - "runAfter": { - "Initialize_-_Active_Directory_user_principal_name": [ - "Succeeded" - ] - }, - "else": { - "actions": { - "Set_Active_Directory_user_principal_name_to_user's_email": { - "runAfter": {}, - "type": "SetVariable", - "inputs": { - "name": "user_principal_name", - "value": "@triggerBody()?['risky_user_email']" - }, - "description": "Use [user's email] as Active Directory user principal name." - } - } - }, - "expression": { - "and": [ - { - "not": { - "equals": [ - "@triggerBody()?['active_directory_domain']", - "@null" - ] - } - }, - { - "not": { - "equals": [ - "@triggerBody()?['active_directory_domain']", - "" - ] - } - } - ] - }, - "type": "If" - }, - "Initialize_-_Active_Directory_user_principal_name": { - "runAfter": {}, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "user_principal_name", - "type": "string" - } - ] - } - }, - "Response_-_Failed_to_add_risky_user_to_AD_security_group_for_users_at_risk": { - "runAfter": { - "Response_-_Successfully_added_risky_user_to_AD_security_group_for_users_at_risk": [ - "Skipped" - ] - }, - "type": "Response", - "kind": "Http", - "inputs": { - "body": { - "data": { - "parameters_passed": { - "active_directory_domain": "@triggerBody()?['active_directory_domain']", - "active_directory_security_group_id": "@triggerBody()?['active_directory_security_group_id']", - "risky_user_email": "@triggerBody()?['risky_user_email']" - }, - "user_id_in_active_directory": "@body('Get_User_-_Check_if_the_user_exists_in_Active_Directory')?['id']", - "user_principal_name": "@variables('user_principal_name')" - }, - "reason": "Failed to add Active Directory risky user to Active Directory security group for users at risk. Check active_directory_security_group_id parameter.", - "status": "Error" - }, - "headers": { - "Content-Type": "application/json" - }, - "schema": { - "properties": { - "data": { - "properties": { - "parameters_passed": { - "properties": { - "active_directory_domain": { - "type": "string" - }, - "active_directory_security_group_id": { - "type": "string" - }, - "risky_user_email": { - "type": "string" - } - }, - "type": "object" - }, - "user_id_in_active_directory": { - "type": "string" - }, - "user_principal_name": { - "type": "string" - } - }, - "type": "object" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - } - }, - "type": "object" - }, - "statusCode": 422 - } - }, - "Response_-_Risky_user_was_not_found_in_Active_Directory": { - "runAfter": { - "Get_User_-_Check_if_the_user_exists_in_Active_Directory": [ - "Failed" - ] - }, - "type": "Response", - "kind": "Http", - "inputs": { - "body": { - "data": { - "parameters_passed": { - "active_directory_domain": "@triggerBody()?['active_directory_domain']", - "active_directory_security_group_id": "@triggerBody()?['active_directory_security_group_id']", - "risky_user_email": "@triggerBody()?['risky_user_email']" - }, - "user_principal_name_used": "@variables('user_principal_name')" - }, - "reason": "Risky user was not found in Active Directory.", - "status": "Error" - }, - "headers": { - "Content-Type": "application/json" - }, - "schema": { - "properties": { - "data": { - "properties": { - "parameters_passed": { - "properties": { - "active_directory_domain": { - "type": "string" - }, - "active_directory_security_group_id": { - "type": "string" - }, - "risky_user_email": { - "type": "string" - } - }, - "type": "object" - }, - "user_principal_name_used": { - "type": "string" - } - }, - "type": "object" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - } - }, - "type": "object" - }, - "statusCode": 404 - } - }, - "Response_-_Successfully_added_risky_user_to_AD_security_group_for_users_at_risk": { - "runAfter": { - "Add_risky_user_to_Active_Directory_security_group_for_users_at_risk": [ - "Succeeded" - ] - }, - "type": "Response", - "kind": "Http", - "inputs": { - "body": { - "data": { - "parameters_passed": { - "active_directory_domain": "@triggerBody()?['active_directory_domain']", - "active_directory_security_group_id": "@triggerBody()?['active_directory_security_group_id']", - "risky_user_email": "@triggerBody()?['risky_user_email']" - }, - "user_id_in_active_directory": "@body('Get_User_-_Check_if_the_user_exists_in_Active_Directory')?['id']", - "user_principal_name": "@variables('user_principal_name')" - }, - "status": "Successfully added risky user to Active Directory security group for users at risk." - }, - "headers": { - "Content-Type": "application/json" - }, - "schema": { - "properties": { - "data": { - "properties": { - "parameters_passed": { - "properties": { - "active_directory_domain": { - "type": "string" - }, - "active_directory_security_group_id": { - "type": "string" - }, - "risky_user_email": { - "type": "string" - } - }, - "type": "object" - }, - "user_id_in_active_directory": { - "type": "string" - }, - "user_principal_name": { - "type": "string" - } - }, - "type": "object" - }, - "status": { - "type": "string" - } - }, - "type": "object" - }, - "statusCode": 200 - } - } - }, - "outputs": {} - }, - "parameters": { - "$connections": { - "value": { - "azuread": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureADConnectionName'))]", - "connectionName": "[variables('AzureADConnectionName')]", - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azuread')]" - } - } - } - } - } - }, - { - "type": "Microsoft.Web/connections", - "apiVersion": "2018-07-01-preview", - "name": "[variables('AzureADConnectionName')]", - "location": "[resourceGroup().location]", - "properties": { - "api": { - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azuread')]" - }, - "displayName": "[variables('AzureADConnectionName')]" - } - } - ] -} \ No newline at end of file diff --git a/Solutions/Recorded Future Identity/Playbooks/azure_identity_protection_confirm_user_is_risky.json b/Solutions/Recorded Future Identity/Playbooks/azure_identity_protection_confirm_user_is_risky.json deleted file mode 100644 index 92f9391541..0000000000 --- a/Solutions/Recorded Future Identity/Playbooks/azure_identity_protection_confirm_user_is_risky.json +++ /dev/null @@ -1,406 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "comment": "", - "author": "Dmytro Branitskyi, Recorded Future" - }, - "parameters": { - "PlaybookName": { - "defaultValue": "Recorded_Future_Identity_Add_Risky_User_to_Security_Group", - "type": "string" - } - }, - "variables": { - "AzureADConnectionName": "[concat('azuread-', parameters('PlaybookName'))]", - "AzureADIdentityProtectionConnectionName": "[concat('azureadip-', parameters('PlaybookName'))]" - }, - "resources": [ - { - "type": "Microsoft.Logic/workflows", - "apiVersion": "2019-05-01", - "name": "[parameters('PlaybookName')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Web/connections', variables('AzureADConnectionName'))]", - "[resourceId('Microsoft.Web/connections', variables('AzureADIdentityProtectionConnectionName'))]" - ], - "properties": { - "state": "Enabled", - "definition": { - "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "$connections": { - "defaultValue": {}, - "type": "Object" - } - }, - "triggers": { - "manual": { - "type": "Request", - "kind": "Http", - "inputs": { - "method": "POST", - "schema": { - "properties": { - "active_directory_domain": { - "type": "string" - }, - "risky_user_email": { - "type": "string" - } - }, - "type": "object" - } - } - } - }, - "actions": { - "Check_if_AD_Identity_Protection_risky_users_list_contains_the_user": { - "runAfter": { - "Response_-_Risky_user_was_not_found_in_Active_Directory": [ - "Succeeded" - ] - }, - "type": "ApiConnection", - "inputs": { - "host": { - "connection": { - "name": "@parameters('$connections')['azureadip']['connectionId']" - } - }, - "method": "get", - "path": "/beta/riskyUsers/@{encodeURIComponent(body('Get_User_-_Check_if_the_user_exists_in_Active_Directory')?['id'])}" - } - }, - "Confirm_the_user_is_indeed_compromised": { - "runAfter": { - "Check_if_AD_Identity_Protection_risky_users_list_contains_the_user": [ - "Succeeded" - ] - }, - "type": "ApiConnection", - "inputs": { - "body": { - "userIds": [ - "@body('Check_if_AD_Identity_Protection_risky_users_list_contains_the_user')?['id']" - ] - }, - "host": { - "connection": { - "name": "@parameters('$connections')['azureadip']['connectionId']" - } - }, - "method": "post", - "path": "/beta/riskyUsers/confirmCompromised" - } - }, - "Get_User_-_Check_if_the_user_exists_in_Active_Directory": { - "runAfter": { - "If_Active_Directory_domain_parameter_is_not_null_and_not_empty": [ - "Succeeded" - ] - }, - "type": "ApiConnection", - "inputs": { - "host": { - "connection": { - "name": "@parameters('$connections')['azuread']['connectionId']" - } - }, - "method": "get", - "path": "/v1.0/users/@{encodeURIComponent(variables('user_principal_name'))}" - } - }, - "If_Active_Directory_domain_parameter_is_not_null_and_not_empty": { - "actions": { - "Set_Active_Directory_user_principal_name_to_user_email's_username_+_AD_domain": { - "runAfter": {}, - "type": "SetVariable", - "inputs": { - "name": "user_principal_name", - "value": "@{concat(split(triggerBody()?['risky_user_email'], '@')[0], '@', triggerBody()?['active_directory_domain'])}" - } - } - }, - "runAfter": { - "Initialize_-_Active_Directory_user_principal_name": [ - "Succeeded" - ] - }, - "else": { - "actions": { - "Set_Active_Directory_user_principal_name_to_user's_email": { - "runAfter": {}, - "type": "SetVariable", - "inputs": { - "name": "user_principal_name", - "value": "@triggerBody()?['risky_user_email']" - } - } - } - }, - "expression": { - "and": [ - { - "not": { - "equals": [ - "@triggerBody()?['active_directory_domain']", - "@null" - ] - } - }, - { - "not": { - "equals": [ - "@triggerBody()?['active_directory_domain']", - "" - ] - } - } - ] - }, - "type": "If" - }, - "Initialize_-_Active_Directory_user_principal_name": { - "runAfter": {}, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "user_principal_name", - "type": "string" - } - ] - } - }, - "Response_-_Failed_to_confirm_user_at_risk_is_compromised": { - "runAfter": { - "Response_-_Successfully_confirmed_user_at_risk_is_indeed_compromised": [ - "Skipped" - ] - }, - "type": "Response", - "kind": "Http", - "inputs": { - "body": { - "data": { - "active_directory_identity_protection_results_for_risky_user": "@body('Check_if_AD_Identity_Protection_risky_users_list_contains_the_user')", - "parameters_passed": { - "active_directory_domain": "@triggerBody()?['active_directory_domain']", - "risky_user_email": "@triggerBody()?['risky_user_email']" - }, - "user_id_in_active_directory": "@body('Get_User_-_Check_if_the_user_exists_in_Active_Directory')?['id']", - "user_principal_name": "@variables('user_principal_name')" - }, - "reason": "Failed to confirm user at risk is compromised. Maybe the user was not present in Active Directory Identity Protection risky users list.", - "status": "Error" - }, - "headers": { - "Content-Type": "application/json" - }, - "schema": { - "properties": { - "data": { - "properties": { - "active_directory_identity_protection_results_for_risky_user": { - "properties": {}, - "type": "object" - }, - "parameters_passed": { - "properties": { - "active_directory_domain": { - "type": "string" - }, - "risky_user_email": { - "type": "string" - } - }, - "type": "object" - }, - "user_id_in_active_directory": { - "type": "string" - }, - "user_principal_name": { - "type": "string" - } - }, - "type": "object" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - } - }, - "type": "object" - }, - "statusCode": 422 - } - }, - "Response_-_Risky_user_was_not_found_in_Active_Directory": { - "runAfter": { - "Get_User_-_Check_if_the_user_exists_in_Active_Directory": [ - "Succeeded" - ] - }, - "type": "Response", - "kind": "Http", - "inputs": { - "body": { - "data": { - "parameters_passed": { - "active_directory_domain": "@triggerBody()?['active_directory_domain']", - "risky_user_email": "@triggerBody()?['risky_user_email']" - }, - "user_principal_name": "@variables('user_principal_name')" - }, - "reason": "Risky user was not found in Active Directory.", - "status": "Error" - }, - "headers": { - "Content-Type": "application/json" - }, - "schema": { - "properties": { - "data": { - "properties": { - "parameters_passed": { - "properties": { - "active_directory_domain": { - "type": "string" - }, - "risky_user_email": { - "type": "string" - } - }, - "type": "object" - }, - "user_principal_name": { - "type": "string" - } - }, - "type": "object" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - } - }, - "type": "object" - }, - "statusCode": 404 - } - }, - "Response_-_Successfully_confirmed_user_at_risk_is_indeed_compromised": { - "runAfter": { - "Confirm_the_user_is_indeed_compromised": [ - "Succeeded" - ] - }, - "type": "Response", - "kind": "Http", - "inputs": { - "body": { - "data": { - "active_directory_identity_protection_results_for_risky_user": "@body('Check_if_AD_Identity_Protection_risky_users_list_contains_the_user')", - "parameters_passed": { - "active_directory_domain": "@triggerBody()?['active_directory_domain']", - "risky_user_email": "@triggerBody()?['risky_user_email']" - }, - "user_id_in_active_directory": "@body('Get_User_-_Check_if_the_user_exists_in_Active_Directory')?['id']", - "user_principal_name": "@variables('user_principal_name')" - }, - "status": "Confirmed user at risk is indeed compromised." - }, - "headers": { - "Content-Type": "application/json" - }, - "schema": { - "properties": { - "data": { - "properties": { - "active_directory_identity_protection_results_for_risky_user": { - "properties": {}, - "type": "object" - }, - "parameters_passed": { - "properties": { - "active_directory_domain": { - "type": "string" - }, - "risky_user_email": { - "type": "string" - } - }, - "type": "object" - }, - "user_id_in_active_directory": { - "type": "string" - }, - "user_principal_name": { - "type": "string" - } - }, - "type": "object" - }, - "status": { - "type": "string" - } - }, - "type": "object" - }, - "statusCode": 200 - } - } - }, - "outputs": {} - }, - "parameters": { - "$connections": { - "value": { - "azuread": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureADConnectionName'))]", - "connectionName": "[variables('AzureADConnectionName')]", - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azuread')]" - }, - "azureadip": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureADIdentityProtectionConnectionName'))]", - "connectionName": "[variables('AzureADIdentityProtectionConnectionName')]", - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azureadip')]" - } - } - } - } - } - }, - { - "type": "Microsoft.Web/connections", - "apiVersion": "2018-07-01-preview", - "name": "[variables('AzureADConnectionName')]", - "location": "[resourceGroup().location]", - "properties": { - "api": { - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azuread')]" - }, - "displayName": "[variables('AzureADConnectionName')]" - } - }, - { - "type": "Microsoft.Web/connections", - "apiVersion": "2018-07-01-preview", - "name": "[variables('AzureADIdentityProtectionConnectionName')]", - "location": "[resourceGroup().location]", - "properties": { - "api": { - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azureadip')]" - }, - "displayName": "[variables('AzureADIdentityProtectionConnectionName')]" - } - } - ] -} \ No newline at end of file diff --git a/Solutions/Recorded Future Identity/Playbooks/base_external.json b/Solutions/Recorded Future Identity/Playbooks/base_external.json deleted file mode 100644 index ffa4b9f079..0000000000 --- a/Solutions/Recorded Future Identity/Playbooks/base_external.json +++ /dev/null @@ -1,543 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "PlaybookName": { - "defaultValue": "Recorded_Future_Identity_External", - "type": "string" - }, - "PlaybookName_Add_Risky_User_to_Security_Group": { - "defaultValue": "Recorded_Future_Identity_Add_Risky_User_to_Security_Group", - "type": "string" - }, - "PlaybookName_Lookup_and_Save": { - "defaultValue": "Recorded_Future_Identity_Lookup_And_Save", - "type": "string" - }, - "PlaybookName_Identity_Protection_Confirm_User_Is_Risky": { - "defaultValue": "Recorded_Future_Identity_Add_Risky_User_to_Security_Group", - "type": "string" - } - }, - "variables": { - "LogAnalyticsDataCollectorConnectionName": "[concat('azureloganalyticsdatacollector-', parameters('PlaybookName'))]", - "AzureMonitorLogsConnectionName": "[concat('azuremonitorlogs-', parameters('PlaybookName'))]", - "RecordedFutureIdentityConnectionName": "[concat('recordedfutureidenti-', parameters('PlaybookName'))]" - }, - "resources": [ - { - "type": "Microsoft.Logic/workflows", - "apiVersion": "2019-05-01", - "name": "[parameters('PlaybookName')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", - "[resourceId('Microsoft.Web/connections', variables('AzureMonitorLogsConnectionName'))]", - "[resourceId('Microsoft.Web/connections', variables('RecordedFutureIdentityConnectionName'))]" - ], - "properties": { - "state": "Enabled", - "definition": { - "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "$connections": { - "defaultValue": {}, - "type": "Object" - } - }, - "triggers": { - "Recurrence": { - "recurrence": { - "frequency": "Day", - "interval": 1 - }, - "evaluatedRecurrence": { - "frequency": "Day", - "interval": 1 - }, - "type": "Recurrence" - } - }, - "actions": { - "Add_Log_Analytics_Malware_log_exposures_to_the_corresponding_array": { - "runAfter": { - "Query_Log_Analytics_for_Malware_log_exposures": [ - "Succeeded" - ] - }, - "type": "SetVariable", - "inputs": { - "name": "known_malware_log_creds", - "value": "@body('Query_Log_Analytics_for_Malware_log_exposures')?['value']" - } - }, - "Credential_Search_-_Search_credential_data_for_one_or_more_domains": { - "runAfter": { - "Initialize_-_Name_for_\"Malware_Logs\"_Log_Analytics_Custom_Log": [ - "Succeeded" - ] - }, - "type": "ApiConnection", - "inputs": { - "body": { - "domain_type": "My Organization (workforce use case)", - "domains": [ - "@variables('company_domain')" - ], - "filter": { - "latest_downloaded_gte": "@{formatDateTime(addDays(utcNow(), variables('search_lookback_days')), 'yyyy-MM-dd')}" - }, - "limit": 500 - }, - "host": { - "connection": { - "name": "@parameters('$connections')['recordedfutureidenti']['connectionId']" - } - }, - "method": "post", - "path": "/credentials/search" - } - }, - "For_Each_-_extend_new_exposures_array_with_new_Malware_log_exposures": { - "foreach": "@variables('unknown_malware_log_creds')", - "actions": { - "Add_new_Malware_log_exposure_email_to_the_array_of_all_new_exposures": { - "runAfter": {}, - "type": "AppendToArrayVariable", - "inputs": { - "name": "newly_leaked_emails", - "value": "@items('For_Each_-_extend_new_exposures_array_with_new_Malware_log_exposures')?['login']" - } - } - }, - "runAfter": { - "Initialize_-_Array_of_all_new_exposures_(emails)": [ - "Succeeded" - ] - }, - "type": "Foreach" - }, - "For_Each_new_Malware_log_exposures": { - "foreach": "@body('Credential_Search_-_Search_credential_data_for_one_or_more_domains')?['malware_logs']", - "actions": { - "If_Malware_log_exposure_is_new": { - "actions": { - "Add_new_exposure_to_the_new_Malware_log_exposures_array": { - "runAfter": {}, - "type": "AppendToArrayVariable", - "inputs": { - "name": "unknown_malware_log_creds", - "value": "@items('For_Each_new_Malware_log_exposures')" - } - } - }, - "runAfter": {}, - "expression": { - "and": [ - { - "not": { - "contains": [ - "@variables('known_malware_log_creds')", - "@items('For_Each_new_Malware_log_exposures')" - ] - } - } - ] - }, - "type": "If", - "description": "\"New\" - means it have not been previously seen by the Logic App." - } - }, - "runAfter": { - "Initialize_-_Array_of_new_Malware_log_exposures": [ - "Succeeded" - ] - }, - "type": "Foreach" - }, - "For_each_new_exposures_-_do_protective_actions": { - "foreach": "@variables('newly_leaked_emails')", - "actions": { - "Current_time": { - "runAfter": {}, - "type": "Expression", - "kind": "CurrentTime", - "inputs": {}, - "description": "This block is needed only to create 3 branches in this For each loop." - }, - "IdentityPlaybook_-_add_risky_user_to_AD_security_group": { - "runAfter": { - "Current_time": [ - "Succeeded" - ] - }, - "type": "Workflow", - "inputs": { - "body": { - "active_directory_domain": "@variables('active_directory_domain')", - "active_directory_security_group_id": "@variables('risky_security_group_id')", - "risky_user_email": "@{items('For_each_new_exposures_-_do_protective_actions')}" - }, - "headers": { - "Content-Type": "application/json" - }, - "host": { - "triggerName": "manual", - "workflow": { - "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('PlaybookName_Add_Risky_User_to_Security_Group'))]" - } - } - } - }, - "IdentityPlaybook_-_identity_protection_confirm_user_is_risky": { - "runAfter": { - "Current_time": [ - "Succeeded" - ] - }, - "type": "Workflow", - "inputs": { - "body": { - "active_directory_domain": "@variables('active_directory_domain')", - "risky_user_email": "@{items('For_each_new_exposures_-_do_protective_actions')}" - }, - "headers": { - "Content-Type": "application/json" - }, - "host": { - "triggerName": "manual", - "workflow": { - "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('PlaybookName_Identity_Protection_Confirm_User_Is_Risky'))]" - } - } - } - }, - "IdentityPlaybook_-_lookup_data_on_risky_user_and_save_it_into_LogAnalytics": { - "runAfter": { - "Current_time": [ - "Succeeded" - ] - }, - "type": "Workflow", - "inputs": { - "body": { - "lookup_lookback_range": "@variables('lookup_lookback_days')", - "lookup_results_loganalytics_custom_log": "@variables('lookup_results_loganalytics_custom_log')", - "risky_user_email": "@{items('For_each_new_exposures_-_do_protective_actions')}" - }, - "headers": { - "Content-Type": "application/json" - }, - "host": { - "triggerName": "manual", - "workflow": { - "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('PlaybookName_Lookup_and_Save'))]" - } - } - } - } - }, - "runAfter": { - "Initialize_-_ID_of_Active_Directory_security_group_for_users_at_risk": [ - "Succeeded" - ] - }, - "type": "Foreach", - "runtimeConfiguration": { - "concurrency": { - "repetitions": 1 - } - } - }, - "Initialize_-_Array_of_all_new_exposures_(emails)": { - "runAfter": { - "Send_Data_-_Save_new_Malware_log_exposures_into_Log_Analytics_Custom_Log": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "newly_leaked_emails", - "type": "array" - } - ] - } - }, - "Initialize_-_Array_of_known_Malware_log_exposures": { - "runAfter": { - "Credential_Search_-_Search_credential_data_for_one_or_more_domains": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "known_malware_log_creds", - "type": "array" - } - ] - }, - "description": "Existing Malware logs (collected during prior Logic App runs)" - }, - "Initialize_-_Array_of_new_Malware_log_exposures": { - "runAfter": { - "Add_Log_Analytics_Malware_log_exposures_to_the_corresponding_array": [ - "Succeeded", - "Skipped" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "unknown_malware_log_creds", - "type": "array" - } - ] - }, - "description": "Exposures that wasn't previously seen by the Logic App." - }, - "Initialize_-_ID_of_Active_Directory_security_group_for_users_at_risk": { - "runAfter": { - "Initialize_-_[Optional]_Active_Directory_Domain": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "risky_security_group_id", - "type": "string" - } - ] - }, - "description": "Create an Active Directory security group that will store any users with exposed credentials." - }, - "Initialize_-_Lookup_range_(days_back)": { - "runAfter": { - "Initialize_-_Name_for_Lookup_results_Log_Analytics_Custom_Log": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "lookup_lookback_days", - "type": "integer", - "value": -365 - } - ] - }, - "description": "Number of days before today to lookup. E.g. input \"-14\" to search the last 14 days." - }, - "Initialize_-_Name_for_\"Malware_Logs\"_Log_Analytics_Custom_Log": { - "runAfter": { - "Initialize_-_Search_range_(days_back)": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "malware_logs_loganalytics_custom_log", - "type": "string", - "value": "LeakedCredentials_MalwareLogs_CL" - } - ] - }, - "description": "Custom Log name (Value) must end with \"CL\"" - }, - "Initialize_-_Name_for_Lookup_results_Log_Analytics_Custom_Log": { - "runAfter": { - "For_Each_-_extend_new_exposures_array_with_new_Malware_log_exposures": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "lookup_results_loganalytics_custom_log", - "type": "string", - "value": "RiskyUsers_CL" - } - ] - }, - "description": "Custom Log name (Value) must end with \"CL\"" - }, - "Initialize_-_Organization_domain": { - "runAfter": {}, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "company_domain", - "type": "string", - "value": "example.com" - } - ] - }, - "description": "Organization domain to search exposures for." - }, - "Initialize_-_Search_range_(days_back)": { - "runAfter": { - "Initialize_-_Organization_domain": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "search_lookback_days", - "type": "integer", - "value": -14 - } - ] - }, - "description": "Number of days before today to search. E.g. input \"-14\" to search the last 14 days." - }, - "Initialize_-_[Optional]_Active_Directory_Domain": { - "runAfter": { - "Initialize_-_Lookup_range_(days_back)": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "active_directory_domain", - "type": "string" - } - ] - }, - "description": "If Active Directory (AD) and email use different domains, set AD domain here (Value). Syntax: \"company.onmicrosoft.com\" (exclude \"@\")." - }, - "Query_Log_Analytics_for_Malware_log_exposures": { - "runAfter": { - "Initialize_-_Array_of_known_Malware_log_exposures": [ - "Succeeded" - ] - }, - "type": "ApiConnection", - "inputs": { - "body": "@{variables('malware_logs_loganalytics_custom_log')}\n| project login=login_s, domain=domain_s", - "host": { - "connection": { - "name": "@parameters('$connections')['azuremonitorlogs']['connectionId']" - } - }, - "method": "post", - "path": "/queryData", - "queries": { - "resourcegroups": "RF", - "resourcename": "RF-log-analyitics", - "resourcetype": "Log Analytics Workspace", - "subscriptions": "5129b3ff-c0c6-4e86-bd1c-70e5fcd579cf", - "timerange": "@{formatDateTime(addDays(utcNow(), variables('search_lookback_days')), 'yyyy-MM-dd')}" - } - } - }, - "Send_Data_-_Save_new_Malware_log_exposures_into_Log_Analytics_Custom_Log": { - "runAfter": { - "Transform_new_Malware_log_exposures_array_into_a_JSON_object": [ - "Succeeded" - ] - }, - "type": "ApiConnection", - "inputs": { - "body": "@{outputs('Transform_new_Malware_log_exposures_array_into_a_JSON_object')}", - "headers": { - "Log-Type": "@variables('malware_logs_loganalytics_custom_log')", - "time-generated-field": "@{utcNow()}" - }, - "host": { - "connection": { - "name": "@parameters('$connections')['azureloganalyticsdatacollector']['connectionId']" - } - }, - "method": "post", - "path": "/api/logs" - } - }, - "Transform_new_Malware_log_exposures_array_into_a_JSON_object": { - "runAfter": { - "For_Each_new_Malware_log_exposures": [ - "Succeeded" - ] - }, - "type": "Compose", - "inputs": "@variables('unknown_malware_log_creds')" - } - }, - "outputs": {} - }, - "parameters": { - "$connections": { - "value": { - "azureloganalyticsdatacollector": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", - "connectionName": "[variables('LogAnalyticsDataCollectorConnectionName')]", - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azureloganalyticsdatacollector')]" - }, - "azuremonitorlogs": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureMonitorLogsConnectionName'))]", - "connectionName": "[variables('AzureMonitorLogsConnectionName')]", - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azuremonitorlogs')]" - }, - "recordedfutureidenti": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('RecordedFutureIdentityConnectionName'))]", - "connectionName": "[variables('RecordedFutureIdentityConnectionName')]", - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/recordedfutureidenti')]" - } - } - } - } - } - }, - { - "type": "Microsoft.Web/connections", - "apiVersion": "2018-07-01-preview", - "name": "[variables('LogAnalyticsDataCollectorConnectionName')]", - "location": "[resourceGroup().location]", - "properties": { - "api": { - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azureloganalyticsdatacollector')]" - }, - "displayName": "[variables('LogAnalyticsDataCollectorConnectionName')]" - } - }, - { - "type": "Microsoft.Web/connections", - "apiVersion": "2018-07-01-preview", - "name": "[variables('AzureMonitorLogsConnectionName')]", - "location": "[resourceGroup().location]", - "properties": { - "api": { - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azuremonitorlogs')]" - }, - "displayName": "[variables('AzureMonitorLogsConnectionName')]" - } - }, - { - "type": "Microsoft.Web/connections", - "apiVersion": "2018-07-01-preview", - "name": "[variables('RecordedFutureIdentityConnectionName')]", - "location": "[resourceGroup().location]", - "properties": { - "api": { - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/recordedfutureidenti')]" - }, - "displayName": "[variables('RecordedFutureIdentityConnectionName')]" - } - } - ] -} \ No newline at end of file diff --git a/Solutions/Recorded Future Identity/Playbooks/base_workforce.json b/Solutions/Recorded Future Identity/Playbooks/base_workforce.json deleted file mode 100644 index 72540a688f..0000000000 --- a/Solutions/Recorded Future Identity/Playbooks/base_workforce.json +++ /dev/null @@ -1,768 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "comment": "", - "author": "Dmytro Branitskyi, Recorded Future" - }, - "parameters": { - "PlaybookName": { - "defaultValue": "Recorded_Future_Identity_Workforce", - "type": "string" - }, - "PlaybookName_Add_Risky_User_to_Security_Group": { - "defaultValue": "Recorded_Future_Identity_Add_Risky_User_to_Security_Group", - "type": "string" - }, - "PlaybookName_Lookup_and_Save": { - "defaultValue": "Recorded_Future_Identity_Lookup_And_Save", - "type": "string" - }, - "PlaybookName_Identity_Protection_Confirm_User_Is_Risky": { - "defaultValue": "Recorded_Future_Identity_Add_Risky_User_to_Security_Group", - "type": "string" - } - }, - "variables": { - "LogAnalyticsDataCollectorConnectionName": "[concat('azureloganalyticsdatacollector-', parameters('PlaybookName'))]", - "AzureMonitorLogsConnectionName": "[concat('azuremonitorlogs-', parameters('PlaybookName'))]", - "RecordedFutureIdentityConnectionName": "[concat('recordedfutureidenti-', parameters('PlaybookName'))]" - }, - "resources": [ - { - "type": "Microsoft.Logic/workflows", - "apiVersion": "2019-05-01", - "name": "[parameters('PlaybookName')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", - "[resourceId('Microsoft.Web/connections', variables('AzureMonitorLogsConnectionName'))]", - "[resourceId('Microsoft.Web/connections', variables('RecordedFutureIdentityConnectionName'))]" - ], - "properties": { - "state": "Enabled", - "definition": { - "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "$connections": { - "defaultValue": {}, - "type": "Object" - } - }, - "triggers": { - "Recurrence": { - "recurrence": { - "frequency": "Day", - "interval": 1 - }, - "evaluatedRecurrence": { - "frequency": "Day", - "interval": 1 - }, - "type": "Recurrence" - } - }, - "actions": { - "Add_Log_Analytics_Credential_dump_exposures_to_the_corresponding_array": { - "runAfter": { - "Query_Log_Analytics_for_Credential_dump_exposures": [ - "Succeeded" - ] - }, - "type": "SetVariable", - "inputs": { - "name": "known_credential_dump_creds", - "value": "@body('Query_Log_Analytics_for_Credential_dump_exposures')?['value']" - } - }, - "Add_Log_Analytics_Malware_log_exposures_to_the_corresponding_array": { - "runAfter": { - "Query_Log_Analytics_for_Malware_log_exposures": [ - "Succeeded" - ] - }, - "type": "SetVariable", - "inputs": { - "name": "known_malware_log_creds", - "value": "@body('Query_Log_Analytics_for_Malware_log_exposures')?['value']" - } - }, - "Credential_Search_-_Search_credential_data_for_one_or_more_domains": { - "runAfter": { - "Initialize_-_Name_for_\"Malware_Logs\"_Log_Analytics_Custom_Log": [ - "Succeeded" - ] - }, - "type": "ApiConnection", - "inputs": { - "body": { - "domain_type": "My Organization (workforce use case)", - "domains": [ - "@variables('company_domain')" - ], - "filter": { - "latest_downloaded_gte": "@{formatDateTime(addDays(utcNow(), variables('search_lookback_days')), 'yyyy-MM-dd')}" - }, - "limit": 500 - }, - "host": { - "connection": { - "name": "@parameters('$connections')['recordedfutureidenti']['connectionId']" - } - }, - "method": "post", - "path": "/credentials/search" - } - }, - "For_Each_-_Make_new_and_known_Credential_dumps_be_comparable": { - "foreach": "@body('Credential_Search_-_Search_credential_data_for_one_or_more_domains')?['credential_dumps']", - "actions": { - "Append_transformed_exposures_to_array": { - "runAfter": {}, - "type": "AppendToArrayVariable", - "inputs": { - "name": "transformed_rf_api_credential_dump_creds", - "value": { - "email": "@items('For_Each_-_Make_new_and_known_Credential_dumps_be_comparable')" - } - } - } - }, - "runAfter": { - "Initialize_-_Array_of_transformed_new_Credential_dump_exposures": [ - "Succeeded" - ] - }, - "type": "Foreach" - }, - "For_Each_-_extend_new_exposures_array_with_new_Credential_dump_exposures": { - "foreach": "@variables('unknown_credential_dump_creds')", - "actions": { - "Add_new_Credential_dump_exposure_email_to_the_array_of_all_new_exposures": { - "runAfter": {}, - "type": "AppendToArrayVariable", - "inputs": { - "name": "newly_leaked_emails", - "value": "@items('For_Each_-_extend_new_exposures_array_with_new_Credential_dump_exposures')?['email']" - } - } - }, - "runAfter": { - "For_Each_-_extend_new_exposures_array_with_new_Malware_log_exposures": [ - "Succeeded" - ] - }, - "type": "Foreach" - }, - "For_Each_-_extend_new_exposures_array_with_new_Malware_log_exposures": { - "foreach": "@variables('unknown_malware_log_creds')", - "actions": { - "Add_new_Malware_log_exposure_email_to_the_array_of_all_new_exposures": { - "runAfter": {}, - "type": "AppendToArrayVariable", - "inputs": { - "name": "newly_leaked_emails", - "value": "@items('For_Each_-_extend_new_exposures_array_with_new_Malware_log_exposures')?['login']" - } - } - }, - "runAfter": { - "Initialize_-_Array_of_all_new_exposures_(emails)": [ - "Succeeded" - ] - }, - "type": "Foreach" - }, - "For_Each_new_Credential_dump_exposures": { - "foreach": "@variables('transformed_rf_api_credential_dump_creds')", - "actions": { - "If_Credential_dump_exposure_is_new": { - "actions": { - "Add_new_exposure_to_the_new_Credential_dump_exposures_array": { - "runAfter": {}, - "type": "AppendToArrayVariable", - "inputs": { - "name": "unknown_credential_dump_creds", - "value": "@items('For_Each_new_Credential_dump_exposures')" - } - } - }, - "runAfter": {}, - "expression": { - "and": [ - { - "not": { - "contains": [ - "@variables('known_credential_dump_creds')", - "@items('For_Each_new_Credential_dump_exposures')" - ] - } - } - ] - }, - "type": "If", - "description": "\"New\" - means it have not been previously seen by the Logic App." - } - }, - "runAfter": { - "Initialize_-_Array_of_new_Credential_dump_exposures": [ - "Succeeded" - ] - }, - "type": "Foreach" - }, - "For_Each_new_Malware_log_exposures": { - "foreach": "@body('Credential_Search_-_Search_credential_data_for_one_or_more_domains')?['malware_logs']", - "actions": { - "If_Malware_log_exposure_is_new": { - "actions": { - "Add_new_exposure_to_the_new_Malware_log_exposures_array": { - "runAfter": {}, - "type": "AppendToArrayVariable", - "inputs": { - "name": "unknown_malware_log_creds", - "value": "@items('For_Each_new_Malware_log_exposures')" - } - } - }, - "runAfter": {}, - "expression": { - "and": [ - { - "not": { - "contains": [ - "@variables('known_malware_log_creds')", - "@items('For_Each_new_Malware_log_exposures')" - ] - } - } - ] - }, - "type": "If", - "description": "\"New\" - means it have not been previously seen by the Logic App." - } - }, - "runAfter": { - "Initialize_-_Array_of_new_Malware_log_exposures": [ - "Succeeded" - ] - }, - "type": "Foreach" - }, - "For_each_new_exposures_-_do_protective_actions": { - "foreach": "@variables('newly_leaked_emails')", - "actions": { - "Current_time": { - "runAfter": {}, - "type": "Expression", - "kind": "CurrentTime", - "inputs": {}, - "description": "This block is needed only to create 3 branches in this For each loop." - }, - "IdentityPlaybook_-_add_risky_user_to_AD_security_group": { - "runAfter": { - "Current_time": [ - "Succeeded" - ] - }, - "type": "Workflow", - "inputs": { - "body": { - "active_directory_domain": "@variables('active_directory_domain')", - "active_directory_security_group_id": "@variables('risky_security_group_id')", - "risky_user_email": "@{items('For_each_new_exposures_-_do_protective_actions')}" - }, - "headers": { - "Content-Type": "application/json" - }, - "host": { - "triggerName": "manual", - "workflow": { - "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('PlaybookName_Add_Risky_User_to_Security_Group'))]" - } - } - } - }, - "IdentityPlaybook_-_lookup_data_on_risky_user_and_save_it_into_LogAnalytics": { - "runAfter": { - "Current_time": [ - "Succeeded" - ] - }, - "type": "Workflow", - "inputs": { - "body": { - "lookup_lookback_range": "@variables('lookup_lookback_days')", - "lookup_results_loganalytics_custom_log": "@variables('lookup_results_loganalytics_custom_log')", - "risky_user_email": "@{items('For_each_new_exposures_-_do_protective_actions')}" - }, - "headers": { - "Content-Type": "application/json" - }, - "host": { - "triggerName": "manual", - "workflow": { - "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('PlaybookName_Lookup_and_Save'))]" - } - } - } - }, - "IdentityPlaybook_-_identity_protection_confirm_user_is_risky": { - "runAfter": { - "Current_time": [ - "Succeeded" - ] - }, - "type": "Workflow", - "inputs": { - "body": { - "active_directory_domain": "@variables('active_directory_domain')", - "risky_user_email": "@{items('For_each_new_exposures_-_do_protective_actions')}" - }, - "headers": { - "Content-Type": "application/json" - }, - "host": { - "triggerName": "manual", - "workflow": { - "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('PlaybookName_Identity_Protection_Confirm_User_Is_Risky'))]" - } - } - } - } - }, - "runAfter": { - "Initialize_-_ID_of_Active_Directory_security_group_for_users_at_risk": [ - "Succeeded" - ] - }, - "type": "Foreach", - "runtimeConfiguration": { - "concurrency": { - "repetitions": 1 - } - } - }, - "Initialize_-_Array_of_all_new_exposures_(emails)": { - "runAfter": { - "Send_Data_-_Save_new_Credential_dump_exposures_into_Log_Analytics_Custom_Log": [ - "Succeeded", - "TimedOut", - "Failed" - ], - "Send_Data_-_Save_new_Malware_log_exposures_into_Log_Analytics_Custom_Log": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "newly_leaked_emails", - "type": "array" - } - ] - } - }, - "Initialize_-_Array_of_known_Credential_dump_exposures": { - "runAfter": { - "Credential_Search_-_Search_credential_data_for_one_or_more_domains": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "known_credential_dump_creds", - "type": "array" - } - ] - }, - "description": "Existing Credential dumps (collected during prior Logic App runs)" - }, - "Initialize_-_Array_of_known_Malware_log_exposures": { - "runAfter": { - "Credential_Search_-_Search_credential_data_for_one_or_more_domains": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "known_malware_log_creds", - "type": "array" - } - ] - }, - "description": "Existing Malware logs (collected during prior Logic App runs)" - }, - "Initialize_-_Array_of_new_Credential_dump_exposures": { - "runAfter": { - "For_Each_-_Make_new_and_known_Credential_dumps_be_comparable": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "unknown_credential_dump_creds", - "type": "array" - } - ] - }, - "description": "\"New\" - means that this are new leaks, which weren't seen on previous runs of the logic app." - }, - "Initialize_-_Array_of_new_Malware_log_exposures": { - "runAfter": { - "Add_Log_Analytics_Malware_log_exposures_to_the_corresponding_array": [ - "Succeeded", - "Skipped" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "unknown_malware_log_creds", - "type": "array" - } - ] - }, - "description": "Exposures that wasn't previously seen by the Logic App." - }, - "Initialize_-_Array_of_transformed_new_Credential_dump_exposures": { - "runAfter": { - "Add_Log_Analytics_Credential_dump_exposures_to_the_corresponding_array": [ - "Succeeded", - "Skipped" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "transformed_rf_api_credential_dump_creds", - "type": "array" - } - ] - }, - "description": "New Credential dumps are formatted to enable storing and comparing them with existing Credential dumps in Log Analytics." - }, - "Initialize_-_ID_of_Active_Directory_security_group_for_users_at_risk": { - "runAfter": { - "Initialize_-_[Optional]_Active_Directory_Domain": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "risky_security_group_id", - "type": "string" - } - ] - }, - "description": "Create an Active Directory security group that will store any users with exposed credentials." - }, - "Initialize_-_Lookup_range_(days_back)": { - "runAfter": { - "Initialize_-_Name_for_Lookup_results_Log_Analytics_Custom_Log": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "lookup_lookback_days", - "type": "integer", - "value": -365 - } - ] - }, - "description": "Number of days before today to lookup. E.g. input \"-14\" to search the last 14 days." - }, - "Initialize_-_Name_for_\"Credential_Dumps\"_Log_Analytics_Custom_Log": { - "runAfter": { - "Initialize_-_Search_range_(days_back)": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "credential_dumps_loganalytics_custom_log", - "type": "string", - "value": "LeakedCredentials_CredentialDumps_CL" - } - ] - }, - "description": "Custom Log name (Value) must end with \"CL\"" - }, - "Initialize_-_Name_for_\"Malware_Logs\"_Log_Analytics_Custom_Log": { - "runAfter": { - "Initialize_-_Name_for_\"Credential_Dumps\"_Log_Analytics_Custom_Log": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "malware_logs_loganalytics_custom_log", - "type": "string", - "value": "LeakedCredentials_MalwareLogs_CL" - } - ] - }, - "description": "Custom Log name (Value) must end with \"CL\"" - }, - "Initialize_-_Name_for_Lookup_results_Log_Analytics_Custom_Log": { - "runAfter": { - "For_Each_-_extend_new_exposures_array_with_new_Credential_dump_exposures": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "lookup_results_loganalytics_custom_log", - "type": "string", - "value": "RiskyUsers_CL" - } - ] - }, - "description": "Custom Log name (Value) must end with \"CL\"" - }, - "Initialize_-_Organization_domain": { - "runAfter": {}, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "company_domain", - "type": "string", - "value": "example.com" - } - ] - }, - "description": "Organization domain to search exposures for." - }, - "Initialize_-_Search_range_(days_back)": { - "runAfter": { - "Initialize_-_Organization_domain": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "search_lookback_days", - "type": "integer", - "value": -14 - } - ] - }, - "description": "Number of days before today to search. E.g. input \"-14\" to search the last 14 days." - }, - "Initialize_-_[Optional]_Active_Directory_Domain": { - "runAfter": { - "Initialize_-_Lookup_range_(days_back)": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "active_directory_domain", - "type": "string" - } - ] - }, - "description": "If Active Directory (AD) and email use different domains, set AD domain here (Value). Syntax: \"company.onmicrosoft.com\" (exclude \"@\")." - }, - "Query_Log_Analytics_for_Credential_dump_exposures": { - "runAfter": { - "Initialize_-_Array_of_known_Credential_dump_exposures": [ - "Succeeded" - ] - }, - "type": "ApiConnection", - "inputs": { - "body": "@{variables('credential_dumps_loganalytics_custom_log')}\n| project email=email_s", - "host": { - "connection": { - "name": "@parameters('$connections')['azuremonitorlogs']['connectionId']" - } - }, - "method": "post", - "path": "/queryData", - "queries": { - "resourcegroups": "RF", - "resourcename": "RF-log-analyitics", - "resourcetype": "Log Analytics Workspace", - "subscriptions": "5129b3ff-c0c6-4e86-bd1c-70e5fcd579cf", - "timerange": "@{formatDateTime(addDays(utcNow(), variables('search_lookback_days')), 'yyyy-MM-dd')}" - } - } - }, - "Query_Log_Analytics_for_Malware_log_exposures": { - "runAfter": { - "Initialize_-_Array_of_known_Malware_log_exposures": [ - "Succeeded" - ] - }, - "type": "ApiConnection", - "inputs": { - "body": "@{variables('malware_logs_loganalytics_custom_log')}\n| project login=login_s, domain=domain_s", - "host": { - "connection": { - "name": "@parameters('$connections')['azuremonitorlogs']['connectionId']" - } - }, - "method": "post", - "path": "/queryData", - "queries": { - "resourcegroups": "RF", - "resourcename": "RF-log-analyitics", - "resourcetype": "Log Analytics Workspace", - "subscriptions": "5129b3ff-c0c6-4e86-bd1c-70e5fcd579cf", - "timerange": "@{formatDateTime(addDays(utcNow(), variables('search_lookback_days')), 'yyyy-MM-dd')}" - } - } - }, - "Send_Data_-_Save_new_Credential_dump_exposures_into_Log_Analytics_Custom_Log": { - "runAfter": { - "Transform_new_Credential_dump_exposures_array_into_a_JSON_object": [ - "Succeeded" - ] - }, - "type": "ApiConnection", - "inputs": { - "body": "@{outputs('Transform_new_Credential_dump_exposures_array_into_a_JSON_object')}", - "headers": { - "Log-Type": "@variables('credential_dumps_loganalytics_custom_log')", - "time-generated-field": "@{utcNow()}" - }, - "host": { - "connection": { - "name": "@parameters('$connections')['azureloganalyticsdatacollector']['connectionId']" - } - }, - "method": "post", - "path": "/api/logs" - } - }, - "Send_Data_-_Save_new_Malware_log_exposures_into_Log_Analytics_Custom_Log": { - "runAfter": { - "Transform_new_Malware_log_exposures_array_into_a_JSON_object": [ - "Succeeded" - ] - }, - "type": "ApiConnection", - "inputs": { - "body": "@{outputs('Transform_new_Malware_log_exposures_array_into_a_JSON_object')}", - "headers": { - "Log-Type": "@variables('malware_logs_loganalytics_custom_log')", - "time-generated-field": "@{utcNow()}" - }, - "host": { - "connection": { - "name": "@parameters('$connections')['azureloganalyticsdatacollector']['connectionId']" - } - }, - "method": "post", - "path": "/api/logs" - } - }, - "Transform_new_Credential_dump_exposures_array_into_a_JSON_object": { - "runAfter": { - "For_Each_new_Credential_dump_exposures": [ - "Succeeded" - ] - }, - "type": "Compose", - "inputs": "@variables('unknown_credential_dump_creds')" - }, - "Transform_new_Malware_log_exposures_array_into_a_JSON_object": { - "runAfter": { - "For_Each_new_Malware_log_exposures": [ - "Succeeded" - ] - }, - "type": "Compose", - "inputs": "@variables('unknown_malware_log_creds')" - } - }, - "outputs": {} - }, - "parameters": { - "$connections": { - "value": { - "azureloganalyticsdatacollector": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", - "connectionName": "[variables('LogAnalyticsDataCollectorConnectionName')]", - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azureloganalyticsdatacollector')]" - }, - "azuremonitorlogs": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureMonitorLogsConnectionName'))]", - "connectionName": "[variables('AzureMonitorLogsConnectionName')]", - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azuremonitorlogs')]" - }, - "recordedfutureidenti": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('RecordedFutureIdentityConnectionName'))]", - "connectionName": "[variables('RecordedFutureIdentityConnectionName')]", - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/recordedfutureidenti')]" - } - } - } - } - } - }, - { - "type": "Microsoft.Web/connections", - "apiVersion": "2018-07-01-preview", - "name": "[variables('LogAnalyticsDataCollectorConnectionName')]", - "location": "[resourceGroup().location]", - "properties": { - "api": { - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azureloganalyticsdatacollector')]" - }, - "displayName": "[variables('LogAnalyticsDataCollectorConnectionName')]" - } - }, - { - "type": "Microsoft.Web/connections", - "apiVersion": "2018-07-01-preview", - "name": "[variables('AzureMonitorLogsConnectionName')]", - "location": "[resourceGroup().location]", - "properties": { - "api": { - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azuremonitorlogs')]" - }, - "displayName": "[variables('AzureMonitorLogsConnectionName')]" - } - }, - { - "type": "Microsoft.Web/connections", - "apiVersion": "2018-07-01-preview", - "name": "[variables('RecordedFutureIdentityConnectionName')]", - "location": "[resourceGroup().location]", - "properties": { - "api": { - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/recordedfutureidenti')]" - }, - "displayName": "[variables('RecordedFutureIdentityConnectionName')]" - } - } - ] -} \ No newline at end of file diff --git a/Solutions/Recorded Future Identity/Playbooks/lookup_and_save.json b/Solutions/Recorded Future Identity/Playbooks/lookup_and_save.json deleted file mode 100644 index 0b35be67ca..0000000000 --- a/Solutions/Recorded Future Identity/Playbooks/lookup_and_save.json +++ /dev/null @@ -1,322 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "comment": "", - "author": "Dmytro Branitskyi, Recorded Future" - }, - "parameters": { - "PlaybookName": { - "defaultValue": "Recorded_Future_Identity_Lookup_And_Save", - "type": "string" - } - }, - "variables": { - "LogAnalyticsDataCollectorConnectionName": "[concat('azureloganalyticsdatacollector-', parameters('PlaybookName'))]", - "RecordedFutureIdentityConnectionName": "[concat('recordedfutureidenti-', parameters('PlaybookName'))]" - }, - "resources": [ - { - "type": "Microsoft.Logic/workflows", - "apiVersion": "2019-05-01", - "name": "[parameters('PlaybookName')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", - "[resourceId('Microsoft.Web/connections', variables('RecordedFutureIdentityConnectionName'))]" - ], - "properties": { - "state": "Enabled", - "definition": { - "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "$connections": { - "defaultValue": {}, - "type": "Object" - } - }, - "triggers": { - "manual": { - "type": "Request", - "kind": "Http", - "inputs": { - "method": "POST", - "schema": { - "properties": { - "lookup_lookback_range": { - "type": "integer" - }, - "lookup_results_loganalytics_custom_log": { - "type": "string" - }, - "risky_user_email": { - "type": "string" - } - }, - "type": "object" - } - } - } - }, - "actions": { - "Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users": { - "runAfter": { - "Initialize_-_Default_name_for_Lookup_results_Log_Analytics_custom_log": [ - "Succeeded" - ] - }, - "type": "ApiConnection", - "inputs": { - "body": { - "filter": { - "first_downloaded_gte": "@{formatDateTime(addDays(utcNow(), if(equals(triggerBody()?['lookup_lookback_range'], null), variables('default_value_for_lookup_lookback_days'), triggerBody()?['lookup_lookback_range'])), 'yyyy-MM-dd')}" - }, - "subjects": [ - "@triggerBody()?['risky_user_email']" - ] - }, - "host": { - "connection": { - "name": "@parameters('$connections')['recordedfutureidenti']['connectionId']" - } - }, - "method": "post", - "path": "/credentials/lookup" - } - }, - "Initialize_-_Default_name_for_Lookup_results_Log_Analytics_custom_log": { - "runAfter": { - "Initialize_-_Default_value_for_Lookup_range_(days_back)": [ - "Succeeded" - ] - }, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "lookup_results_loganalytics_custom_log", - "type": "string", - "value": "RiskyUsersLookupResults_CL" - } - ] - }, - "description": "Table name must ends with \"CL\"" - }, - "Initialize_-_Default_value_for_Lookup_range_(days_back)": { - "runAfter": {}, - "type": "InitializeVariable", - "inputs": { - "variables": [ - { - "name": "default_value_for_lookup_lookback_days", - "type": "integer", - "value": -365 - } - ] - }, - "description": "Default number of days before today to lookup. E.g. input \"-14\" to search the last 14 days. This value can be changed by passing corresponding parameter in requests' json body." - }, - "Response_-_Failed": { - "runAfter": { - "Response_-_Successfully_saved_lookup_results_into_LogAnalytics": [ - "Skipped" - ] - }, - "type": "Response", - "kind": "Http", - "inputs": { - "body": { - "data": { - "lookup_lookback_date": "@formatDateTime(addDays(utcNow(), if(equals(triggerBody()?['lookup_lookback_range'], null), variables('default_value_for_lookup_lookback_days'), triggerBody()?['lookup_lookback_range'])), 'yyyy-MM-dd')", - "lookup_results": "@body('Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users')", - "lookup_results_loganalytics_custom_log": "@if(equals(triggerBody()?['lookup_results_loganalytics_custom_log'], null), variables('lookup_results_loganalytics_custom_log'), triggerBody()?['lookup_results_loganalytics_custom_log'])", - "parameters_passed": { - "lookup_lookback_range": "@triggerBody()?['lookup_lookback_range']", - "lookup_results_loganalytics_custom_log": "@triggerBody()?['lookup_results_loganalytics_custom_log']", - "risky_user_email": "@triggerBody()?['risky_user_email']" - } - }, - "reason": "Unknown", - "status": "Error" - }, - "headers": { - "Content-Type": "application/json" - }, - "schema": { - "properties": { - "data": { - "properties": { - "lookup_lookback_date": { - "type": "string" - }, - "lookup_results": { - "properties": {}, - "type": "object" - }, - "lookup_results_loganalytics_custom_log": { - "type": "string" - }, - "parameters_passed": { - "properties": { - "lookup_lookback_range": { - "type": "integer" - }, - "lookup_results_loganalytics_custom_log": { - "type": "string" - }, - "risky_user_email": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - } - }, - "type": "object" - }, - "statusCode": 422 - } - }, - "Response_-_Successfully_saved_lookup_results_into_LogAnalytics": { - "runAfter": { - "Send_Data_-_Save_Lookup_results_to_LogAnalytics_Custom_Log": [ - "Succeeded" - ] - }, - "type": "Response", - "kind": "Http", - "inputs": { - "body": { - "data": { - "lookup_lookback_date": "@formatDateTime(addDays(utcNow(), if(equals(triggerBody()?['lookup_lookback_range'], null), variables('default_value_for_lookup_lookback_days'), triggerBody()?['lookup_lookback_range'])), 'yyyy-MM-dd')", - "lookup_results": "@body('Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users')", - "lookup_results_loganalytics_custom_log": "@if(equals(triggerBody()?['lookup_results_loganalytics_custom_log'], null), variables('lookup_results_loganalytics_custom_log'), triggerBody()?['lookup_results_loganalytics_custom_log'])", - "parameters_passed": { - "lookup_lookback_range": "@triggerBody()?['lookup_lookback_range']", - "lookup_results_loganalytics_custom_log": "@triggerBody()?['lookup_results_loganalytics_custom_log']", - "risky_user_email": "@triggerBody()?['risky_user_email']" - } - }, - "status": "Successfully saved risky user lookup results into LogAnalytics table." - }, - "headers": { - "Content-Type": "application/json" - }, - "schema": { - "properties": { - "data": { - "properties": { - "lookup_lookback_date": { - "type": "string" - }, - "lookup_results": { - "properties": {}, - "type": "object" - }, - "lookup_results_loganalytics_custom_log": { - "type": "string" - }, - "parameters_passed": { - "properties": { - "lookup_lookback_range": { - "type": "integer" - }, - "lookup_results_loganalytics_custom_log": { - "type": "string" - }, - "risky_user_email": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "type": "string" - } - }, - "type": "object" - }, - "statusCode": 200 - } - }, - "Send_Data_-_Save_Lookup_results_to_LogAnalytics_Custom_Log": { - "runAfter": { - "Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users": [ - "Succeeded" - ] - }, - "type": "ApiConnection", - "inputs": { - "body": "@{body('Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users')}", - "headers": { - "Log-Type": "@{if(equals(triggerBody()?['lookup_results_loganalytics_custom_log'], null), variables('lookup_results_loganalytics_custom_log'), triggerBody()?['lookup_results_loganalytics_custom_log'])}", - "time-generated-field": "@{utcNow()}" - }, - "host": { - "connection": { - "name": "@parameters('$connections')['azureloganalyticsdatacollector']['connectionId']" - } - }, - "method": "post", - "path": "/api/logs" - } - } - }, - "outputs": {} - }, - "parameters": { - "$connections": { - "value": { - "azureloganalyticsdatacollector": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", - "connectionName": "[variables('LogAnalyticsDataCollectorConnectionName')]", - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azureloganalyticsdatacollector')]" - }, - "recordedfutureidenti": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('RecordedFutureIdentityConnectionName'))]", - "connectionName": "[variables('RecordedFutureIdentityConnectionName')]", - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/recordedfutureidenti')]" - } - } - } - } - } - }, - { - "type": "Microsoft.Web/connections", - "apiVersion": "2018-07-01-preview", - "name": "[variables('LogAnalyticsDataCollectorConnectionName')]", - "location": "[resourceGroup().location]", - "properties": { - "api": { - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azureloganalyticsdatacollector')]" - }, - "displayName": "[variables('LogAnalyticsDataCollectorConnectionName')]" - } - }, - { - "type": "Microsoft.Web/connections", - "apiVersion": "2018-07-01-preview", - "name": "[variables('RecordedFutureIdentityConnectionName')]", - "location": "[resourceGroup().location]", - "properties": { - "api": { - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/recordedfutureidenti')]" - }, - "displayName": "[variables('RecordedFutureIdentityConnectionName')]" - } - } - ] -} \ No newline at end of file diff --git a/Solutions/Recorded Future Identity/Playbooks/readme.md b/Solutions/Recorded Future Identity/Playbooks/readme.md index d6a3fe6c47..5c9fe980e0 100644 --- a/Solutions/Recorded Future Identity/Playbooks/readme.md +++ b/Solutions/Recorded Future Identity/Playbooks/readme.md @@ -8,7 +8,7 @@ Recorded Future Identity Intelligence enables security and IT teams to detect id To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. -Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel. +Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action using Recorded Future Identity data and Microsoft Entra ID. There are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. @@ -18,8 +18,8 @@ They include: 1. searches for compromised workforce or external customer users 2. looking up existing users and saving the compromised user data to a Log file -3. confirming high risk Azure Active Directory (AAD) users -4. adding a compromised user to an AAD security group +3. confirming high risk Microsoft Entra ID (EntraID) users +4. adding a compromised user to an EntraID security group
@@ -57,13 +57,10 @@ Possible remediations include requiring a password reset, or temporarily locking 2) [Active Directory Identity Protection - confirm user is compromised](#active_directory_identity_protection_confirm_user_is_compromised) 3) [Lookup risky user and save results](#lookup_risky_user_and_save_results) 3) [Deployment](#deployment) - 1) [Prerequisites](#prerequisites) - 2) [Deployment using Azure Marketplace](#deployment_azure_marketplace) - 3) [Deployment using "Deploy a custom template" service](#deployment_custom_template) - 1) [Deploy the Solution](#deployment_custom_template_solution) + 1) [Prerequisites](#prerequisites) 2) [Deploy Playbooks (Logic Apps) one by one](#deployment_custom_template_playbooks) - 1) [RecordedFutureIdentity-add-AAD-security-group-user](#deployment_custom_template_playbooks_add_AAD_security_group_user) - 2) [RecordedFutureIdentity-confirm-AAD-risky-user](#deployment_custom_template_playbooks_confirm_AAD_risky_user) + 1) [RecordedFutureIdentity-add-EntraID-security-group-user](#deployment_custom_template_playbooks_add_EntraID_security_group_user) + 2) [RecordedFutureIdentity-confirm-EntraID-risky-user](#deployment_custom_template_playbooks_confirm_EntraID_risky_user) 3) [RecordedFutureIdentity-lookup-and-save-user](#deployment_custom_template_playbooks_lookup_and_save_user) 4) [RecordedFutureIdentity-search-workforce-user](#deployment_custom_template_playbooks_search_workforce_user) 5) [RecordedFutureIdentity-search-external-user](#deployment_custom_template_playbooks_search_external_user) @@ -98,8 +95,8 @@ This Solution consists of 5 Playbooks (Logic Apps). | Playbook Name | Description | |--------------------------------------------------------|----------------------------------------------------------------------------------------| -| **RecordedFutureIdentity-add-AAD-security-group-user** | Add risky user to Active Directory Security Group for users at risk. | -| **RecordedFutureIdentity-confirm-AAD-risky-user** | Confirm to Active Directory Identity Protection that user is compromised. | +| **RecordedFutureIdentity-add-EntraID-security-group-user** | Add risky user to Active Directory Security Group for users at risk. | +| **RecordedFutureIdentity-confirm-EntraID-risky-user** | Confirm to Active Directory Identity Protection that user is compromised. | | **RecordedFutureIdentity-lookup-and-save-user** | Lookup additional information on a compromised user and save results to Log Analytics. | @@ -130,7 +127,7 @@ Those playbooks search the Recorded Future Identity Intelligence Module for comp
-If you are using External use case - you will get info on your clients leaks, so probably the most valuable "reactive" Logic App for you will be "Lookup risky user and save results", as "Add risky user to Active Directory Security Group" and "Active Directory Identity Protection - confirm user is compromised" assumes that the leaked email is a user in your organization Azure Active Directory, which is mostly probably not true for External use case. +If you are using External use case - you will get info on your clients leaks, so probably the most valuable "reactive" Logic App for you will be "Lookup risky user and save results", as "Add risky user to Active Directory Security Group" and "Active Directory Identity Protection - confirm user is compromised" assumes that the leaked email is a user in your organization Microsoft Entra ID, which is mostly probably not true for External use case.
@@ -167,9 +164,9 @@ Logic App Parameters for Base Logic App "External use case" are the same as for -#### RecordedFutureIdentity-add-AAD-security-group-user +#### RecordedFutureIdentity-add-EntraID-security-group-user -This playbook adds a compromised user to an AAD security group. Triage and remediation should be handled in follow up playbooks or actions. +This playbook adds a compromised user to an EntraID security group. Triage and remediation should be handled in follow up playbooks or actions. By applying security policies to the security group and adding leaked users to that group - you can react to a leak and mitigate the risks. @@ -205,9 +202,9 @@ HTTP request parameters: -#### RecordedFutureIdentity-confirm-AAD-risky-user +#### RecordedFutureIdentity-confirm-EntraID-risky-user -This playbook confirms compromise of users deemed "high risk" by Azure Active Directory Identity Protection. +This playbook confirms compromise of users deemed "high risk" by Microsoft Entra ID Identity Protection. More on Active Directory Identity Protection you can read here: [link1](https://docs.microsoft.com/azure/active-directory/identity-protection/) and [link2](https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection) and [link3](https://docs.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock). @@ -300,182 +297,37 @@ Another way to cover this case - you can add a corresponding check to RecordedFu ## Deployment -There is several ways you can deploy this Solution: -- Deployment of complete Solution from Azure Marketplace -- Using ["Deploy a Custom template"](https://portal.azure.com/#create/Microsoft.Template) - - Deploy the Solution (one step to deploy all resources in the Solution) - - Deploy each playbook one by one - -**Important:** -- **Make sure you deploy all 3 "Reactive" playbooks before deploying "Base" playbooks. And make sure you configure all 3 "Reactive" playbooks before running "Base" playbooks.** -- **Make sure to specify correct "Reactive" playbook names while deploying "Base" playbooks.** "Correct" - are just the same as you have used while deploying "Reactive" playbooks. +> [!IMPORTANT] +> Make sure you deploy all 3 "Reactive" playbooks before deploying "Base" playbooks. And make sure you configure all 3 "Reactive" playbooks before running "Base" playbooks. +> Make sure to specify correct "Reactive" playbook names while deploying "Base" playbooks.** "Correct" - are just the same as you have used while deploying "Reactive" playbooks. ### Prerequisites -- An Azure account and subscription. If you don't have a subscription, [sign up for a free Azure account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). -- Azure subscription Owner or Contributor permissions so you can install the Logic Apps Management solution from the Azure Marketplace. For more information, review [Permission to purchase - Azure Marketplace purchasing](https://docs.microsoft.com/marketplace/azure-purchasing-invoicing#permission-to-purchase) and [Azure roles - Classic subscription administrator roles, Azure roles, and Azure AD roles](https://docs.microsoft.com/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles). +- An Entra ID Tenant and subscription. If you don't have a subscription, [sign up for a free Azure account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). +- Azure subscription Owner or Contributor permissions so you can install the Logic Apps Management solution from the Azure Marketplace. For more information, review [Permission to purchase - Azure Marketplace purchasing](https://docs.microsoft.com/marketplace/azure-purchasing-invoicing#permission-to-purchase) and [Azure roles - Classic subscription administrator roles, Azure roles, and Entra ID roles](https://docs.microsoft.com/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles). - A [Log Analytics workspace](https://docs.microsoft.com/azure/azure-monitor/essentials/resource-logs#send-to-log-analytics-workspace). If you don't have a workspace, learn [how to create a Log Analytics workspace](https://docs.microsoft.com/azure/azure-monitor/logs/quick-create-workspace). Note that the custom logs specified as parameters in these playbooks will be created automatically if they don’t already exist. - In Consumption logic apps, before you can create or manage logic apps and their connections, you need specific permissions. For more information about these permissions, review [Secure operations - Secure access and data in Azure Logic Apps](https://docs.microsoft.com/azure/logic-apps/logic-apps-securing-a-logic-app#secure-operations). - For `Recorded Future Identity` Connections you will need `Recorded Future Identity API` token. To obtain one - check out [this section](#how_to_obtain_Recorded_Future_API_token). - -### Deployment using [Azure Marketplace](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/) - -1) Open Recorded Future Identity Solution page in Azure Marketplace in one of two ways: - 1) Use the direct link to [Recorded Future Identity Solution](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/recordedfuture1605638642586.recorded_future_identity_solution). - 1) Open [Azure Marketplace](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/). Search for "Recorded Future Identity Solution". -1) On the Recorded Future Identity Solution page click "Create". -1) Follow the installation process as described below. - -Parameters for deployment: - -| Parameter | Description | -|--------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Subscription** | Your Azure Subscription to deploy the Solution in. All resources in an Azure subscription are billed together. | -| **Resource group** | Resource group in your Subscription to deploy the Solution in. A resource group is a collection of resources that share the same lifecycle, permissions, and policies. | -| **Workspace** | Log Analytics Workspace name. | -| **Playbook Name for "Add ADD security group user" playbook** | Playbook name to use for "RecordedFutureIdentity-add-AAD-security-group-user" playbook. | -| **Playbook Name for "Confirm AAD risky user" playbook** | Playbook name to use for "RecordedFutureIdentity-confirm-AAD-risky-user" playbook. | -| **Playbook Name for "Lookup and save user" playbook** | Playbook name to use for "RecordedFutureIdentity-lookup-and-save-user" playbook. | -| **Playbook Name for "Search workforce user" playbook** | Playbook name to use for "RecordedFutureIdentity-search-workforce-user" playbook. | -| **Playbook Name for "Search external user" playbook** | Playbook name to use for "RecordedFutureIdentity-search-external-user" playbook. | - -
- -Microsoft Sentinel Content Hub Installation #4 - -Microsoft Sentinel Content Hub Installation #5 - -Microsoft Sentinel Content Hub Installation #6 - -
- -At the end it should look like this: - -Microsoft Sentinel Content Hub Installation #6 - -Microsoft Sentinel Content Hub Installation #6 - -
-
- - -### Deployment using "Deploy a custom template" service - -You can deploy resources (Solution, Playbooks, etc) from templates using `Deploy a custom template` service. - -
- -**Important:** -- **Make sure you deploy all 3 "Reactive" playbooks before deploying "Base" playbooks. And make sure you configure all 3 "Reactive" playbooks before running "Base" playbooks.** -- **Make sure to specify correct "Reactive" playbook names while deploying "Base" playbooks.** "Correct" - are just the same as you have used while deploying "Reactive" playbooks. - - -
- -**! If you decided deploy the Solution using `Deploy a custom template` service - THE EASIEST WAY TO DEPLOY templates of the current Solution - just by using corresponding `Deploy to Azure` ![Deploy to Azure](https://aka.ms/deploytoazurebutton) button or `Deploy to Azure Gov` ![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton) buttons in the next sections.** - -
- -You can find `Deploy a custom template` service using search on [Azure portal home page](https://portal.azure.com). - -Here is how icons for this service looks: - -Deploy a Custom Template Icon #1 - -Deploy a Custom Template Icon #2 - -Deploy a Custom Template Icon #3 - -
- -
- -Here is the interface and short usage tutorial: - -Deploy a Custom Template Installation #1 - -You can click on `Build your own template in the editor` button. - -There you can paste any template to deploy: - -Deploy a Custom Template Installation #2 - -
- -"Templates" - are just content of corresponding files. For example: -- use content of [../Package/mainTemplate.json](../Package/mainTemplate.json) file to deploy this whole Solution (all in one). -- or use content of [./RecordedFutureIdentity-add-AAD-security-group-user.json](./RecordedFutureIdentity-add-AAD-security-group-user.json) file to deploy ONLY `RecordedFutureIdentity-add-AAD-security-group-user` playbook. - - -After you paste your template to deploy - click `Save` button: - -Deploy a Custom Template Installation #3 - -Regarding next steps specific parameters descriptions - check out a corresponding section below for your specific template deployment (as each template have its own deployment parameters). - -But in general, next steps will look like this: - -Deploy a Custom Template Installation #4 - -Deploy a Custom Template Installation #4 - -Deploy a Custom Template Installation #4 - -Deploy a Custom Template Installation #4 - - -
- -
- - - -#### Deploy the Solution (all in one step) - - -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPackage%2FmainTemplate.json) -[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPackage%2FmainTemplate.json) - -Parameters for deployment: - -| Parameter | Description | -|-----------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Subscription** | Your Azure Subscription to deploy the Solution in. All resources in an Azure subscription are billed together. | -| **Resource group** | Resource group in your Subscription to deploy the Solution in. A resource group is a collection of resources that share the same lifecycle, permissions, and policies. | -| **Region** | Choose the Azure region that's right for you and your customers. Not every resource is available in every region. | -| **Location** | Not used. Leave default value. | -| **Workspace-location** | Region in which your Log Analytics Workspace is deployed (ex. "`eastus`" - for East US). | -| **Workspace** | Log Analytics Workspace name. | -| **Playbook-Name-add-AAD-security-group-user** | Playbook name to use for "RecordedFutureIdentity-add-AAD-security-group-user" playbook. | -| **Playbook-Name-confirm-AAD-risky-user** | Playbook name to use for "RecordedFutureIdentity-confirm-AAD-risky-user" playbook. | -| **Playbook-Name-lookup-and-save-user** | Playbook name to use for "RecordedFutureIdentity-lookup-and-save-user" playbook. | -| **Playbook-Name-search-workforce-user** | Playbook name to use for "RecordedFutureIdentity-search-workforce-user" playbook. | -| **Playbook-Name-search-external-user** | Playbook name to use for "RecordedFutureIdentity-search-external-user" playbook. | - - -
- #### Deploy Playbooks one by one -Important: -- **Make sure you deploy all 3 "Reactive" playbooks before deploying "Base" playbooks. And make sure you configure all 3 "Reactive" playbooks before running "Base" playbooks.** -- **Make sure to specify correct "Reactive" playbook names while deploying "Base" playbooks.** "Correct" - are just the same as you have used while deploying "Reactive" playbooks. - +> [!IMPORTANT] +> **Make sure you deploy all 3 "Reactive" playbooks before deploying "Base" playbooks. And make sure you configure all 3 "Reactive" playbooks before running "Base" playbooks.** +> **Make sure to specify correct "Reactive" playbook names while deploying "Base" playbooks.** "Correct" - are just the same as you have used while deploying "Reactive" playbooks.
- + -##### RecordedFutureIdentity-add-AAD-security-group-user +##### RecordedFutureIdentity-add-EntraID-security-group-user -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-add-AAD-security-group-user.json) -[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-add-AAD-security-group-user.json) +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-add-EntraID-security-group-user%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-add-EntraID-security-group-user%2Fazuredeploy.json) Parameters for deployment: @@ -484,17 +336,17 @@ Parameters for deployment: | **Subscription** | Your Azure Subscription to deploy the Solution in. All resources in an Azure subscription are billed together. | | **Resource group** | Resource group in your Subscription to deploy the Solution in. A resource group is a collection of resources that share the same lifecycle, permissions, and policies. | | **Region** | Choose the Azure region that's right for you and your customers. Not every resource is available in every region. | -| **Playbook-Name** | Playbook name to use for this playbook (ex. "RecordedFutureIdentity-add-AAD-security-group-user"). | +| **Playbook-Name** | Playbook name to use for this playbook (ex. "RecordedFutureIdentity-add-EntraID-security-group-user"). |
- + -##### RecordedFutureIdentity-confirm-AAD-risky-user +##### RecordedFutureIdentity-confirm-EntraID-risky-user -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-confirm-AAD-risky-user.json) -[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-confirm-AAD-risky-user.json) +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-confirm-EntraID-risky-user%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-confirm-EntraID-risky-user%2Fazuredeploy.json) Parameters for deployment: @@ -503,7 +355,7 @@ Parameters for deployment: | **Subscription** | Your Azure Subscription to deploy the Solution in. All resources in an Azure subscription are billed together. | | **Resource group** | Resource group in your Subscription to deploy the Solution in. A resource group is a collection of resources that share the same lifecycle, permissions, and policies. | | **Region** | Choose the Azure region that's right for you and your customers. Not every resource is available in every region. | -| **Playbook-Name** | Playbook name to use for this playbook (ex. "RecordedFutureIdentity-confirm-AAD-risky-user"). | +| **Playbook-Name** | Playbook name to use for this playbook (ex. "RecordedFutureIdentity-confirm-EntraID-risky-user"). |
@@ -512,8 +364,8 @@ Parameters for deployment: ##### RecordedFutureIdentity-lookup-and-save-user -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-lookup-and-save-user.json) -[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-lookup-and-save-user.json) +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-lookup-and-save-user%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-lookup-and-save-user%2Fazuredeploy.json) Parameters for deployment: @@ -531,8 +383,8 @@ Parameters for deployment: ##### RecordedFutureIdentity-search-workforce-user -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-workforce-user.json) -[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-workforce-user.json) +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-workforce-user%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-workforce-user%2Fazuredeploy.json) Parameters for deployment: @@ -542,8 +394,8 @@ Parameters for deployment: | **Resource group** | Resource group in your Subscription to deploy the Solution in. A resource group is a collection of resources that share the same lifecycle, permissions, and policies. | | **Region** | Choose the Azure region that's right for you and your customers. Not every resource is available in every region. | | **Playbook-Name** | Playbook name to use for this playbook (ex. "RecordedFutureIdentity-search-workforce-user"). | -| **Playbook-Name-add-AAD-security-group-user** | Playbook name to use for "RecordedFutureIdentity-add-AAD-security-group-user" playbook. | -| **Playbook-Name-confirm-AAD-risky-user** | Playbook name to use for "RecordedFutureIdentity-confirm-AAD-risky-user" playbook. | +| **Playbook-Name-add-EntraID-security-group-user** | Playbook name to use for "RecordedFutureIdentity-add-EntraID-security-group-user" playbook. | +| **Playbook-Name-confirm-EntraID-risky-user** | Playbook name to use for "RecordedFutureIdentity-confirm-EntraID-risky-user" playbook. | | **Playbook-Name-lookup-and-save-user** | Playbook name to use for "RecordedFutureIdentity-lookup-and-save-user" playbook. | @@ -553,8 +405,8 @@ Parameters for deployment: ##### RecordedFutureIdentity-search-external-user -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-external-user.json) -[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-external-user.json) +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-external-user%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-external-user%2Fazuredeploy.json) Parameters for deployment: @@ -564,8 +416,8 @@ Parameters for deployment: | **Resource group** | Resource group in your Subscription to deploy the Solution in. A resource group is a collection of resources that share the same lifecycle, permissions, and policies. | | **Region** | Choose the Azure region that's right for you and your customers. Not every resource is available in every region. | | **Playbook-Name** | Playbook name to use for this playbook (ex. "RecordedFutureIdentity-search-external-user"). | -| **Playbook-Name-add-AAD-security-group-user** | Playbook name to use for "RecordedFutureIdentity-add-AAD-security-group-user" playbook. | -| **Playbook-Name-confirm-AAD-risky-user** | Playbook name to use for "RecordedFutureIdentity-confirm-AAD-risky-user" playbook. | +| **Playbook-Name-add-EntraID-security-group-user** | Playbook name to use for "RecordedFutureIdentity-add-EntraID-security-group-user" playbook. | +| **Playbook-Name-confirm-EntraID-risky-user** | Playbook name to use for "RecordedFutureIdentity-confirm-EntraID-risky-user" playbook. | | **Playbook-Name-lookup-and-save-user** | Playbook name to use for "RecordedFutureIdentity-lookup-and-save-user" playbook. | diff --git a/Solutions/Recorded Future Identity/ReleaseNotes.md b/Solutions/Recorded Future Identity/ReleaseNotes.md new file mode 100644 index 0000000000..08dca2d4b9 --- /dev/null +++ b/Solutions/Recorded Future Identity/ReleaseNotes.md @@ -0,0 +1,4 @@ +| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | +|-------------|--------------------------------|---------------------------------------------| +| 3.0.0 | 15-04-2024 | Fixedhardcoded SubscriptionID.
Entra ID renaming of playbooks and readme.
Using solution format V3 | +| 2.0.0 | 14-09-2022 | Initial Solution Release | From aba855aa8e4001c5117809d3be3e7aaeb675992e Mon Sep 17 00:00:00 2001 From: RecordedFutureOskbo Date: Fri, 19 Apr 2024 11:39:44 +0200 Subject: [PATCH 02/33] Update UiDefinition, documentation and typo in connector namn --- .../Data/Solution_RecordedFutureIdentity.json | 4 +- .../Package/3.0.0.zip | Bin 13887 -> 14059 bytes .../Package/createUiDefinition.json | 2 +- .../Package/mainTemplate.json | 14 ++-- .../azuredeploy.json | 6 +- .../azuredeploy.json | 4 +- .../azuredeploy.json | 4 +- .../azuredeploy.json | 4 +- .../azuredeploy.json | 4 +- .../Playbooks/readme.md | 73 +++++++++--------- .../Recorded Future Identity/ReleaseNotes.md | 2 +- 11 files changed, 59 insertions(+), 58 deletions(-) diff --git a/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json b/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json index 53af46c742..2fb3e6cdd2 100644 --- a/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json +++ b/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json @@ -2,7 +2,7 @@ "Name": "Recorded Future Identity", "Author": "Recorded Future Premier Integrations - support@recordedfuture.com", "Logo": "", - "Description": "[Recorded Future](https://www.recordedfuture.com/) Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:\n1. searches for compromised workforce or external customer users\n2. looking up existing users and saving the compromised user data to a Log file\n3. confirming high risk Azure Active Directory (AAD) users\n4. adding a compromised user to an AAD security group\n\nFor more information, see the [Documentation for this Solution](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/Playbooks).\n\nThe playbooks have internal dependencies where you have to install: \n- RecordedFutureIdentity-add-AAD-security-group-user \n- RecordedFutureIdentity-confirm-AAD-risky-user \n- RecordedFutureIdentity-lookup-and-save-user \n\nBefore: \n- RecordedFutureIdentity-search-workforce-user \n- RecordedFutureIdentity-search-external-user.", + "Description": "[Recorded Future](https://www.recordedfuture.com/) Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:\n1. searches for compromised workforce or external customer users\n2. looking up existing users and saving the compromised user data to a Log file\n3. confirming high risk Azure Active Directory (AAD) users\n4. adding a compromised user to an AAD security group\n\nFor more information, see the [Documentation for this Solution](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/Playbooks).\n\nThe playbooks have internal dependencies where you have to install: \n- RecordedFutureIdentity-add-EntraID-security-group-user \n- RecordedFutureIdentity-confirm-EntraID-risky-user \n- RecordedFutureIdentity-lookup-and-save-user \n\nBefore: \n- RecordedFutureIdentity-search-workforce-user \n- RecordedFutureIdentity-search-external-user.\n\nThis solution depends on underlying Microsoft technologies. Some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:\n* [Log Analytics](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/workspace-design)\n* [Logic apps](https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-pricing)\n", "PlaybooksBladeDescription": "This solution will install playbooks that import users with leaked credentials from Recorded Future and set them as RiskyUsers in Azure Active Directory.", "Playbooks": [ "/Playbooks/RecordedFutureIdentity-add-EntraID-security-group-user/azuredeploy.json", @@ -14,6 +14,6 @@ "BasePath": "D:\\Azure-Sentinel\\Solutions\\Recorded Future Identity\\", "Version": "3.0.0", "Metadata": "SolutionMetadata.json", - "TemplateSpec": false, + "TemplateSpec": true, "Is1PConnector": false } diff --git a/Solutions/Recorded Future Identity/Package/3.0.0.zip b/Solutions/Recorded Future Identity/Package/3.0.0.zip index d6abcff2f08048b91223c9ceee431733bfd8f1f9..3778d4eed817452771619ac36d7e45d3fcbeb050 100644 GIT binary patch delta 13778 zcmZX*Q*b6u)b$(diH(V!iET}6+nCtq6Wg|J+nU(6Z9Cupeb1@->eT6rebLo@(KlV| zx7S|1))zK-3ew;Z=pY~j2Wc29?pCfBmrwb<}8aATrtZ11WEmbG^#gGbjP|hgdfn#mHdsXjPW0 z9p*qqncKQRRB?0^jjr*VK8^fn#_3zvL=4IWqauAZW^ytR3KQQf%;|u%{0F-BP62~C zlUUQ<(X|-O#*Bk`o+9OrBl#fj>JKyFoYpXXus_gS?>nltTt)J{<3@iv(!;^~lknz!Pzg`6qE5~PM_}(o%?tzDS*+?}<>yP7gFi7a z)!B{IYReipz8$;aexX5#G>b#ML8Z?z-V*=)^jL(5Nl0(Zf56^2lE8s}d>6Du@_fOb zY%hR?CnD@tDO?LsT2}J`4#CYfv23i`eYNU!VCE=LN2B?XnE53Z(Kh$UmT%4&_T+ZN zb$3`DdMK@1+7z^p^o~Mh+qQa$uz@6Dd;qDR6}+OFi!7Nve4U2 zDUA%c9E;W$6x49DfB(Kh$6#-or6*5MP2ZNF+J8_q&7PhEBi<7JgMXUj>P?|21h-}C z(@&ZQnc__`ySFxSkD~_d<#4nUr)SHj_{EuW8xFyjw{0R4FM-+I!Hgm$xsxt}ZqA{P z9038WQ144s!b<~+koKHT52r1!SEcx|@ccITL!n9`(~_?fs2K-6JQ^vQcFRe} z-h_!K?a5#(NT+;rs7HrbaFE->XiC8js8$DJQsW3OYk!~&iyZ?iRGRjSY$Ag{HT(R2 z?RG4!1>=6F87Uj%b4Bwauxo{LG#?)=eQ4N*<#`*aLdefSwKl#W| zNWUR)U!v->1BiOA&W27aOx9nah>zK_iA+E?+%l8rKYZNs3nNY{fY)ejR4;_%-79n; z6gj&JeFPLr{wDTr@9RSiNs!Z`a7RELuT?u|RRHmO2#rSt1pc&DV0AOd89)!La{r#h zd;$HH6_P(({+CU~GX6=04ZmkZKlqWL6iCsiny;Ss)!Ub(nbj#2zJh>d71wOQ+60HD zC|Bp0)(HwNsFonV&|mm+x^})-@GEPkD+*)Uav}P(Ry^7 z+l%(_A`V4ez6@Yy|jD6t$iRyeik~ zvnwOoWtYE4tjA7;s@*-G&kGd-L#geV_S;YnmfkYylX}!`l|AEaG`TfGPbdT!mH;}| zQPUx%P1Cj*;!OAOp+MLPEJiH@g!4XS24r8yl}LC7As56^N>HabECn1S=fG>L3ZpBx z@Lt3W2a3p{;sYVne~EFVSu*kzFW?wr-$6$^_+XM1Z(yA7&qr6t>1|>ii`qdxea4%1 za@b0Dk7X+ex$A=Z;YyHGkk4;tV`q}~_oDXqmoSKg71xjDG{72xdOrqdL?}dtD0&8a zG+YTYBVrazfhZ_ika!uF5NyrU=2|4z9C4YOJfe`{G&@VHWYZ*vEf@dbZl0|_L0{2v zb!lI#;+K0P@pnihf5v=3ofKoN1Y<6qu?Z3IcFj@w>t2&^+hO^B5>o&4P_Nf7sLz^b zxRrfE@HjnO5&^#{kgGG+SMZe~~zKs5@7Q~)~T3-CNvXz%KFwu8K$mHQ_v zW%v-C20QOfy;ncj9T#(a17)=z?3T|GW?4GVmJ5&nNA z3+fMbfE67G$P!y34-5|QD`A5(;p7L);l^)vI(WR1e5uu}q_uR0V1rMYkq|0GA5wV{O&k6-4J;un5lg%TneW>X@Ea)z zsyDI}(B%xJpWja+sdlF>E`FJKHxHY|rMFLn!_!+s%9|51@z@D`J$-yVlrKDZn7bQ` zk5u<{7a#BbH<5fp=KeXu3IA3drkXH_3a%BKj4PV-vzvZ z@H;M#kwi(%xw+$t(YwyIUO-3)+L3lW+6U3+Pk9`Y%^F3CQR&sH87A>Y&hN8mWgt&- z=bO;NhBH|_(L4fIifE*i0_JF=6xwU0vBtf|w)~oI@km{dL=chTjZsFQ2C0k5eqi`z zuGP{WF(~7)Cb@7-y7X>wp&v{@cXAF1JKc|~z7ECz=`VN^lKcw2Fpv1b4Zc|FPh`3| zDqK}Fy`FE`w>Yd;%7EGlh1L4E$|tgN0Rf4fC`3W5#pM8u$};DYO2A8t;1v3C&vs?* z&se$P(R4zyyB%GQ~K(Oc3a;CtMX7B&v|jn6mRA!INKs-qkq0HF!mwp-v16 ztLKd1+PMWbgKmQ#4+i~)L5sh0FxoRFlpm8H9L%yp4Eg-nOQa-xGG>6+WNPrVWx>6d z?-D=<$ydSE3w3(rwg2oK${eXn!6w`1vBM2^;FO-lK#2zVF!3Gw$Li5E67P{zXqOt+kvsEPGYD;(CvngUXc_iWx}L)0PYNb`iie!Im=lM!!z> zWS$RrX8d@sHXN@iJz92*(f;1%j1-bC6D_pgb%uiSl}@-lGWe(HOmH52$G=w1U214o zM8&)Scbs+dc5LsKigKSOJ9L8R`8bk{AD7_VGFI)|+`SF4OMf}-EEnAWHay8O{<*5& zZLLY=uSGh_>)+tDo|{*k==67zM72MqWmKF%$#RQ(cDSu4R_$fyu5hP7062>2{q25Q zl(#z!fTc))h#gej8f>23vT~uqPMKK)yo1ZQTS6mXLfAsfDvf|D)1&UhX(YDm^;oWy z57>+SDdTd-2YQETO3yOqF9HdRO(ddnijCd@DmAWY!J4 zmmZItbCrjjlMc7HHVwCzt_L$wSY_CS%`@lBR8UC(CVg6@pr=O}(%g+bn%`72x|MaJ zN2flvm3aXia7bd8?P7r*Wateyt@Qy?wuLJb`)MhAGj@e|nEX%;edzq&KDjcJ-A+;J znK`=m+0OLN#T$EhLmYo;FZa&9sq)UfIO^n;VmsNJVXU`LVMM<%a`ASLcv6(a6p#2ARo#uxx}Bddvx@zBOL3=;tlo&yhK ze$I)0n-2FUe+8ZGLSUI4BZu618yMGgRP-uyGcngh#HuO2!hVJ-dMC+YnO$n!UUL7I zx7W@g$jzz$NSmV>$mR9^jZQAN#hqU59tAN+w`~K@FA+@SG=ud!VB#0F?I*>kS&;9y zzc~)J6ZYYC4tTqi!c4-z5;!I>Qn-W*z`cOiwnJl)0Y(Z#@E-d%YT)8mH-z@J#$5W| zX~*C~FE&(+xaB!U(i`(Wgo%lfHP?h>?+NWa7O`cwN6&Ck=2`k8be4vS9VnZBh)eg8 zFe7~=YWXKEv|BBH-0;B&ZtK@x{{D*M@{n{M2aqbsp9m?6ijx2}E8JP74N3rrMo?38t6k0ZN~;)l z{6lO3A9x5ox~oAq|6ce-|Cc+em>U`g8AVi2iESvmHa7^m(f&TG`e~x08A_j&4o^NSNKF;a zwh1w3Mv%*b3}Mm_137}SaI7;cLz^-O!VpZi2Hb5Q5@Y=kFM0NQDY{jwzePd+)cERg z$Q!tV7D2*mchuIoU{lmSC-gb_l!pql0&0FVAhmuFT0N_MR~NJ$v7sqpqDr6 z`a77GP!kB*?Thd0eZMh>%1|3Vch?Cs10}m8hHw;^vbhkts6Sn?9&+W77zIi}umIY> z{z7S=ED7{~a4{nKyf{mOvc3*{6<{{ZIG|_{dBJO^f)z&?um8QeQo22UM|pO4)4EMo z%+k3Gh;l6~DXtMz`He0iCfjniNsl}7i1j|)D+kQ!Wo0F0VGq><%1~-Hn}kH^8OXw3 zozs^As9kjVJ`&#P_mgi_T`bplfB8blkFe~%89xsa&s!R@D~dc-6bteFCSRdA)q3>j zW?Wbj@^+c+C28rP($*c4cn!;Hd&jpS%jCoL<+U|6Cva6eJk+^(-L4(-W7(VaTG(2R zEe6KSl{Bmh;|d`n%ur8>*81PNp!EiToQu|6;MB^w3R;>Yb;E>s3Rn%AuZ(L}_0e@?_ zPExWnYF?Fi)En$l?Ph0dTpsqSvfbb4M+I8$PFObgA*{&V?s)?$a5_y6oGQMHQ#YQe z6tziW%<_V+VT9W7C11`g_6ye%4mL)yRDEzM=~8m}_ma^6F^W=Dv~0g@RT{B9SmQZU zJFH?q(mNR14OSG`cq|rb5lH0Pijp!*wJ>{FNn6ZjUvy@T_8ov?*%#rJl#Q~e&H@3d ze-h;QSSa%)j;wl4!|1tv-X)Wv98tAgqE3g1`C1S6;EktnGB@38Eb8tmso)Bid$jG} zsqBvC9W8d(Pkk!FvM_$Ntm)pPv=3Wv{7_s^Ork3ds%>1%-YDD9y}nV%_erEVFTUT zBe^3svHO;UR(^wB^vzJNbKjD8Y;xaL=QAiuE&KNtB7TbRiwp4a+j_#p`Ov;8hz0il zRv+Z3(R{5S!OratpUpxWIzctD_4389)(R_!AQ9Rr>yX7fZ8+$I$=q+d7gxpnMK;}a zjq*MKF3pJTpmPJC=Jyb6y~uU#Zw=HT4;Vj8BSK4BorXx?jV(M7kPxybgMqAGt>!2K zqoW6js#cS?m&1y;8pp;B(HeU)0$ZJzf#axK9Z8eGDeBI_my?HONUQ(Dz-Wjw59#lA zmz^eX8J~Ahls7FdT2w^=4_2haOE2ZCi=-4i28vtZQarnG&+cAFLDw~OM+nLq||~-x{?L`4sv0sadjfgM95Y`1JZ$YFBYvy zNXmO}@&SaloC;n53}QN2VL$=sO=cJ|n04c`{$k1FWe2b%S7pc3s5!6Q6s{1|UAO`1 zOHT_ZvuN4|8n|p0sn6*3jWB6uC_J6SuFEIi?&t>Dr5hj@ zizn)9##z%%1g*;3fB!}ZnQe~`1hD%ktQ zp6dSN^NvN~dM&EutOZ*1i<&?6T8j$=3i6E{%E-#&7>8slaX{fuGv2#yPT~?VunT;% z*sAw1*5&#?PFq^I4`FA%mznE2O#Y`KSPzWHWA{WMyC?RMzx zBgp^~jKCsHLoocuJey$MJ~q*o*&2kY2CQE5Ao9>lp1`C~*aRGz%dc+ap*n{0R^$PM z)J0(!Z5TrUF_0Dw9zaZ+i2)$CCJv$tvLBRHBjv#qcF*0lqYJ7FMyCI)M;?fU6z1e> zV+Ja{59GWid%99B3855ifzz3S6~)j+qHe;Gw>9v%Z*C<0tB~8pL?19Tf@_QO$|-9t z5pYXZ`|FAam=uP)fiJSJ;L@MR9f|eYZAnq%4XrrFboYjEBt|3F^4m}xLD$K)S1-60(Udl;8As=A~wA3DhVds z=6l_<9lx948<^DEJ)95Hm~5a))Sv>VP~i4x&=^93|I=@TQc1CCgfek5oFhP%Xf)?% z+Gy114P2!qoMJBn`_M36l9*%VH(q;0kM_8)@3XW4)o#uI)9F=IVj)vDJV_^??UK{z zQ8)b{4px_W4u{xH!a0>bLiIXL=WMGiYnVL~%Wak0d{XITls&_9?(Itk)jK@b%-PWy zSg8GDMDBIpG*B(7VKY(QSc1nVS(xm?I0s+&@g^m@ElKs;SZ z26iCO28IUv>OzP$pRR1p*7~IFJy{+?TvNI7@BIt(@@YZXv|78g1>C*6Z~_tcy;9v5 zUddP07=(99-MncuEIZ(RIo;f4jgnnjNn)W6xP*&iIsj3BD4fCrYGZl5)ed@yuA!?~(co(>ujJz3$Z@@JEGRO2dCn#U#Jo zt_0KaFE)p5#8|k!Jo8KMn9Fpb&LB->V|YUH^7c^xHZf7Dor;Um;tjt8n6{a=fu-U0 zHbgX|`!#mpZhQkOr9z90%4WzDGQMej@(Z6lM!m|v0vY?zUU!(IG}0Q=9e4O^?k69b zZ;0jt6te^kPHlEW5vktCvU2XBXL|bVQ|0cNU7QIyYd%mR?hLYJdXemqa(fGEj`;8`$D#^_KweO+4B-9rz=d*dJsqqvn_C&ha z76NTI-7A+yQ1cx2G5EO&fa_lzFm7w)qX=F)&Hq&Yrz}kos)tjYoGhutlNOA|myKQ# zt7VCKg)LeC*S)l&NysX^ByP!x{;zy-%_o6h5w}dh^J6lmPyI65z^COQw5cUBau(j_ zhJ{^Pcqm#tI)rq}={I}HS=%76zT&Iu4sCv^dnRZJxTUtGcm!Hs%&YIZ!QU>dWH~7c z58Tq-m)4!EN^4vZdcj)F)I$2!ov1HZ*?9T-1pOPuOe=EvH!2s}#&0LCYB>1f0o@V) z4=&J5-xEOcWiu-tK&&w{_u)J=)5AN&sC2{|{}i%&H1`You$jqKoCWCvUgHN4Yof+i zusXZ~n_>3S`GF6=0N^|}V3t%&dj&)*ET$-*L=$a4s$nnPHKzGOgwBUCtjG4gG$7V!0V5nh zs(rBAR5ypo-a)x~+L&Wd=n_%JXYi;A-FGUr1%)|02o}ZP>Nj_>n7svV;2f20-hmz8 z9E@Q59)?^P>D@#;WPbL@9uh^bjk$IfG0W_z!!g(vy8t9zGbaen8#1>mX*yp&OSLS| z*rGvh&EOY(22rM&a!NP1*fO5IJt=Cx8R!cf7nHBM@*Epa*kFoOutgc?@NFi))&4m> z9C$hTa4js%2zOeN$(pcSnJ4YQ4_(XN)*l-IUx>qms%C-zA4;zp#XTu5u=PDs?$&JL zyi(=s1&#p%LIW3Sw%=(fycZJvWxxlzJeBVzZ=Idtf%2ygF2|v*2I(GkV2o!CEQ5i4 zK}e*G%U$~A=CYe{zebX}lcQBX*Zh?+vJaw(I~o(?xG2;h$G#4`(Bi!Cb&X*5J=@Q3 z<5tlnf7o1Y>oP+{h5Ia?AEc!Qp!}awV}O7cps9)A3-jWQ#*YY|Eiq8=FEWs{*|YJ(m;;eiWp9K%3$*i1P60vS8I8d!XzId+WA|W0@jre+KwG6oWY(8 zg!-{E+ljc?aNaI$fS@Incwvt|x7&Fe`>H8v7(s9YCEWlN6D%)z|HO@Je8=aRi`XVR zkQtZPP4`~Ikfh6i%GMI?6Ne;GNPn&s(LNBCk}EH^OWNN5ib4*(f9Uacd2eS0Tck_^ z5Pnu$Tzai%Z&iC(%Lv1OwpN2g__9umHtua^Fc-CylB+HP?zKe;mh)lUGdz zww1}BQ_ig35xnsA(1Rl_H8E&P)9-l!jL$DhY(x2rs__z$4K4Nwy`@a_SMt*G9z$%4 ztW%=e{P^s}PKt-=5XvZG z#Gr3u_v`jNX>Bt7`40B=u~R9Z+{i#mGl%Rw-D$8oqAJl&KaLaXt~TdhJ6Z`PP+HrB zx1EA#Awh<2Zj1&WtScg4SIEXyT}vf31s|cp8p^XUHpR1tBxfFWlOBpGo+++6zbK&hqSq!5Bfyz%G8-oZTNg{x~IJ4bW6&k^?mmC;=5$LElxVSkhs(2)Act zXorm}pE~q)_8%f2A~5T2Npk)M+9RaL%8E90NA%_Pw@!ql17MP4V8iX_Vs>P7 zVa$G9@;D*O8urtq_%)7b3N*FQY?FArr|@?egsA)?-XoqPv?_)ME_!q?)2MeotkmWJoc4gNf(sCYiiZKI7;3o5hogG#A&O8}0vtFfGE-DI9n(!4RGLw)2i|QdeflG0(=yKmhHAK@<}@~S7W}br?&s>8LF5o>J>BPG9AzwG3nd!bKC ziJzpP*HElQ(87*n838@a3g0f20^$GaLjP<7aJv&_VDt*=LmyRbcPni;5wR1Vg=<7) z@yml>nZMERmmHHf>-!85Dl`xR2AT=w?2tc^6$pfZh9JjAs3fymhf60o9U%{F5E^K- z&d7vRFo4KWN8~E!X87`JSgSZ9tu8Zb;=qRBWg0J1p^FQ~TV>q7?bOsQvN$2MVa=}W z8fvqKne<^@%Z^GFrgO~pW0c-GvrXo`&ZvZU1SOsx!6& z-2uJBZh3swiv)#rEG|MCDRVmZQ}0S>S{531dab?opFT-bsv|oGj=@CezZymDYY;*p zMw?rI<~@<|)Mw8e0sKy83GE>Q{!&WtrG zxXU7qqz&rV3ndNS2BRlv!s(05o%vMNGE*oIsa!2*FQZV0ixCN(&0sd(xMX5!BVJr) z$|=8^t7m-nwqD&$1XX{J3SUK>YzR`;7(cn&m@Vqe5>z@wAI06K~b-&cCK zqPj8mmYJRf3bwbKkeV;Ckq~do_v|as|fWyw2y1;wt(DN zDh9t>8RNnCEDwMdm?@4nTQxe+Xz=u%CU6j*xi~N*U3pe#HT4eOB?OcrP2F z(e&G73z`^Qm-cI>xSI!`IXFRLMyI#&nhax!vH5-z41ZWwI%mjEk6_556)wJ=jqX45Z8{WR3Vggg?bdMFLK;ZM^@+JmfiLXX1-h=h z%KWpvr@A`0nQmX_DF)Z+M|QjT!}*+4pz0A4=+w}aDHq{4$l zlxW6&RGFB`iMb8iMQveKgJF!Ag!Kyn=5;MV5FlW-I}Q3(W!h88>)+FVE#6I+t(KPz zVl8WFuYPDVzB_+k-)GM^Z97@7euxu3CjbAHl-qrWvy#rA|F7dW{+AQe)rGT-Yv`Wc zAZ0-rI6(b(GGQH$4QH|+eN?hrO6V^$cWCIQ)))a~;N20AgCmI36*=?(dhI-F>NS@Q zrgaVF)hnb#@RQ`rLkGd3Wb;DS#8L;E9#=50Qd9rj;%i)SF#pj6F)5R7^*VnVm(p*H ztf0zS{goX%Q>)2#Jf>%{tX``M4Ag~4C-l-S?y;#N+9@Ux%Y_7 z*(&L5M11+RvgaV;8ng3M6UzVU#H7HJ3ZNZ{g{xq3!5 zf(a}bEzs$^vCq*PjzsTXPj*l8R#PKkh3%pSb}MrOQ7l8r%E~lj3-ijzz;lR;3SaC? zBUtuvrb)ufyGMY?7 zMVwa0Q&w!uj5wwI4j~~>^yk~GSj*GB(%l+*Ex}>86K+7~jhxFJ!~1gR)r*S3<{?sx zBR49x_?^Reo3#u6j=Nz%NcY5Ap%}9wm?q|=!gn6=Km^DK-y-DzxX&H5Sf}gT*6kSe zx4+^Aix2r*Yk{P|yhRGrDg<%h?C;BqhlkM7G{0Xv;I_Z%N6y#{$}zlyu|dp0x+*@; zNB7m!MEtOxK1Wqa!<6sAcSS+7EE%2nTfstFJnzNYTgPO9{x5v(hg&d)GJEolk5{?+ zO4nX1N*QpqJfg+1A1=InZl}T)d@yoFsy)(4jlxPd>M2PsChfO`-jap@DX#M0suQse z6SA(eN{pO@;0~%uk-J9R=+7E=bLqqN<$aDy@EL zLpbZJt_)4KL$;RfW#=o54k*wF-U&kbDAcX!*Nuscg62StU zw>cS(DEs_2?%#LPC5$Ds+DNnMb$Q=I3-I&5>W-*~_gIvNQ}PyQ)OHDhV!LG{MgI#n zKxKFp>hk&VulW^tas{d4g7A_iOqn2(nFu6}30kYuH#)t4Weh^%Y}ghqsnX!hD~j{Y z_Mj_mENC}s_0ns}@&~q}rC;CMHmTyOZINZ1s1sNi5nNmwr2zdU+N|=wdonD5{~+k1 z{C^>6G|MMY%Tr|M^7ao-2Rj`+Dwo3l5|H&MZlSay2ghSY>y31AbLv({N>vkyCPvU` z0_w?^q+BUQ&J$`(@fbNkLk-J7lbS*O++~--PSJAm{_^7^EN=ZT`gBO3z&O6Ib)p3= zKCs!|y>AYU226v0`RmYkm1Orwe{2FjPuE#i))pe8?bZ3V+uz_Lwa@++l31Es%UPue zoOgyM_)}uTP8Jj`EDQ{x4y%qoN6WC$vqWE0T_ON{?q`cS{H4KstF9zrOzL~Wzl~&> zVC5-SQ2rw%?w$-Vhb?uLOtTt7&Zg;Dt_(1d&701c-&v24<;$Q3%A@V$K<0b)43P}) z)RsJVwdF?)b%xy`{p%x))^`u%2$y)i%X~4A*Kee@#taddJnBuZ3j!wG0LH?37OC*H z3d#100CmcWsfQ^?wE4&ii1#jp&sos?jLF0g|H8Syw2$4z;=(TUF|jWfbM1?jO`Wv@ zPMR^Xs}0X3Lb%6srzxYGNVj9UE37rVs%@-HT;PP#iKz6Pz%WFBL0nCMH&^0B9af^h zmFQwwV!+6#r^Hj>adC6ck!?gle8Va9sd^!I$6?`3l8IEcfjrQ7W+hT)m23~mkLyJs^+Jve zwlzJL(7$SR^55S|OJ(TuwXG7wOBT$P5}jshbwa^$)y!@y24$%AOWltL%fS-3!v#|( zA&aH3DM;0H+)TiE{$W6Ud)~NL)D+~>KKtZxz`F8VYkS@^)l1|Q5R!Z{ZVK|h3umu= z#{muPdDir0Hpc-StM2q=G+O;Wo@Fc?qeo;g_>RK46Mr>F{MheEjYL}fGgkqyTFw?U+cuBV#@bX za#*E8rVzos5je>M1uF?%`P6(f4EWWpqFy82M~w>)lulsxoIEfX8%>dMvDs&9Z|F>IrQhHb2{pZ;Dfe%f>V7BC7*Nk?^OaLH&3-bd4}M z3jzOJs?URy$Q-+aW|J~U8x%Xd69<)WPfVO2#;`C~s%&j<$wKyHy1{HhtLTyCqkpn zD4E1Ab zNpMFDwfl>u{^#NqDTk;J&X;oizJ)7lMWND@-%G?+Bo>@G`(yu@AOKM+YYK^ZjC=PcySdtA7O6H6U zcBdzZd5jDtiAYYbLgWRa0ED(~?Q`oQuSpQj{k-tnF@Y|6Uu=bd3?=mCD_yN1ge# z6b!Z>iK<*o*mqF0^HbqFZ^1=LpzG978{R?s7StJ{mt@gWOyGl0B4i456q7h%0c$jg z)3Q|V98)x%QY@g&$!H}HRQ|npG_>ZeaWjvr?|cT^Qk5LU|7BlNCTaBfhoMxKO2Ptu zPd0Ck007HK;ujuc#k=H=BqF0K74g?M^$enl93U~;<=wq>zJbDkq-VBtnf=8ol8`!t zEPCm{K`l5Gh*N%xr;%%I7Os${4Xh>NazIrtsUCl+3m5O_oB-Z}K;6MqG20P>JYCJQlx61_myQAEN zsT1Bb0mc8^GkU`D)ioetTD#f7&Z)kTzjjeai=c5-@4ZK+*!;@Os%VgFa$YLhggUTC zQOlulv)@8GJy?cgdQ^tQ2bSw^q{Ve87f1-MA2*)A6{!3?ZF4g~bH3{zF%EN**B^ggR-q_O3RH5L%j&$R!9zqGd zX)aLLsEd=fxOljKj15_giF%h-gaWN= zt22ux>$AK}8q>O2?F&p-gVSyr>O#$aOYoSXF-z!^#(Vh1?%e>v6{JDI&_VwHAuKRa lti)b64#NKlX8qqOXD|?y|KeKzceN&Bu#-V4vj5M{{{i)Cv2XwY delta 13601 zcmZv@V~j6M)I2!0ZQHhO+qUiB*tTtZ?%1|{$F^tgXrK4p{Ik2s_J@;`PWQL&RGmuI zm3_Y*u97S$7#a`|5EKwJaH7^E1d+lmBoNRnIuHz)F(A?4c`I|i8>g%ZalGph*w#v_PNmatB7=?;#O#Qnhm6pRTj z$@NsP|6>lj@Arr>5(41iOvB3jr%?FP|A3)<`BFYLN{`N*!j&+}vn);7uGwc+e!kdp z@uRfyQF-zO@En#lG)-9Fa4d2%MVlhYD0{P-p#7Y}`cVLJWJHVZU0i0a%cyP_#|lfR z53!36-*#WpiV&^!$FkOdArw9987X+gHy|vdX%f?>(?3Xas#p0gRQ}$DxHaX-!<->E znzws+TC8iMdT2fUx2&0*8&|NPZL`S)pFT}-+WVpu5GFp4eYg`URsEZ??p5VdRUw6u zoBKDj%z0TC8#ia-_-e^@;ntZOcR`0-AS|dKpz#$vu2yY+xqUWo`9UYh|2^mB?d&7d z(2AyzoCa$>iThYp8n(DqtKL`IsfR@?eKH4I_W|F)TOx~a9;~$v0DL3vhReNTT>NNg zbZw>re6ctlG@1wy7j&s}s0`Pq+LL}xzG`7G1nW`%9&s*jsW73LPe$&Nyk0S+ISHcT ziiy0{?9{rd%%$lAMqn1)R5iC9zdVJzPzaQX>o5aJECW+Y@!0#~sy610+Y7oPd%GMD z3u&V3aIao?nqLl!X(%hK#N<=m;LU`VRZg1#WLYtt>G8R-vePwOFmC>m2GKK3sL+jg zzACd0RJ65|sVNSzFuK{e1<5lo_8chDUI0BFM;5%G$lJmq7&kdyffOp@u;mkxLDNF; zbP)=tp_j1-0u4xCX>5%Ny7v4^2Rzt!v0wsa$7T{k84UOGR%RLLz3s9I=N%DYDvU~i z0fHfnsqs&w1YhRbXz1ElJw_laFRhU%gDidRUnPqHx(U!TlN>ySkW&6tq$cS|a{qEQQnnJHobx&H)&tzgl{#MgXTv}SIreN&?SH$J!~ZP*{~zP0G{3X zu<4+!-UFjh%xiEH39PFuY{@14m%Vra-EM4K#fet?L}PqPpr@w?hkfpgo+OFrhn(#e z+mx4E*w42-V=WbYd2Ahux#k><7|hIzBQ|V&hRQiLVKm>uyo7gc%}1 z15*K*&ysra%4xspLtoB0?Un3l9KSW=<5bk0)UTT2hV{+iBMLZ7xjTgkiDqHMy;KeC zoIA?4E>O0zC)(-gYfEHv^f4~M zA?$4302$2x6r9mQcqtT^_zl6V;yrePD{Rb)Le${Xa-7pZVWa^-gil0dDftdciYN|D zwci2Q_2eFv=6%l>jTs{cREJQKM=gt@ieYJjrcf^tLdiINk#Kz-j-YBBY- z)b&hBZ>4RSva^80h{Zq&wCNSAkqMCoQU3+sgv`If!XPowdsu5Swo7`RDW*<#o}Net zKZ;UZj?Q`axA%idlL;av$3=lzRN?4E5vvba`Ok<0lTk2UkS$p$!#LuUcb4jNmLY(c&3!Yt>Ll$A_VScXBR*U( zMTCX`uAobTW?MT`EtyyD;+!UWa`!NsLVmXEpr*2SD(}|eNn@h6Z;y_)-4&E?mjhf7 znKGf(7ia)-AJ#q92JWDzVuf>G|J~HFzRIn*;5tc?=Trn3-UAZX5k=>^hG+M<0S*O$ z>9~O|uMYt3j_8}5XU@hk270GC;#>xQ+iFhzGmI#=#^>@1F780B3NC}saQ@<;IZXD| z=FA79Yv=DxYJ`v5pcCx4|8@FVFJUl2?&7ei&&pKwL2?^tqAaN$}n}< zLF4@c(-vZcd%d0b+OeD9(oNv+RSmKo5n&oZNNT723hlmaLXjtI>y%Iv_%ysXQ4@&S za^QHf#{7=3VDACuVmH%q%cA@$#f4;zDw-hHO?tfF=Z*C$)_xOjj-X}RGkB=M0A>XujtADcm&Sf-+5@z$H!$fqG)L}9Z3u=_u;WXp# zcRw-PyFOp{n5^YJI*uOYB+ZWvi}7A;hQdDGJqqOH#)mup!2_M%#Kna?#JFqiZ?S%7^MF@vSb4mbZP$KJ@PBzw{IlshzGi8 zANB*J&t+}W9V@B$?w&4I@4DD=9Xc`auY}jd0hGQ_PRxXK;V4#|QjbC15S2H^!=bBA zHqs1Fkr^Fy6tndU%kz3EfJTOE(278!a%VjZ_N4dNK}hF44!PTf1QIH|>3HI07`u$@ z6Q)n@RwMHnoiYiN4h-9@$KW0ZGUga3fPb#f<6%epb21^mzx+i&j0<6X5$=~AX1yka z(sXgU!cRA?^T>X*WkT0E8)7d4T4#KNUrh4~3>+&(n1Wb`+c`EDV8tzyjGGzFCH(6* z%ZsgV5MjHAFTA>Fcz^Dwa6Bhc`8v-mB4~UJ?i`Gt(Hfm>8~fvpE5Z3Nm35Fr^i**E zx|O3($|%7Q-!s2(!UvPl`hImrRVQSb@%0h+9U{*LSG-la`IS!D{NUyf6d#6w7=Cvj z%px6$6;q;hAE$*2*ylGAkoyzNgp6H4gwgl<5c_58mFYY?sPrY^_jsHVa2-ZWE1@xO zFCqFP{Tu;8lqxfPX;*S*ul=GBN*(FNo*6IKx1+2K4@$?(>A%ZP^~fzQ$`F+ON@{gM8puiVysK^VG~^1Bxw9tdHq4?DOk_EC_aIR(=^HrvsnoElw;2I4qysrgB?vant_rLOp}PghB70@n$rS8B6H> zFq@~KNJVp@7TP5UdZV-#D8ig;g+44jelUfrb{UG=slat1PnnB#5t@R(0v+l?ip;;M zjm*CYh_UicWxqZXh2IFt9l#%*v#do`uy)SVT6-}jN^Gu%QRZ8XKD53XoXk;yIjGWu zQuIX~QY9tk+Z86}V@Dra&O;wk?L|tL)E@R?_9)(biLCd5qAN-f@%GNcT6;AiidgFM zzQy2sv+0z%{j2v48(-3DeVE6M74SiC_&VhY2+qlb1zyQM2suEXA^l7c>6vdm^j`~D zJGQ4j`IKYWv+SLG%S!SqxGD52$eMcFoSS;fGU%HwQFA5u0jI#2LkU0Br*oj%O%s?2 z>sC@H4m;DK=5yrd@>Z20=F5OR@OBjOav%#m;xnZJs9GfmDvS2nF|sV>dlR2@q`-l5pHDG)L-7ED#WJN98S`}2!{MJMN|59ftikT z&)2s+x;RXyl%%M75VGoszqdpKEB&Ijp{S6WIRTmr`c#EF-K!SgoZcO28$vN%~e*;di|xUtRNDvg&H7IY}%F3|!zxlGA$hhjsU~mR#ojg)B3r8OO4N zAz!z;NH9_OgWLbya!fE{R2=g?T`w2i|D+4|QzX@M%tQJemjYDHVw53x$Z#kM@TnoI zqq@zD_X zKL!`rv0m6sX-fa}I~hft(pC7GBOwRqlnJhj|43@z=%B!0dboR*A48$~sdVIAPT-Uk zSL#0McDU=wTIMFID~X|mr`ibs4i(kCs&kYlACn_xylaRr5AjyQO09U}2rsj`S<+7Y zPeZVuCbz0KJ(l)jYE;dBW1(fIiPJ8ps?j>4TF1L?Na&F$01KYKm+bly1t*M zkN*C)p~&FBR9mb@=OV_CYgerKT?9J`l*VqH?xH3`=eCy~RxM?!$|N(P)avOB|Fq=+hFi*&C}if8{qC3ol9Uf2XZ5_Z@@6Os1ubm>+8t~Awx#Ar zRVfSAGJ|nzgHPO4lyRj&*o`0}4{mJ!8Op9#Bg;f`h12f)3cZCQIesNmZNA<|bsCNI zE13V(c)wq!L~H3c>^J+?)Hn6QZu2w%e7+dTk)_P&e+F4q&Wzpxnz?cSq9^w3zCU9v zIaQnmB9&N}afUryQRXR}evkbEaQvQHyHWBKz>%E@!l+kNa~uSqag=n0mfoOL{hsgz zepoP~AIlNB7rsRV5i03vAv3Rm=-Bnu=Tk*NQ6ZC-8%>mII){@jj97S_3_l0EqcKj< zatOYkz>0#X#!AyuSYK+#{pA|=O@D-TujX>4*_-PNEI-zA;7RhDFhZ&(Y*P$*wI&_nr8ZSB zr_gp0@^av~CS>HY5FlyiuH4lXnRE}$?fk;ICB@^*_T{xRwZL~>J2Bb0_Rwn>1#CG~ z^j6;8L?{cuFOfHI3S$e#!^v08jxhi|xS|LE2VRNMTW2-MyAE7gAn-wkdkI(zp9~1{ zEzRt9Os$phN0*Uas9sXCw}|&P6=aRhr!($1PBO zVeH*$myFs%apr?0caww~x{>NqR7}B|O~>1l=&QV3=CW?Oeul0nGZ5cA3QuElwjCBQEK-c(JTl&6fDzi#HXcM7ZcAhqc7Ao!dAbbCnN?GZa_G zYJ1%cUY7Kx9iM&}Xj}BHkIY5KYv0s=4BatlzX71WnOneA8Q0vnYt__u8GN;MpR=su z@f$)pL~U?jhT%)IQd>y$e~6o;c(CgRVmksj^Ko3KX5zl$(JrFTr5)OZ{^{B`aoT_K z@b7B9KBDM%t}i6@2IhcTU0olWfkNhoXRPHZa^5iBtW;oGAa07vc^h04TW}&Wzxn!j zW#A(UT_Q{I7po-n6uM|NdiVz*)ag6k{A*7xfG%#k%CQo+716Ai&R(#WJ1=R0&s<1R zM#BQQcAmMTbutImgw$(-tpydxx4Q4kx^=qm>xvo{r`Cc3B=O%9MiK&C+*Y2Eh(2{5 z%VHryH0#41^_K6|#hC7r<;N?ZL>jrEd8Im9@%;1-ViWe!#4b0{VIvrG%weU6MP zkGDYhSg1j>&pE$GIuFPTH=zu>FbtK`p)REi2zE9qJ$Tn^d0@a$7q(`1)`W#<#mXaL z3>PE2HV4;5R6;i;aiy>P^UqdH5)y#&a1OWuE*LrZRm;c8GTFyH7wEx3<|mig2XUu) zKna9T*egmufs(0++Gqh?V*MT!nmLU2!2A63fF6W1@tjR!AMx;RmIiYKv=|JaHMq0? zMqrAkG;IlHfBpXTy|}3Pd?!e=`ln3gK?rfAhZxIfr~nxgHjUV8zkWMn+X3*!pPJGB zAzs(vQknf2cEZRCW|h;*q*t@v-%{DCM6c#ts%fst8*BQ)v_UgUKcToxU1yDIO8QSW zCjB?_lU`76*Hw%AD%b`YqZIzYo%IiRiEkj7{Iu zR{8BNdbZ0Bm?LxWt}K*S5_at`xczfBuX`b+tf)RLn6}zpSPApc zQCRr~5$&_#ipisIlcYtDVmoGy5#_%AUwdwiSXgn9LJdWY4&#z-4Vch-x8!^2iGBPQiHs8FH(MsTqergUaK z*YG#u{+VP55lUbMswoWabBGC4s61gR_&37^As%iVR~i5IR*MpAPK-G(@RUX`~vuLuusEyXg#Z zvQ&%7XtQ>M3_!>+DcJ&FJs_~A#je5@H?PIPD{h+aM^~w%8@OhFzHm!WWsQSsL+m=O zYMFOtM^O9pm9&55qEB3?>7w9T&J5G%8k4)NrmA)JRHCqDdGm3Z`(GQ+Q$QFs=xFRl zAA5T{aK6^BC0)R0@5~+72-|f;cGbPMGMt8qOSX|8$T5m_%zyR46G1?;qdzDs1+OViD<^T604f%W} zvkQ?97#tSqX86|SmDYUX}rW8fQBcPF7`hE1eN9`8ix~ee&$N!)!ngEHX*WsP=-|rJDTJ z=SH$P=kavTS&UUE$iK4gfwIXE_5s#TIf^Hys`MHW$ss*DaX@oFO1h3ViuH_rvnJ64 z;6}nU|GC;8&`)4mwMJr}S-~D*Ndd?m7`9wwxMG*l^_^ZXRq8%9J7|;m3HegG8RU z@d%OUZ{ZALsj<5J98tge1T^*xdT+CU>FIh($aY8^aeC!wb%N}^UKkOIRMMI>Z4hkm z_RJbJnMbIjv=Y&Ihwzuu+OS{D<)x>>SGGE3_p>jDIP7@Utd5}+LLZ_F@E~t}b3%D; zl25?<>a~rl|4&(+CDe?fz&um0pFmbVrfQhDA?6T_dqt|*Y`+E&uc?uNOKytV@#Fqi zK3z+xA-6>BGO+#Vj97BGN7{L{JOs83L`Ke2N8C|Rsw>W{tEMktPx(UbZuwg}_&2tE zwR{n6?~HHw?Z6LM`?D5W>SPUr_Lv704PEENp`nL6CJH+F#|?&Tem7*bd;{q3L-_l% z4Q#icu1NVL+N}o2>UbqQct&2ld8=V?`{sEUWS6MqI{?3Twj;uR*##94a^1H; zw-@6)V*A;E|FN{lrtq8qujUh!aD4}kx<$Ssga%mvhw8fX-6sHK8H1TE#0dYn?jC!N zq5#=L%Wfcj$NLYDtf_ryqI+$guL93|2{jl1Y;)`n*nU19cr@ZFi}a#zsq*;=u2kw<)mfazZ=sF7Ql18B^lF|b5|_Q1JXZ5OD-_(qh) zI%#uz9!^nG^8PK8K=UlX3pPDVGFQ%+ zh?kWQO75Kr#B}yEEqZMQe$rTOQ+HEqw4ckVy4bacSVz74<8wa_!1y45BJ)_I0?xq`{$FK9AF$W@K1KUKkSo*rO+4q(z6y&4BwF`Som~w z|2-MsxLOP49*X?z9@*f*&qQrJ-)&nG`RjWkDN2q%Fk*R`t z+cHKZBCaDP2cYM7$F$Y;B?m+adu2^{_`egy7jO!D;iBbpBoe30FX4{K$h8UWIq+qP zKAHu#7el!@{_`rI(({9@_&oDx1*E5@M@*}6U)4#5Co3FEWKxfJWnA+yq5LlJgPWv} z)KeH5ugEXQtnfZlcv6T$UVtNco5Winr4$YNozdfvlTCJalSvL9pt=hr4+ktwEnMxT zdz(L!CgP(-d|UWF^p;5)(B`f8Gw;lvDfs5bhSA$PW*_S=z&7Aj3-yJt0#4ZmI-G`F zE94Z@+b6ty#68N%vvi76)Oo{}1t>u@tKJU4!%J%wW*{y$`%g$V4aD~i2Rf$1v!J2U;;EyY z7UTEi^pEF$u7sRnl*~t&)BGBz)Wup_DTb&#N3wbQ40A(wRS<--0h}*Y%ZYIVdWaLH z-OJ6YW%kMVrvaf|2TYz%g{}CL^|-#aRrPqoKB-pNO&Zy}^z3P7jPDTfBHdJzk2jsg z)fJF(qyn41RX6?}?CdnYNXs$a-}zUgW>#DDtCc0e3R1rNDIz3ffcp)Q-JxM?vAg%A zKHsEXLuOqf0#M^qH<_B_(Z;e#U5BPS@l~>2cEyfThWjeWuiBW-Ia;mQ{a>zkg1rE| zLS!8irJxDf1@;k9QY|;PFz3K?)fgvy)LhxekIQ%gs}f;Ws1buGlg=CZJL3Y8Zr$SE zu9C+fBK|+cMuw?6fO_3s)Duos-)2INu5IQWSlb!nZbS!TLOVApx{kFolVm}U-|dv| zyTK1@soo`F4=~(CH9nJweOk~HL(j()FF0SWTWs`TR~>6pB`Cl z`Lem9L1MlUHsOWy5OAppo6|SX&}y#kD7mVOx@o8u+AJbb-EdF?W!+$*wW5Jc`=ce^ zqbyFhtoK>&pHrlWrqjyfg*anq8@e_d%P!J=-sjT`aBjeHa?Nig2>J3D9xcyBKCB2- z-QUrz#pcVg@R*p4>J?j#0G9L$Grl{xZ93wp*<9e?Ah|F54XwY_f=N>I*kT^NDpK|! zbf-R~a@(s-YkCtSu}UUJ&miE)BmC&y3dzkuK*?=#HB9J#Trim0+%XHR!y@RGu z7}Fig55oJP7^5;j8f)Hw(5r5FZhPU}X;AMd3jO=x8)5M$3yJ!L`5iI2GcuH#Q~sadhT}=iU(d zmx-7+aHu5)?i%Kd?g9$c>_)Y984|7pU|ka%&mxf;|M}}M04Ua{+t?Z=r(M~-GpFcA zS1Ii@vzwe&Fv@QuI{vhjkpM#fLS=vxc+o@3pGqtDo$Sc3mH)B|=KYZ!DhW zzkbF&KS6lx!Y|O(<^vw$6U1>Xptho%5sxgcQ5Yu^w;KxnFG*zYs5^?{5_Y_6 zHxJ$po{2Xu)AS_t0UChS;^0+69>SFgoJEC^dqPg;>|RNW_M*gysn3s60l}!g_n3%t zl-A&Ih`(euc=n|fzaOZoQNT~I;Yv7PE$2+Hel0J03hz;BFFxq3nS^ zmzxi-2v#c|95pffJ%nyoAxJA-YB+b!t5+vXc`0*2Rs*qjd`?A@==vCuwUn1#>d zl(GC?n6ZjHq=KWfU$|hRWmxvHMRb zL)<38?)AZq>%WrmdSC=RO#Y9;my<9qsq&q}!idNyS{z^Nq_obBt5y|eQxtvFSzXXN z%%y=CQm3*L{B`D(?E%~9iOJwXq{ka0R9duYy9Jth>I~p1Kq zZ<0u^m4t1C!v)M`~UNBw6gkpu5F`m^XbHuKRH+7w>}c*@gpxbE-*sSgxn z4$m4;`8dF*rsTm!Ra*nlR(lg?3gSphB*nFMgjfCScNO~_y8qu+4HA2y-D??zV3D80 z(4G%!dy*4*mjx)i)l4;g-ftEA=pY($b)8Pbf7wM~GF579i>YhDQA)>~U!ZF&(>Oi> zG3(5ivJ1-a5;!`$Crd&%?x}8h-GR0{Sy7%f8)es170w;rDG#)$fZYmM!&SQ6YKsFk zR#?kVkE^QeDArZEiCq5>9iPX(&4UOQH+n`m6mB?ys%?4u37isHWlq-T>W(|vvbK!B zUFo&0B--eq6Uiu;-_i;d6!|YG@nw_buv!{tM%vVjnwReT6pqR^Gmp=2pOJ}M7HD(f zA%au*0XEKz!1=5;DIs*20QcL8dp9>QK!U3E#6%)KHku^leP&t$cN_>@oG6?t$*jsO z8@w(&>BefWVU?A6JpW2=XU7C;zL$Gn^PcX*)(5z z|6=OYsPn(+>9+4@#*90^(fmd}gl(o|kv^#t@gSwU-daz*+R56)1wvpfg@S<# zaEy;JK%@`;VZxAM%t!&c9$l$S2_Bd9I`9&5TGrNg;t*Y&)O-$ku35s>s zf_NS4=YTnNH59<01ihRv6=M2WSd1spdrfSahmep(<_`it?f97?3 zC=vGH7j`hSAi$BU3)v#sJ7J*b)6}0M+^PFDYTsI zh*4d%zp!y&oNOYn0ZPb2um5A(*oaFwope(Vw3_%q->LXZlmOlV=Q6d-j(&ze zeZG*Oa!9{}8qIyrpLC&0580m{NfOa=JT+}rZ>ytwJWctXkY{ zO{WHN_^$u-Y&BMajJj>=De17AxC*P6kDUhlP<0yFF;qShn7RtL{ef@kEPPe_v1h2{ zpZYd&1qh#5Oq>QccNV(&8MzAocaZ~gg~L@i&yf#P4Sk`<8zt=ObvrvBl?alqzvhtL4Yot5D^j*)*hxmMekxY5~mfLO@GH*1V+MjjnU~RMqQc1hP6ZebH+# zf#n)D^nLIs6f#RNgwYPTR4I4 z%#H)$`~rSI42}E~$!XDq40+FSvVWe&R~U4?CSU$VZyB##4gBPk*A?DEY2l(OPQvSyDW2VmpI!2;`wHw8AI5NnE@>4{7hnaKm{(hJ#Jf)rJ%NC*DL*5cm z8HD3_Rw4-h;Pis6h)}7gR4rl`bMO+aVl5DARe)LpYmu)WbE#7t6WmUf}QcVA1QW?-UYhPz$dA zknnoZ5C^SQtA@lyB*w@jX^o9h2H`W%JkK$T8@q(J)(L{Lp_A>Ji~v6-Mxf0o(DFkvRyd-FWPWrH7G@xb(wJdiwT&!4Ti{_q z!nnhmA)ud))|8?^(0O4(J(!7M+@ZqBqEWEu69hmjd%)ZJN4$&4O43D&KUcncrI4ln zRyx4ICGi5lI9p2Q*HNv4+C)kIM%p!KDrHJ8F0;5LnVhvK#eWD`y#n}LILMZd5(9nM z-u!ZH)B9T}(i)6m#gFsc@j3DM06)nElP>f^Jp@%ZYP=Nw5KuJcAc~}f;wR8KrK_A^ zkdZ{NLuAcHLNpo7V{Ssaiw8rGB-JnGT)HWGgsBK!4&V}GFbvD7jqlt6#f`>j<+*ee z)A*n>@Hv8AWhAbc^#E<+OuTw8@abCcX)2&NBNp>YqRx|rQf>-(GslaU7c)nptnLH3HNUC4ti?he#>(1ZpKU`VWdGyuFMdt=oTb1TBdja13$ch`csPag+anO&HjOLTe*0Ui!(>Kd7Br?K_1PH z;^-asTDD79&q)dmpRK6$`fRj0BRjo_w2FFsy+P1_TFoMG-x|V@Zz(vaDxQ}U|M>#_ zG}<&}*;DIx(*X>-L+6jYLgtajdglXkGNy(70PQ&fSRR65K8-z5^$`5$bz+z~$A|*T z`E(19LqUc|QSY^OP6_lWxzB^V>#6%=AcPx8k1kr!lx!q@36FMDQd%u;eFzT*Y^?)^ zDhcNxt&vIHQ)m)J*FS)3Gq>l8#l__z3(5NIS($Q%POD}GTH6o2(U0kRU_9Lil325; zR*oykp5=px1mxTmC=6;l3plp+e_LjWw{7kzsXR2Sh=w?zV~mHo21i#d)ys36p>Xe4 z7%YhQ>|fu%O0vKpXh8pep{5jD4o<@V$vOQ$PG%4w#8RQ^?C}aPho&O7r CZ%JPO diff --git a/Solutions/Recorded Future Identity/Package/createUiDefinition.json b/Solutions/Recorded Future Identity/Package/createUiDefinition.json index 3526085340..10387b412b 100644 --- a/Solutions/Recorded Future Identity/Package/createUiDefinition.json +++ b/Solutions/Recorded Future Identity/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Recorded Future](https://www.recordedfuture.com/) Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:\n1. searches for compromised workforce or external customer users\n2. looking up existing users and saving the compromised user data to a Log file\n3. confirming high risk Azure Active Directory (AAD) users\n4. adding a compromised user to an AAD security group\n\nFor more information, see the [Documentation for this Solution](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/Playbooks).\n\nThe playbooks have internal dependencies where you have to install: \n- RecordedFutureIdentity-add-AAD-security-group-user \n- RecordedFutureIdentity-confirm-AAD-risky-user \n- RecordedFutureIdentity-lookup-and-save-user \n\nBefore: \n- RecordedFutureIdentity-search-workforce-user \n- RecordedFutureIdentity-search-external-user.\n\n**Playbooks:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Recorded Future](https://www.recordedfuture.com/) Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:\n1. searches for compromised workforce or external customer users\n2. looking up existing users and saving the compromised user data to a Log file\n3. confirming high risk Azure Active Directory (AAD) users\n4. adding a compromised user to an AAD security group\n\nFor more information, see the [Documentation for this Solution](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/Playbooks).\n\nThe playbooks have internal dependencies where you have to install: \n- RecordedFutureIdentity-add-EntraID-security-group-user \n- RecordedFutureIdentity-confirm-EntraID-risky-user \n- RecordedFutureIdentity-lookup-and-save-user \n\nBefore: \n- RecordedFutureIdentity-search-workforce-user \n- RecordedFutureIdentity-search-external-user.\n\nThis solution depends on underlying Microsoft technologies. Some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:\n* [Log Analytics](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/workspace-design)\n* [Logic apps](https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-pricing)\n\n\n**Playbooks:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions", diff --git a/Solutions/Recorded Future Identity/Package/mainTemplate.json b/Solutions/Recorded Future Identity/Package/mainTemplate.json index ead0f62889..b4bf265d2f 100644 --- a/Solutions/Recorded Future Identity/Package/mainTemplate.json +++ b/Solutions/Recorded Future Identity/Package/mainTemplate.json @@ -461,7 +461,7 @@ "api": { "id": "[[variables('_connection-2')]" }, - "displayName": "[[variables('EntraIDonnectionName')]" + "displayName": "[[variables('EntraIDConnectionName')]" } }, { @@ -494,7 +494,7 @@ "metadata": { "title": "RecordedFutureIdentity-add-EntraID-security-group-user", "description": "This playbook adds a compromised user to an EntraID security group. Triage and remediation should be handled in follow up playbooks or actions.", - "lastUpdateTime": "2024-04-15T00:00:00Z", + "lastUpdateTime": "2024-04-17T00:00:00Z", "tags": [ "Identity protection" ], @@ -974,7 +974,7 @@ "metadata": { "title": "RecordedFutureIdentity-confirm-EntraID-risky-user", "description": "This playbook confirms compromise of users deemed 'high risk' by EntraID.", - "lastUpdateTime": "2024-04-15T00:00:00Z", + "lastUpdateTime": "2024-04-16T00:00:00Z", "tags": [ "Identity protection" ], @@ -1410,7 +1410,7 @@ "metadata": { "title": "RecordedFutureIdentity-lookup-and-save-user", "description": "This playbook gets compromise identity details from Recorded Future Identity Intelligence and saves the data for further review and analysis.", - "lastUpdateTime": "2024-04-15T00:00:00Z", + "lastUpdateTime": "2024-04-16T00:00:00Z", "tags": [ "Identity protection" ], @@ -2142,7 +2142,7 @@ "metadata": { "title": "RecordedFutureIdentity-search-workforce-user", "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised workforce users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-EntraID-security-group-user\n- RecordedFutureIdentity-confirm-EntraID-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2024-04-15T00:00:00Z", + "lastUpdateTime": "2024-04-16T00:00:00Z", "tags": [ "Identity protection" ], @@ -2670,7 +2670,7 @@ "metadata": { "title": "RecordedFutureIdentity-search-external-user", "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-EntraID-security-group-user\n- RecordedFutureIdentity-confirm-EntraID-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2024-04-15T00:00:00Z", + "lastUpdateTime": "2024-04-16T00:00:00Z", "tags": [ "Identity protection" ], @@ -2715,7 +2715,7 @@ "contentSchemaVersion": "3.0.0", "displayName": "Recorded Future Identity", "publisherDisplayName": "Recorded Future Support Team", - "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

• Review the solution Release Notes

\n

• There may be known issues pertaining to this Solution, please refer to them before installing.

\n

Recorded Future Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:

\n
    \n
  1. searches for compromised workforce or external customer users
    2. \n
  2. looking up existing users and saving the compromised user data to a Log file
    3. \n
  3. confirming high risk Azure Active Directory (AAD) users
    4. \n
  4. adding a compromised user to an AAD security group
    5. \n
\n

For more information, see the Documentation for this Solution.

\n

The playbooks have internal dependencies where you have to install:

\n
    \n
  • RecordedFutureIdentity-add-AAD-security-group-user
    • \n
  • RecordedFutureIdentity-confirm-AAD-risky-user
    • \n
  • RecordedFutureIdentity-lookup-and-save-user
    • \n
\n

Before:

\n
    \n
  • RecordedFutureIdentity-search-workforce-user
    • \n
  • RecordedFutureIdentity-search-external-user.
    • \n
\n

Playbooks: 5

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

• Review the solution Release Notes

\n

• There may be known issues pertaining to this Solution, please refer to them before installing.

\n

Recorded Future Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:

\n
    \n
  1. searches for compromised workforce or external customer users
    2. \n
  2. looking up existing users and saving the compromised user data to a Log file
    3. \n
  3. confirming high risk Azure Active Directory (AAD) users
    4. \n
  4. adding a compromised user to an AAD security group
    5. \n
\n

For more information, see the Documentation for this Solution.

\n

The playbooks have internal dependencies where you have to install:

\n
    \n
  • RecordedFutureIdentity-add-EntraID-security-group-user
    • \n
  • RecordedFutureIdentity-confirm-EntraID-risky-user
    • \n
  • RecordedFutureIdentity-lookup-and-save-user
    • \n
\n

Before:

\n
    \n
  • RecordedFutureIdentity-search-workforce-user
    • \n
  • RecordedFutureIdentity-search-external-user.
    • \n
\n

This solution depends on underlying Microsoft technologies. Some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

\n\n

Playbooks: 5

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", diff --git a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-add-EntraID-security-group-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-add-EntraID-security-group-user/azuredeploy.json index 4a0dbc6228..08d11febdf 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-add-EntraID-security-group-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-add-EntraID-security-group-user/azuredeploy.json @@ -4,7 +4,7 @@ "metadata": { "title": "RecordedFutureIdentity-add-EntraID-security-group-user", "description": "This playbook adds a compromised user to an EntraID security group. Triage and remediation should be handled in follow up playbooks or actions.", - "lastUpdateTime": "2024-04-15T00:00:00.000Z", + "lastUpdateTime": "2024-04-17T00:00:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { @@ -22,7 +22,7 @@ { "version": "1.1", "title": "Updates", - "notes": [ "Solution update." ] + "notes": [ "Solution update. Change PlaybookName prefix to RFI." ] } ] }, @@ -389,7 +389,7 @@ "api": { "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azuread')]" }, - "displayName": "[variables('EntraIDonnectionName')]" + "displayName": "[variables('EntraIDConnectionName')]" } } ] diff --git a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-confirm-EntraID-risky-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-confirm-EntraID-risky-user/azuredeploy.json index c88f666e82..37ee216fab 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-confirm-EntraID-risky-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-confirm-EntraID-risky-user/azuredeploy.json @@ -4,7 +4,7 @@ "metadata": { "title": "RecordedFutureIdentity-confirm-EntraID-risky-user", "description": "This playbook confirms compromise of users deemed 'high risk' by EntraID.", - "lastUpdateTime": "2024-04-15T00:00:00.000Z", + "lastUpdateTime": "2024-04-16T00:00:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { @@ -22,7 +22,7 @@ { "version": "1.1", "title": "Updates", - "notes": [ "Solution update." ] + "notes": [ "Solution update. Change PlaybookName prefix to RFI." ] } ] }, diff --git a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-lookup-and-save-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-lookup-and-save-user/azuredeploy.json index e5ef4c7850..afe9ea1730 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-lookup-and-save-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-lookup-and-save-user/azuredeploy.json @@ -4,7 +4,7 @@ "metadata": { "title": "RecordedFutureIdentity-lookup-and-save-user", "description": "This playbook gets compromise identity details from Recorded Future Identity Intelligence and saves the data for further review and analysis.", - "lastUpdateTime": "2024-04-15T00:00:00.000Z", + "lastUpdateTime": "2024-04-16T00:00:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { @@ -22,7 +22,7 @@ { "version": "1.1", "title": "Updates", - "notes": [ "Solution update." ] + "notes": [ "Solution update. Change PlaybookName prefix to RFI." ] } ] }, diff --git a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-external-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-external-user/azuredeploy.json index 229e1d2b7f..9d0a18c27e 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-external-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-external-user/azuredeploy.json @@ -4,7 +4,7 @@ "metadata": { "title": "RecordedFutureIdentity-search-external-user", "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-EntraID-security-group-user\n- RecordedFutureIdentity-confirm-EntraID-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2024-04-15T00:00:00.000Z", + "lastUpdateTime": "2024-04-16T00:00:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { @@ -22,7 +22,7 @@ { "version": "1.1", "title": "Updates", - "notes": [ "Added subscriptionId as a parameter and updated solution to match V3." ] + "notes": [ "Added subscriptionId as a parameter and updated solution to match V3. Change PlaybookName prefix to RFI." ] } ] }, diff --git a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-workforce-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-workforce-user/azuredeploy.json index 9c384f9739..6f43420339 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-workforce-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-workforce-user/azuredeploy.json @@ -4,7 +4,7 @@ "metadata": { "title": "RecordedFutureIdentity-search-workforce-user", "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised workforce users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-EntraID-security-group-user\n- RecordedFutureIdentity-confirm-EntraID-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2024-04-15T00:00:00.000Z", + "lastUpdateTime": "2024-04-16T00:00:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { @@ -22,7 +22,7 @@ { "version": "1.1", "title": "Updates", - "notes": [ "Added subscriptionId as a parameter and updated solution to match V3." ] + "notes": [ "Added subscriptionId as a parameter and updated solution to match V3. Change PlaybookName prefix to RFI." ] } ] }, diff --git a/Solutions/Recorded Future Identity/Playbooks/readme.md b/Solutions/Recorded Future Identity/Playbooks/readme.md index 5c9fe980e0..028d2ce37e 100644 --- a/Solutions/Recorded Future Identity/Playbooks/readme.md +++ b/Solutions/Recorded Future Identity/Playbooks/readme.md @@ -4,15 +4,15 @@ # Recorded Future Identity Solution -Recorded Future Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. +Recorded Future Identity Intelligence enables security and IT teams to detect identity compromises. -To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. +Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. -Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action using Recorded Future Identity data and Microsoft Entra ID. +You can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action using Recorded Future Identity data and Microsoft Entra ID. -There are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. +There are many ways organizations can utilize Recorded Future Identity Intelligence. The Azure Logic Apps in this Solution provided as exampes and are a quick introduction to some of those ways. -In particular, these playbooks include several actions that can be coordinated, or used separately. +These playbooks include several actions that can be coordinated, or used separately. They include: @@ -59,11 +59,11 @@ Possible remediations include requiring a password reset, or temporarily locking 3) [Deployment](#deployment) 1) [Prerequisites](#prerequisites) 2) [Deploy Playbooks (Logic Apps) one by one](#deployment_custom_template_playbooks) - 1) [RecordedFutureIdentity-add-EntraID-security-group-user](#deployment_custom_template_playbooks_add_EntraID_security_group_user) - 2) [RecordedFutureIdentity-confirm-EntraID-risky-user](#deployment_custom_template_playbooks_confirm_EntraID_risky_user) - 3) [RecordedFutureIdentity-lookup-and-save-user](#deployment_custom_template_playbooks_lookup_and_save_user) - 4) [RecordedFutureIdentity-search-workforce-user](#deployment_custom_template_playbooks_search_workforce_user) - 5) [RecordedFutureIdentity-search-external-user](#deployment_custom_template_playbooks_search_external_user) + 1) [RFI-add-EntraID-security-group-user](#deployment_custom_template_playbooks_add_EntraID_security_group_user) + 2) [RFI-confirm-EntraID-risky-user](#deployment_custom_template_playbooks_confirm_EntraID_risky_user) + 3) [RFI-lookup-and-save-user](#deployment_custom_template_playbooks_lookup_and_save_user) + 4) [RFI-search-workforce-user](#deployment_custom_template_playbooks_search_workforce_user) + 5) [RFI-search-external-user](#deployment_custom_template_playbooks_search_external_user) 4) [How to configure playbooks](#configuration) 1) [How to find the playbooks (Logic Apps) after deployment](#find_playbooks_after_deployment) 2) [Configuring Logic Apps Connections](#configuration_connections) @@ -85,19 +85,20 @@ This Solution consists of 5 Playbooks (Logic Apps). | Playbook Name | Description | |---------------------------------------------------|-------------------------------------------| -| **RecordedFutureIdentity-search-workforce-user** | Search new exposures for Workforce users. | -| **RecordedFutureIdentity-search-external-user** | Search new exposures for External users. | +| **RFI-search-workforce-user** | Search new exposures for Workforce users. | +| **RFI-search-external-user** | Search new exposures for External users. |
"Reactive" playbooks: +Theese are sub playbooks that are called by the base playbooks. | Playbook Name | Description | |--------------------------------------------------------|----------------------------------------------------------------------------------------| -| **RecordedFutureIdentity-add-EntraID-security-group-user** | Add risky user to Active Directory Security Group for users at risk. | -| **RecordedFutureIdentity-confirm-EntraID-risky-user** | Confirm to Active Directory Identity Protection that user is compromised. | -| **RecordedFutureIdentity-lookup-and-save-user** | Lookup additional information on a compromised user and save results to Log Analytics. | +| **RFI-add-EntraID-security-group-user** | Add risky user to Active Directory Security Group for users at risk. | +| **RFI-confirm-EntraID-risky-user** | Confirm to Active Directory Identity Protection that user is compromised. | +| **RFI-lookup-and-save-user** | Lookup additional information on a compromised user and save results to Log Analytics. | @@ -164,7 +165,7 @@ Logic App Parameters for Base Logic App "External use case" are the same as for -#### RecordedFutureIdentity-add-EntraID-security-group-user +#### RFI-add-EntraID-security-group-user This playbook adds a compromised user to an EntraID security group. Triage and remediation should be handled in follow up playbooks or actions. @@ -202,7 +203,7 @@ HTTP request parameters: -#### RecordedFutureIdentity-confirm-EntraID-risky-user +#### RFI-confirm-EntraID-risky-user This playbook confirms compromise of users deemed "high risk" by Microsoft Entra ID Identity Protection. @@ -236,7 +237,7 @@ HTTP request parameters: -#### RecordedFutureIdentity-lookup-and-save-user +#### RFI-lookup-and-save-user This playbook gets compromise identity details from Recorded Future Identity Intelligence and saves the data for further review and analysis. @@ -280,7 +281,7 @@ Logic App Parameters: If you use this playbook to Lookup leaks info for an email and response lookup data is empty (for specified email and lookback range) - the playbook will still save empty results to the Log Analytics Custom Log. -This case is possible if you set up the Logic Apps in that way that Lookup lookback range (in `RecordedFutureIdentity-lookup-and-save-user` playbook) is smaller than Search lookback range (in `RecordedFutureIdentity-search-workforce-user` and `RecordedFutureIdentity-search-external-user` playbooks). +This case is possible if you set up the Logic Apps in that way that Lookup lookback range (in `RFI-lookup-and-save-user` playbook) is smaller than Search lookback range (in `RFI-search-workforce-user` and `RFI-search-external-user` playbooks). In that case you will see some empty records in the corresponding Log Analytics Custom Log (see the screenshot). @@ -289,7 +290,7 @@ In that case you will see some empty records in the corresponding Log Analytics To mitigate this case: make sure you set up the Lookup lookback range equal to or larger than the Search lookback range. -Another way to cover this case - you can add a corresponding check to RecordedFutureIdentity-lookup-and-save-user playbook and not save the results to Log Analytics if the result is empty. +Another way to cover this case - you can add a corresponding check to RFI-lookup-and-save-user playbook and not save the results to Log Analytics if the result is empty. @@ -324,7 +325,7 @@ Another way to cover this case - you can add a corresponding check to RecordedFu -##### RecordedFutureIdentity-add-EntraID-security-group-user +##### RFI-add-EntraID-security-group-user [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-add-EntraID-security-group-user%2Fazuredeploy.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-add-EntraID-security-group-user%2Fazuredeploy.json) @@ -336,14 +337,14 @@ Parameters for deployment: | **Subscription** | Your Azure Subscription to deploy the Solution in. All resources in an Azure subscription are billed together. | | **Resource group** | Resource group in your Subscription to deploy the Solution in. A resource group is a collection of resources that share the same lifecycle, permissions, and policies. | | **Region** | Choose the Azure region that's right for you and your customers. Not every resource is available in every region. | -| **Playbook-Name** | Playbook name to use for this playbook (ex. "RecordedFutureIdentity-add-EntraID-security-group-user"). | +| **Playbook-Name** | Playbook name to use for this playbook (ex. "RFI-add-EntraID-security-group-user"). |
-##### RecordedFutureIdentity-confirm-EntraID-risky-user +##### RFI-confirm-EntraID-risky-user [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-confirm-EntraID-risky-user%2Fazuredeploy.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-confirm-EntraID-risky-user%2Fazuredeploy.json) @@ -355,14 +356,14 @@ Parameters for deployment: | **Subscription** | Your Azure Subscription to deploy the Solution in. All resources in an Azure subscription are billed together. | | **Resource group** | Resource group in your Subscription to deploy the Solution in. A resource group is a collection of resources that share the same lifecycle, permissions, and policies. | | **Region** | Choose the Azure region that's right for you and your customers. Not every resource is available in every region. | -| **Playbook-Name** | Playbook name to use for this playbook (ex. "RecordedFutureIdentity-confirm-EntraID-risky-user"). | +| **Playbook-Name** | Playbook name to use for this playbook (ex. "RFI-confirm-EntraID-risky-user"). |
-##### RecordedFutureIdentity-lookup-and-save-user +##### RFI-lookup-and-save-user [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-lookup-and-save-user%2Fazuredeploy.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-lookup-and-save-user%2Fazuredeploy.json) @@ -374,14 +375,14 @@ Parameters for deployment: | **Subscription** | Your Azure Subscription to deploy the Solution in. All resources in an Azure subscription are billed together. | | **Resource group** | Resource group in your Subscription to deploy the Solution in. A resource group is a collection of resources that share the same lifecycle, permissions, and policies. | | **Region** | Choose the Azure region that's right for you and your customers. Not every resource is available in every region. | -| **Playbook-Name** | Playbook name to use for this playbook (ex. "RecordedFutureIdentity-lookup-and-save-user"). | +| **Playbook-Name** | Playbook name to use for this playbook (ex. "RFI-lookup-and-save-user"). |
-##### RecordedFutureIdentity-search-workforce-user +##### RFI-search-workforce-user [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-workforce-user%2Fazuredeploy.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-workforce-user%2Fazuredeploy.json) @@ -393,17 +394,17 @@ Parameters for deployment: | **Subscription** | Your Azure Subscription to deploy the Solution in. All resources in an Azure subscription are billed together. | | **Resource group** | Resource group in your Subscription to deploy the Solution in. A resource group is a collection of resources that share the same lifecycle, permissions, and policies. | | **Region** | Choose the Azure region that's right for you and your customers. Not every resource is available in every region. | -| **Playbook-Name** | Playbook name to use for this playbook (ex. "RecordedFutureIdentity-search-workforce-user"). | -| **Playbook-Name-add-EntraID-security-group-user** | Playbook name to use for "RecordedFutureIdentity-add-EntraID-security-group-user" playbook. | -| **Playbook-Name-confirm-EntraID-risky-user** | Playbook name to use for "RecordedFutureIdentity-confirm-EntraID-risky-user" playbook. | -| **Playbook-Name-lookup-and-save-user** | Playbook name to use for "RecordedFutureIdentity-lookup-and-save-user" playbook. | +| **Playbook-Name** | Playbook name to use for this playbook (ex. "RFI-search-workforce-user"). | +| **Playbook-Name-add-EntraID-security-group-user** | Playbook name to use for "RFI-add-EntraID-security-group-user" playbook. | +| **Playbook-Name-confirm-EntraID-risky-user** | Playbook name to use for "RFI-confirm-EntraID-risky-user" playbook. | +| **Playbook-Name-lookup-and-save-user** | Playbook name to use for "RFI-lookup-and-save-user" playbook. |
-##### RecordedFutureIdentity-search-external-user +##### RFI-search-external-user [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-external-user%2Fazuredeploy.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-external-user%2Fazuredeploy.json) @@ -415,10 +416,10 @@ Parameters for deployment: | **Subscription** | Your Azure Subscription to deploy the Solution in. All resources in an Azure subscription are billed together. | | **Resource group** | Resource group in your Subscription to deploy the Solution in. A resource group is a collection of resources that share the same lifecycle, permissions, and policies. | | **Region** | Choose the Azure region that's right for you and your customers. Not every resource is available in every region. | -| **Playbook-Name** | Playbook name to use for this playbook (ex. "RecordedFutureIdentity-search-external-user"). | -| **Playbook-Name-add-EntraID-security-group-user** | Playbook name to use for "RecordedFutureIdentity-add-EntraID-security-group-user" playbook. | -| **Playbook-Name-confirm-EntraID-risky-user** | Playbook name to use for "RecordedFutureIdentity-confirm-EntraID-risky-user" playbook. | -| **Playbook-Name-lookup-and-save-user** | Playbook name to use for "RecordedFutureIdentity-lookup-and-save-user" playbook. | +| **Playbook-Name** | Playbook name to use for this playbook (ex. "RFI-search-external-user"). | +| **Playbook-Name-add-EntraID-security-group-user** | Playbook name to use for "RFI-add-EntraID-security-group-user" playbook. | +| **Playbook-Name-confirm-EntraID-risky-user** | Playbook name to use for "RFI-confirm-EntraID-risky-user" playbook. | +| **Playbook-Name-lookup-and-save-user** | Playbook name to use for "RFI-lookup-and-save-user" playbook. |
diff --git a/Solutions/Recorded Future Identity/ReleaseNotes.md b/Solutions/Recorded Future Identity/ReleaseNotes.md index 08dca2d4b9..2b51e290a4 100644 --- a/Solutions/Recorded Future Identity/ReleaseNotes.md +++ b/Solutions/Recorded Future Identity/ReleaseNotes.md @@ -1,4 +1,4 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|---------------------------------------------| -| 3.0.0 | 15-04-2024 | Fixedhardcoded SubscriptionID.
Entra ID renaming of playbooks and readme.
Using solution format V3 | +| 3.0.0 | 15-04-2024 | Fixedhardcoded SubscriptionID.
Entra ID renaming of playbooks and readme.
Using solution format V3
Change prefix on all logic app installation names from RecordedFutureIdentity to RFI die to name size limit of 64 characters. | | 2.0.0 | 14-09-2022 | Initial Solution Release | From e0daf08a8e2b504c4e13c3a7c13eaddc79413bf5 Mon Sep 17 00:00:00 2001 From: Niklas Logren Date: Tue, 21 May 2024 15:14:14 +0200 Subject: [PATCH 03/33] docs: update RFI readme slightly --- Solutions/Recorded Future Identity/Playbooks/readme.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Solutions/Recorded Future Identity/Playbooks/readme.md b/Solutions/Recorded Future Identity/Playbooks/readme.md index 028d2ce37e..c4946fd51e 100644 --- a/Solutions/Recorded Future Identity/Playbooks/readme.md +++ b/Solutions/Recorded Future Identity/Playbooks/readme.md @@ -205,9 +205,11 @@ HTTP request parameters: #### RFI-confirm-EntraID-risky-user -This playbook confirms compromise of users deemed "high risk" by Microsoft Entra ID Identity Protection. +This playbook confirms compromise of users deemed "high risk" by Microsoft Entra ID Protection. -More on Active Directory Identity Protection you can read here: [link1](https://docs.microsoft.com/azure/active-directory/identity-protection/) and [link2](https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection) and [link3](https://docs.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock). +For more info on Entra ID Protection, read here: [link1](https://learn.microsoft.com/en-gb/entra/id-protection/) and [link2](https://learn.microsoft.com/en-gb/entra/id-protection/overview-identity-protection) and [link3](https://learn.microsoft.com/en-gb/entra/id-protection/howto-identity-protection-remediate-unblock). + +Note that this playbook only runs on already flagged risky users. If a user isn't flagged as a risky user by Entra ID Protection, this playbook won't do anything.
From 39679ddd0e387db08c4f35ec5d2e771be0a0df91 Mon Sep 17 00:00:00 2001 From: RecordedFutureOskbo Date: Tue, 11 Jun 2024 11:48:16 +0200 Subject: [PATCH 04/33] Rename all playbooks and version custom connector --- .../Data/Solution_RecordedFutureIdentity.json | 11 +- .../azuredeploy.json | 1835 +++++++++++++++++ .../azuredeploy.json | 2 +- .../azuredeploy.json | 2 +- .../azuredeploy.json | 158 +- .../azuredeploy.json | 10 +- .../azuredeploy.json | 10 +- .../Playbooks/readme.md | 20 +- 8 files changed, 1956 insertions(+), 92 deletions(-) create mode 100644 Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0.1.0/azuredeploy.json rename Solutions/Recorded Future Identity/Playbooks/{RecordedFutureIdentity-add-EntraID-security-group-user => RFI-add-EntraID-security-group-user}/azuredeploy.json (99%) rename Solutions/Recorded Future Identity/Playbooks/{RecordedFutureIdentity-confirm-EntraID-risky-user => RFI-confirm-EntraID-risky-user}/azuredeploy.json (99%) rename Solutions/Recorded Future Identity/Playbooks/{RecordedFutureIdentity-lookup-and-save-user => RFI-lookup-and-save-user}/azuredeploy.json (78%) rename Solutions/Recorded Future Identity/Playbooks/{RecordedFutureIdentity-search-external-user => RFI-search-external-user}/azuredeploy.json (97%) rename Solutions/Recorded Future Identity/Playbooks/{RecordedFutureIdentity-search-workforce-user => RFI-search-workforce-user}/azuredeploy.json (98%) diff --git a/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json b/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json index 2fb3e6cdd2..32b8ddb918 100644 --- a/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json +++ b/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json @@ -5,11 +5,12 @@ "Description": "[Recorded Future](https://www.recordedfuture.com/) Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:\n1. searches for compromised workforce or external customer users\n2. looking up existing users and saving the compromised user data to a Log file\n3. confirming high risk Azure Active Directory (AAD) users\n4. adding a compromised user to an AAD security group\n\nFor more information, see the [Documentation for this Solution](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/Playbooks).\n\nThe playbooks have internal dependencies where you have to install: \n- RecordedFutureIdentity-add-EntraID-security-group-user \n- RecordedFutureIdentity-confirm-EntraID-risky-user \n- RecordedFutureIdentity-lookup-and-save-user \n\nBefore: \n- RecordedFutureIdentity-search-workforce-user \n- RecordedFutureIdentity-search-external-user.\n\nThis solution depends on underlying Microsoft technologies. Some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:\n* [Log Analytics](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/workspace-design)\n* [Logic apps](https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-pricing)\n", "PlaybooksBladeDescription": "This solution will install playbooks that import users with leaked credentials from Recorded Future and set them as RiskyUsers in Azure Active Directory.", "Playbooks": [ - "/Playbooks/RecordedFutureIdentity-add-EntraID-security-group-user/azuredeploy.json", - "/Playbooks/RecordedFutureIdentity-confirm-EntraID-risky-user/azuredeploy.json", - "/Playbooks/RecordedFutureIdentity-lookup-and-save-user/azuredeploy.json", - "/Playbooks/RecordedFutureIdentity-search-workforce-user/azuredeploy.json", - "/Playbooks/RecordedFutureIdentity-search-external-user/azuredeploy.json" + "/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json", + "/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json", + "/Playbooks/RFI-lookup-and-save-user/azuredeploy.json", + "/Playbooks/RFI-search-workforce-user/azuredeploy.json", + "/Playbooks/RFI-search-external-user/azuredeploy.json", + "/Playbooks/RFI-CustomConnector-0.1.0/azuredeploy.json" ], "BasePath": "D:\\Azure-Sentinel\\Solutions\\Recorded Future Identity\\", "Version": "3.0.0", diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0.1.0/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0.1.0/azuredeploy.json new file mode 100644 index 0000000000..16f058d4cc --- /dev/null +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0.1.0/azuredeploy.json @@ -0,0 +1,1835 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "ConnectorName": { + "defaultValue": "RFI-CustomConnector-0.1.0", + "type": "String", + "metadata": { + "description": "Recorded Future Identity Custom Connector 0.1.0" + } + }, + "ServiceEndpoint": { + "defaultValue": "https://api.recordedfuture.com/gw/azure-identity", + "type": "String", + "metadata": { + "description": "Recorded Future Identity API" + } + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Web/customApis", + "apiVersion": "2016-06-01", + "name": "[parameters('ConnectorName')]", + "location": "[resourceGroup().location]", + "properties": { + "connectionParameters": { + "api_key": { + "type": "securestring" + } + }, + "backendService": { + "serviceUrl": "[parameters('ServiceEndPoint')]" + }, + "capabilities": [], + "brandColor": "#FFFFFF", + "description": "Recorded Future Identity Connector enables access to the Recorded Future Identity Intelligence. The connector has dedicated actions for search and lookup of identity leaks.", + "displayName": "[parameters('ConnectorName')]", + "iconUri": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEBLAEsAAD/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsKCwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT/wAARCAAoADADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9U6a7rGpZ2CqoyWY4Ap1YXjjwXpvxC8K6h4d1hZX02+QJMIZDG+AwYYYdOVFVHlckpOyJlzKLcVdniXxW8VeJvF/ir4ofD2wSO4tY/Cq3NnBGoWRpnIDfOSOoYjB44Fa/wz8ZeIdL+JujeAdRaOKwsfBlreSwsoMi3IKoxL55GMj04rzjx5p+m+G/id8VYLnT573RbLwLbxfZlnaNpI1KKq+bgkH5evPQ9a0PBvh3S/GPxkt9LaznttC1L4b20HkeczOkLuo2+ZwSQOM98V9U6VP6va3u8t9uvLHXff8Aq58sqtT6xe/vc1t+nNLTbb+rH1SrBlDKQVIyCOhpay/C/h2z8I+HdN0TTldbHT4Et4RI5dtijAyT1NalfKStd22Pqo3sr7nnvgr45eHPHV5pttaRanYtqkTS6fJqNi8Ed4qrubynPysQuTjOcAntXZnXtMXT5b86jaCxiJEl156+UhBwctnA5r5TH7OvifRfBOjLNczCb/hHLmxmGpaqDBol2y482PL7QjoWiOzO3dkcE1f0H4X3mrXMGsaZpFtqlpYX9rPeeG21LT2ju1SKZAwjt0WFWUyAgu2X2c7doz79TBYVtypVNPl3+W//AAdmeDTxuKVo1aer9e36f8DdM+ifFcHhzxN4fk0jWbq0fTtciNsqtciM3KsOkbAgk88bfWrGlz6D4d0yHT7S7s7a1023WAI1wpMMSYQBiTnAIAye9fP2tfBTxBcR6o0fgfSXj1jR20+zs471CmhSmaV/My/Y+YrHys4ZMAYwaZo/7P2t6R4atJr3QbXXtVtfFEuoXtvNLEJNVs8MEy7HafmIkCOQMjnmsvq1Dks62l9tP8/l/wAA1+s1ue6o6231/wAvn/wT3vQPiDofiK3vp7a8WGKz1CXS3e5IjDTxkBlUk/N14x1pvj34iaH8N/D9/rGs3Oy3so0llihw82xpFjDBM5I3MBmvmiP4C+KbCbUtQv8AQUXRZrjURFosNzYlbRZpFZJQ06tGqlRsJXDrsGARxVjx58BPFGo+B/FWj2nhm38R6rqS2Mun6/PqMLTQRRRwI1vvcIxI8t8EBVYOScH5TqsDhPaxvV9266rur63+f5XMnjcV7OVqT5rdn2dtLf11se2ftIK0nwJ8bKqlmOmyYAGT2ri4G1P4ReKPB8usnRdK0XUJLqK8k8O6W9vDIwgBt1mA3Fm3b9vuSO9FFZ4P36caL2k5X/8AAUaYz3akqq3io2/8CZ5HbeIvEqre+JTrusp4ivPCIuLRe87x3cgkVV28lI13kDkEk+1d/rHxE1fxz8XF0vQPE2o2nhu91CwgjuLJNn7t7K6eTyy6d2jX5scEcdKKK9+rShyzqWV0nbRd1+VvxZ4NKrNShTu7Nq+r7frfX5D/AId674p8U+NINJ1/VpJmmubuHVdFupHdo4Yy/kMsS2wEJBWI+Y0pEgJ6lgB9JWtvHZ28UES7Yo1CKMk8D3NFFfN5laNSKirK1z6PLbypycnd3t+R/9k=", + "swagger": { + "swagger": "2.0", + "info": { + "title": "Recorded Future Identity", + "description": "The Recorded Future Identity Intelligence Connector enables security and IT\nteams to detect identity compromises, for both employees and customers. To\ndo this, Recorded Future automates the collection, analysis, and production\nof identity intelligence from a vast range of sources. Through this\nconnector, organizations can incorporate identity intelligence into\nautomated workflows (e.g., password resets) with applications such as Azure\nActive Directory and Microsoft Sentinel.", + "contact": { + "name": "Recorded Future Support", + "url": "https://support.recordedfuture.com", + "email": "support@recordedfuture.com" + }, + "version": "0.1.0" + }, + "host": "api.recordedfuture.com", + "basePath": "/gw/azure-identity", + "schemes": [ + "https" + ], + "consumes": [], + "produces": [], + "paths": { + "/credentials/lookup": { + "post": { + "tags": [ + "Identity" + ], + "summary": "Credential Lookup - Look up credential data for one or more users", + "description": "Look up exposed credential data for a specific set of subjects", + "operationId": "Credential_Lookup", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "body", + "name": "body", + "schema": { + "$ref": "#/definitions/CredentialsLookupRequest" + } + } + ], + "responses": { + "200": { + "description": "Returns detailed information on the exposed credentials", + "schema": { + "type": "object", + "properties": { + "exposed_credentials": { + "title": "Exposed credentials", + "description": "List of exposed credentials", + "type": "array", + "items": { + "type": "object", + "properties": { + "clear_text_hint": { + "description": "First two letters of the exposed secret. Only available for secrets exposed in clear text", + "type": "string", + "example": "s5", + "x-ms-visibility": "important" + }, + "dumps": { + "description": "List of data dumps in which the signature has been involved.", + "type": "array", + "items": { + "type": "object", + "properties": { + "breaches": { + "description": "List of data breaches related to the dump", + "type": "array", + "items": { + "type": "object", + "properties": { + "breached": { + "type": "string", + "example": "2016-06-01T00:00:00.000Z", + "x-ms-visibility": "important" + }, + "description": { + "type": "string", + "example": "Evony.com reportedly suffered data breaches in June and August 2016, resulting in the exposure of over 34 million user accounts.", + "x-ms-visibility": "important" + }, + "domain": { + "type": "string", + "example": "evony.com", + "x-ms-visibility": "important" + }, + "name": { + "type": "string", + "example": "Evony", + "x-ms-visibility": "important" + }, + "precision": { + "type": "string", + "example": "month", + "x-ms-visibility": "important" + }, + "site_description": { + "type": "string", + "example": "Evony.com is the website of Evony LLC, which develops browser and mobile-based online games.", + "x-ms-visibility": "important" + }, + "start": { + "type": "string", + "example": "2016-06-01T00:00:00.000Z", + "x-ms-visibility": "important" + }, + "stop": { + "type": "string", + "example": "2016-08-31T23:59:59.000Z", + "x-ms-visibility": "important" + }, + "type": { + "type": "string", + "example": "Breach", + "x-ms-visibility": "important" + } + } + } + }, + "description": { + "description": "Description of the dump", + "type": "string", + "example": "This credential data was derived from stealer malware logs. These logs were obtained through Recorded Future\\u2019s proprietary sources.", + "x-ms-visibility": "important" + }, + "downloaded": { + "description": "Date when the dump was downloaded", + "type": "string", + "example": "2021-07-23T00:00:00.000Z", + "x-ms-visibility": "important" + }, + "name": { + "description": "Name of the dump", + "type": "string", + "example": "XSS.is Dump 2021", + "x-ms-visibility": "important" + }, + "type": { + "description": "Type of the dump", + "type": "string", + "example": "Combo List", + "x-ms-visibility": "important" + } + } + } + }, + "exposed_secret_format": { + "description": "Format of the exposed secret. Either the hash algorithm or clear for cleartext.", + "type": "string", + "example": "clear", + "x-ms-visibility": "important" + }, + "first_seen": { + "description": "Date when the signature was first seen exposed", + "type": "string", + "example": "2021-07-23T00:00:00.000Z", + "x-ms-visibility": "important" + }, + "last_seen": { + "description": "Date when the signature was last seen exposed", + "type": "string", + "example": "2021-07-23T00:00:00.000Z", + "x-ms-visibility": "important" + }, + "malware_family": { + "title": "Malware family", + "description": "Family of malware used to extract the credentials", + "type": "string", + "example": "RedLine Stealer", + "x-ms-visibility": "important" + }, + "secret_hashes": { + "description": "List of known hashes of the exposed secret. Calculated by Recorded Future if the secret was exposed in clear text.", + "type": "array", + "items": { + "type": "object", + "properties": { + "algorithm": { + "title": "algorithm", + "description": "Hash algorithm used", + "type": "string", + "example": "SHA1", + "x-ms-visibility": "important" + }, + "hash": { + "title": "hash", + "description": "Hash value", + "type": "string", + "example": "a7862e41d43a09e0297f197ec4673ad2c0e0d43c", + "x-ms-visibility": "important" + } + } + } + }, + "secret_properties": { + "description": "Properties of the clear text", + "type": "array", + "items": { + "type": "string", + "example": "Letter", + "x-ms-visibility": "important" + }, + "x-ms-visibility": "important" + }, + "secret_rank": { + "description": "Any common password collections the password is part of", + "type": "string", + "example": "Top100kCommonPasswords", + "x-ms-visibility": "important" + }, + "signature": { + "title": "signature", + "description": "Requested signature", + "type": "string", + "example": "06regq@www.google.com", + "x-ms-visibility": "important" + } + } + } + } + } + } + }, + "401": { + "description": "Authorization token is missing", + "schema": { + "$ref": "#/definitions/401Error" + } + }, + "403": { + "description": "Provided token is not authorized to use the API.", + "schema": { + "$ref": "#/definitions/403Error" + } + } + }, + "security": [ + { + "ApiKeyAuth": [] + } + ], + "x-ms-api-annotation": { + "family": "Credential_Lookup", + "revision": 1 + }, + "x-ms-visibility": "important" + } + }, + "/credentials/search": { + "post": { + "tags": [ + "Identity" + ], + "summary": "Credential Search - Search credential data for one or more domains", + "description": "Search credential data exposed in data dumps and through malware logs", + "operationId": "Credential_Search", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "body", + "name": "body", + "schema": { + "type": "object", + "properties": { + "domain_type": { + "title": "Credential type", + "description": "Select credential type", + "default": "My Organization (workforce use case)", + "enum": [ + "My Organization (workforce use case)", + "Customer (external use case)" + ], + "type": "string", + "example": "My Organization (workforce use case)", + "x-ms-visibility": "important" + }, + "domains": { + "title": "Domains", + "description": "List of domains to search", + "type": "array", + "items": { + "title": "Domain", + "description": "A domain owned by your organization", + "type": "string", + "example": "google.com", + "x-ms-visibility": "important" + }, + "x-ms-visibility": "important" + }, + "filter": { + "type": "object", + "properties": { + "breach_properties": { + "$ref": "#/definitions/BreachProperties" + }, + "dump_properties": { + "$ref": "#/definitions/DumpProperties" + }, + "latest_downloaded_gte": { + "format": "date-time", + "title": "From", + "description": "YYYY-MM-DD (until today)", + "type": "string", + "example": "2017-07-21T17:32:28.0000000+00:00", + "x-ms-visibility": "important" + }, + "properties": { + "$ref": "#/definitions/CredentialProperties" + } + } + }, + "limit": { + "title": "Results", + "description": "Maxiumum number of results", + "default": 500, + "type": "number", + "example": 10, + "x-ms-visibility": "advanced" + }, + "offset": { + "title": "Offset", + "description": "Records from offset", + "type": "string", + "example": "eyJzdWJqZWN0IjpudWxsLCJsb2dpbiI6IjU2MDQwMjQ5MjUxIiwiYXV0aG9yaXphdGlvbl9zZXJ2aWNlIjoiZ29vZ2xlLmNvbSJ9", + "x-ms-visibility": "advanced" + } + } + } + } + ], + "responses": { + "200": { + "description": "Returns a list exposed credentials related to the searched domains", + "schema": { + "type": "object", + "properties": { + "count": { + "title": "Count", + "description": "Number of returned credentials", + "type": "number", + "example": 2, + "x-ms-visibility": "important" + }, + "credential_dumps": { + "title": "Credential dumps", + "description": "List of credentials exposed in data dumps", + "type": "array", + "items": { + "type": "string", + "example": "test@domain.com", + "x-ms-visibility": "important" + } + }, + "malware_logs": { + "title": "Malware logs", + "description": "List of credentials exposed through malware logs", + "type": "array", + "items": { + "type": "object", + "properties": { + "domain": { + "title": "Domain", + "description": "Login domain", + "type": "string", + "example": "www.domain.com", + "x-ms-visibility": "important" + }, + "login": { + "title": "Login", + "description": "Login username", + "type": "string", + "example": "testuser", + "x-ms-visibility": "important" + } + } + } + }, + "next_offset": { + "title": "Next offset", + "description": "Offset used to request succeeding records", + "type": "string", + "example": "eyJzdWJqZWN0IjpudWxsLCJsb2dpbiI6IjU2MDQwMjQ5MjUxIiwiYXV0aG9yaXphdGlvbl9zZXJ2aWNlIjoiZ29vZ2xlLmNvbSJ9", + "x-ms-visibility": "important" + } + } + } + }, + "401": { + "description": "Authorization token is missing", + "schema": { + "$ref": "#/definitions/401Error" + } + }, + "403": { + "description": "Provided token is not authorized to use the API.", + "schema": { + "$ref": "#/definitions/403Error" + } + } + }, + "security": [ + { + "ApiKeyAuth": [] + } + ], + "x-ms-visibility": "important" + } + }, + "/v2/credentials/lookup": { + "post": { + "tags": [ + "Identity" + ], + "summary": "Credential Lookup V2 - Look up credential data for one or more users", + "description": "Look up exposed credential data for a specific set of subjects", + "operationId": "Credential_Lookup_V2", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "body", + "name": "body", + "schema": { + "$ref": "#/definitions/CredentialsLookupRequest" + } + } + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/LookupResponse" + } + } + }, + "security": [ + { + "ApiKeyAuth": [] + } + ], + "x-ms-api-annotation": { + "family": "Credential_Lookup", + "revision": 2 + }, + "x-ms-visibility": "important" + } + } + }, + "definitions": { + "401Error": { + "type": "object", + "properties": { + "error": { + "type": "object", + "properties": { + "status": { + "type": "number", + "example": 401 + } + } + } + } + }, + "403Error": { + "type": "object", + "properties": { + "code": { + "type": "number", + "example": 403 + }, + "error": { + "type": "object", + "properties": { + "message": { + "type": "string", + "example": "Not Authenticated" + }, + "status": { + "type": "string", + "example": "fail" + } + } + } + } + }, + "CredentialProperties": { + "description": "Filter on credential properties", + "type": "array", + "items": { + "description": "Credentials must include", + "enum": [ + "Letter", + "Number", + "Symbol", + "UpperCase", + "LowerCase", + "MixedCase", + "AtLeast8Characters", + "AtLeast12Characters", + "AtLeast16Characters", + "AtLeast24Characters" + ], + "type": "string", + "example": "Letter" + }, + "x-ms-visibility": "advanced" + }, + "AuthorizationService": { + "type": "object", + "properties": { + "domain": { + "type": "string" + }, + "fqdn": { + "type": "string" + }, + "protocols": { + "type": "array", + "items": { + "type": "string" + } + }, + "technology": { + "type": "array", + "items": { + "$ref": "#/definitions/Technology" + } + }, + "url": { + "type": "string" + } + } + }, + "BreachMetadata": { + "type": "object", + "properties": { + "breached": { + "format": "date-time", + "type": "string" + }, + "description": { + "type": "string" + }, + "domain": { + "type": "string" + }, + "name": { + "type": "string" + }, + "precision": { + "enum": [ + "year", + "month", + "day" + ], + "type": "string" + }, + "site_description": { + "type": "string" + }, + "start": { + "format": "date-time", + "type": "string" + }, + "stop": { + "format": "date-time", + "type": "string" + }, + "type": { + "type": "string" + } + } + }, + "BreachProperties": { + "type": "object", + "properties": { + "date": { + "format": "date-time", + "description": "YYYY-MM-DD (until today)", + "type": "string", + "example": "2022-02-08T10:32:37.9510000+00:00" + }, + "name": { + "type": "string", + "example": "Cit0day" + } + }, + "x-ms-visibility": "advanced" + }, + "CleartextPasswordDetails": { + "type": "object", + "properties": { + "clear_text_hint": { + "description": "First two characters of the cleartext password", + "type": "string" + }, + "clear_text_value": { + "description": "The password as clear text", + "type": "string" + }, + "properties": { + "description": "Properties exhibited by the password", + "type": "array", + "items": { + "enum": [ + "Letter", + "Number", + "Symbol", + "UpperCase", + "LowerCase", + "MixedCase", + "AtLeast8Characters", + "AtLeast10Characters", + "AtLeast12Characters", + "AtLeast16Characters", + "AtLeast24Characters", + "Cookies", + "UnexpiredCookies", + "AuthorizationTechnology", + "MalwareOnly" + ], + "type": "string" + } + }, + "rank": { + "description": "A ranking of how common this password is", + "enum": [ + "Top100kCommonPasswords", + "TopMillionCommonPasswords" + ], + "type": "string" + } + } + }, + "Compromise": { + "type": "object", + "properties": { + "antivirus": { + "type": "array", + "items": { + "type": "string" + } + }, + "computer_name": { + "type": "string" + }, + "exfiltration_date": { + "format": "date-time", + "type": "string" + }, + "malware_file": { + "type": "string" + }, + "os": { + "type": "string" + }, + "os_username": { + "type": "string" + }, + "timezone": { + "type": "string" + }, + "uac": { + "type": "string" + } + } + }, + "Cookie": { + "type": "object", + "properties": { + "dns": { + "type": "string" + }, + "expiration": { + "format": "date-time", + "type": "string" + }, + "http": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "secure": { + "type": "boolean" + } + } + }, + "CountryCodeMappingModel": { + "type": "object", + "properties": { + "alpha2Code": { + "type": "string" + }, + "alpha3Code": { + "type": "string" + }, + "countryCode": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "Credentials": { + "type": "object", + "properties": { + "authorization_service": { + "type": "object", + "properties": { + "domain": { + "type": "string" + }, + "fqdn": { + "type": "string" + }, + "protocols": { + "type": "array", + "items": { + "type": "string" + } + }, + "technology": { + "type": "array", + "items": { + "$ref": "#/definitions/Technology" + } + }, + "url": { + "type": "string" + } + } + }, + "compromise": { + "type": "object", + "properties": { + "exfiltration_date": { + "format": "date-time", + "type": "string" + } + } + }, + "cookies": { + "type": "array", + "items": { + "$ref": "#/definitions/Cookie" + } + }, + "dumps": { + "type": "array", + "items": { + "$ref": "#/definitions/DumpMetadata" + } + }, + "exposed_secret": { + "$ref": "#/definitions/SecretDetails" + }, + "first_downloaded": { + "format": "date-time", + "type": "string" + }, + "latest_downloaded": { + "format": "date-time", + "type": "string" + }, + "malware_family": { + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "subject": { + "type": "string" + } + } + }, + "CredentialsLookupRequest": { + "type": "object", + "properties": { + "filter": { + "type": "object", + "properties": { + "authorization_protocols": { + "description": "Only include credentials with these authorization protocols", + "type": "array", + "items": { + "type": "string" + }, + "x-ms-visibility": "important" + }, + "authorization_technologies": { + "description": "Only include credentials with these authorization technologies", + "type": "array", + "items": { + "type": "string" + }, + "x-ms-visibility": "important" + }, + "breach_properties": { + "description": "Only include credentials from breaches that exhibit these properties", + "type": "object", + "properties": { + "date": { + "format": "date-time", + "type": "string" + }, + "name": { + "type": "string" + } + }, + "x-ms-visibility": "important" + }, + "dump_properties": { + "description": "Only include credentials from dumps that exhibit these properties", + "type": "object", + "properties": { + "date": { + "format": "date-time", + "type": "string" + }, + "name": { + "type": "string" + } + }, + "x-ms-visibility": "important" + }, + "exfiltration_date_gte": { + "format": "date-time", + "description": "YYYY-MM-DD (until today)", + "type": "string", + "x-ms-visibility": "important" + }, + "first_downloaded_gte": { + "format": "date-time", + "description": "YYYY-MM-DD (until today)", + "type": "string", + "x-ms-visibility": "important" + }, + "latest_downloaded_gte": { + "format": "date-time", + "description": "YYYY-MM-DD (until today)", + "type": "string", + "x-ms-visibility": "important" + }, + "malware_families": { + "description": "Only include credentials with these malware families", + "type": "array", + "items": { + "type": "string" + }, + "x-ms-visibility": "important" + }, + "properties": { + "description": "Only include breaches of passwords that exhibit these properties", + "type": "array", + "items": { + "enum": [ + "Letter", + "Number", + "Symbol", + "UpperCase", + "LowerCase", + "MixedCase", + "AtLeast8Characters", + "AtLeast10Characters", + "AtLeast12Characters", + "AtLeast16Characters", + "AtLeast24Characters", + "Cookies", + "UnexpiredCookies", + "AuthorizationTechnology", + "MalwareOnly" + ], + "type": "string" + }, + "x-ms-visibility": "important" + }, + "username_properties": { + "description": "Only include credentials with these username properties", + "type": "array", + "items": { + "enum": [ + "Email" + ], + "type": "string" + }, + "x-ms-visibility": "important" + } + } + }, + "organization_id": { + "type": "string", + "x-ms-visibility": "important" + }, + "subjects": { + "title": "Emails", + "description": "List of email addresses to look up", + "type": "array", + "items": { + "description": "An email-address with exposed credentials", + "type": "string", + "x-ms-visibility": "important" + }, + "x-ms-visibility": "important" + }, + "subjects_login": { + "title": "Credential with auth domain", + "description": "List of breached domain users to look up", + "type": "array", + "items": { + "$ref": "#/definitions/DomainLogin" + }, + "x-ms-visibility": "important" + }, + "subjects_sha1": { + "title": "Hashed emails", + "description": "List of hashed email addresses to look up", + "type": "array", + "items": { + "description": "The SHA1 hash of an email-address with exposed credentials", + "type": "string", + "x-ms-visibility": "advanced" + }, + "x-ms-visibility": "advanced" + } + } + }, + "CredentialsSearchRequest": { + "type": "object", + "properties": { + "domain_types": { + "type": "array", + "items": { + "enum": [ + "Authorization", + "Email" + ], + "type": "string" + } + }, + "domains": { + "type": "array", + "items": { + "type": "string" + } + }, + "filter": { + "type": "object", + "properties": { + "authorization_protocols": { + "description": "Only include credentials with these authorization protocols", + "type": "array", + "items": { + "type": "string" + } + }, + "authorization_technologies": { + "description": "Only include credentials with these authorization technologies", + "type": "array", + "items": { + "type": "string" + } + }, + "breach_properties": { + "description": "Only include credentials from breaches that exhibit these properties", + "type": "object", + "properties": { + "date": { + "format": "date-time", + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "dump_properties": { + "description": "Only include credentials from dumps that exhibit these properties", + "type": "object", + "properties": { + "date": { + "format": "date-time", + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "exfiltration_date_gte": { + "format": "date-time", + "description": "Only include exfiltrations this time onwards", + "type": "string" + }, + "first_downloaded_gte": { + "format": "date-time", + "description": "Only include breaches this time onwards", + "type": "string" + }, + "latest_downloaded_gte": { + "format": "date-time", + "description": "Only include breaches this time onwards", + "type": "string" + }, + "malware_families": { + "description": "Only include credentials with these malware families", + "type": "array", + "items": { + "type": "string" + } + }, + "properties": { + "description": "Only include breaches of passwords that exhibit these properties", + "type": "array", + "items": { + "enum": [ + "Letter", + "Number", + "Symbol", + "UpperCase", + "LowerCase", + "MixedCase", + "AtLeast8Characters", + "AtLeast10Characters", + "AtLeast12Characters", + "AtLeast16Characters", + "AtLeast24Characters", + "Cookies", + "UnexpiredCookies", + "AuthorizationTechnology", + "MalwareOnly" + ], + "type": "string" + } + }, + "username_properties": { + "description": "Only include credentials with these username properties", + "type": "array", + "items": { + "enum": [ + "Email" + ], + "type": "string" + } + } + } + }, + "limit": { + "type": "integer" + }, + "offset": { + "type": "string" + }, + "organization_id": { + "type": "string" + } + } + }, + "DeprecatedCompromise": { + "type": "object", + "properties": { + "exfiltration_date": { + "format": "date-time", + "type": "string" + } + } + }, + "DomainLogin": { + "type": "object", + "properties": { + "domain": { + "description": "domain.com", + "type": "string", + "x-ms-visibility": "important" + }, + "login": { + "description": "Either input username or hash of username", + "type": "string", + "x-ms-visibility": "important" + }, + "login_sha1": { + "description": "Either input username or hash of username", + "type": "string", + "x-ms-visibility": "important" + } + } + }, + "DumpMetadata": { + "type": "object", + "properties": { + "breaches": { + "type": "array", + "items": { + "$ref": "#/definitions/BreachMetadata" + } + }, + "compromise": { + "type": "object", + "properties": { + "antivirus": { + "type": "array", + "items": { + "type": "string" + } + }, + "computer_name": { + "type": "string" + }, + "exfiltration_date": { + "format": "date-time", + "type": "string" + }, + "malware_file": { + "type": "string" + }, + "os": { + "type": "string" + }, + "os_username": { + "type": "string" + }, + "timezone": { + "type": "string" + }, + "uac": { + "type": "string" + } + } + }, + "description": { + "type": "string" + }, + "downloaded": { + "format": "date-time", + "type": "string" + }, + "infrastructure": { + "type": "object", + "properties": { + "ip": { + "type": "string" + } + } + }, + "location": { + "type": "object", + "properties": { + "address": { + "type": "string" + }, + "address1": { + "type": "string" + }, + "address2": { + "type": "string" + }, + "city": { + "type": "string" + }, + "country": { + "type": "object", + "properties": { + "alpha2Code": { + "type": "string" + }, + "alpha3Code": { + "type": "string" + }, + "countryCode": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "postal_code": { + "type": "string" + }, + "state": { + "type": "string" + }, + "zip": { + "type": "string" + } + } + }, + "name": { + "type": "string" + }, + "type": { + "type": "string" + } + } + }, + "DumpMetadataSearchRequest": { + "type": "object", + "properties": { + "limit": { + "type": "integer" + }, + "names": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "DumpProperties": { + "type": "object", + "properties": { + "date": { + "format": "date-time", + "description": "YYYY-MM-DD (until today)", + "type": "string", + "example": "2022-02-08T10:32:37.9510000+00:00" + }, + "name": { + "type": "string", + "example": "XSS.is Dump 2021" + } + }, + "x-ms-visibility": "advanced" + }, + "IdentityDetails": { + "type": "object", + "properties": { + "subjects": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "IdentityRequestFilter": { + "type": "object", + "properties": { + "authorization_protocols": { + "description": "Only include credentials with these authorization protocols", + "type": "array", + "items": { + "type": "string" + } + }, + "authorization_technologies": { + "description": "Only include credentials with these authorization technologies", + "type": "array", + "items": { + "type": "string" + } + }, + "breach_properties": { + "description": "Only include credentials from breaches that exhibit these properties", + "type": "object", + "properties": { + "date": { + "format": "date-time", + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "dump_properties": { + "description": "Only include credentials from dumps that exhibit these properties", + "type": "object", + "properties": { + "date": { + "format": "date-time", + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "exfiltration_date_gte": { + "format": "date-time", + "description": "Only include exfiltrations this time onwards", + "type": "string" + }, + "first_downloaded_gte": { + "format": "date-time", + "description": "Only include breaches this time onwards", + "type": "string" + }, + "latest_downloaded_gte": { + "format": "date-time", + "description": "Only include breaches this time onwards", + "type": "string" + }, + "malware_families": { + "description": "Only include credentials with these malware families", + "type": "array", + "items": { + "type": "string" + } + }, + "properties": { + "description": "Only include breaches of passwords that exhibit these properties", + "type": "array", + "items": { + "enum": [ + "Letter", + "Number", + "Symbol", + "UpperCase", + "LowerCase", + "MixedCase", + "AtLeast8Characters", + "AtLeast10Characters", + "AtLeast12Characters", + "AtLeast16Characters", + "AtLeast24Characters", + "Cookies", + "UnexpiredCookies", + "AuthorizationTechnology", + "MalwareOnly" + ], + "type": "string" + } + }, + "username_properties": { + "description": "Only include credentials with these username properties", + "type": "array", + "items": { + "enum": [ + "Email" + ], + "type": "string" + } + } + } + }, + "IncidentReportCredentials": { + "type": "object", + "properties": { + "authorization_domain": { + "type": "string" + }, + "contains_active_cookies": { + "type": "boolean" + }, + "contains_cookies": { + "type": "boolean" + }, + "contains_high_risk_technologies": { + "type": "boolean" + }, + "domain_category": { + "type": "string" + }, + "domain_technology": { + "type": "string" + }, + "email_or_login": { + "type": "string" + }, + "password": { + "type": "string" + }, + "password_sha1": { + "type": "string" + } + } + }, + "IncidentReportDetails": { + "type": "object", + "properties": { + "antivirus": { + "type": "string" + }, + "country": { + "type": "string" + }, + "exfiltration_date": { + "type": "string" + }, + "ip_address": { + "type": "string" + }, + "malware_family": { + "type": "string" + }, + "malware_file": { + "type": "string" + }, + "os": { + "type": "string" + }, + "os_username": { + "type": "string" + }, + "postal_code": { + "type": "string" + }, + "timezone": { + "type": "string" + }, + "uac": { + "type": "string" + } + } + }, + "IncidentReportRequest": { + "type": "object", + "properties": { + "include_details": { + "type": "boolean" + }, + "limit": { + "type": "integer" + }, + "offset": { + "type": "string" + }, + "organization_id": { + "type": "string" + }, + "source_malware_log": { + "type": "string" + } + } + }, + "IncidentReportResponse": { + "type": "object", + "properties": { + "count": { + "type": "integer" + }, + "credentials": { + "type": "array", + "items": { + "$ref": "#/definitions/IncidentReportCredentials" + } + }, + "details": { + "type": "object", + "properties": { + "antivirus": { + "type": "string" + }, + "country": { + "type": "string" + }, + "exfiltration_date": { + "type": "string" + }, + "ip_address": { + "type": "string" + }, + "malware_family": { + "type": "string" + }, + "malware_file": { + "type": "string" + }, + "os": { + "type": "string" + }, + "os_username": { + "type": "string" + }, + "postal_code": { + "type": "string" + }, + "timezone": { + "type": "string" + }, + "uac": { + "type": "string" + } + } + }, + "next_offset": { + "type": "string" + }, + "total_count": { + "type": "integer" + } + } + }, + "Infrastructure": { + "type": "object", + "properties": { + "ip": { + "type": "string" + } + } + }, + "LeakedIdentity": { + "type": "object", + "properties": { + "count": { + "type": "integer" + }, + "credentials": { + "type": "array", + "items": { + "$ref": "#/definitions/Credentials" + } + }, + "identity": { + "$ref": "#/definitions/IdentityDetails" + } + } + }, + "Location": { + "type": "object", + "properties": { + "address": { + "type": "string" + }, + "address1": { + "type": "string" + }, + "address2": { + "type": "string" + }, + "city": { + "type": "string" + }, + "country": { + "type": "object", + "properties": { + "alpha2Code": { + "type": "string" + }, + "alpha3Code": { + "type": "string" + }, + "countryCode": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "postal_code": { + "type": "string" + }, + "state": { + "type": "string" + }, + "zip": { + "type": "string" + } + } + }, + "LookupResponse": { + "type": "object", + "properties": { + "count": { + "type": "integer" + }, + "identities": { + "type": "array", + "items": { + "$ref": "#/definitions/LeakedIdentity" + } + }, + "next_offset": { + "type": "string" + } + } + }, + "MalwareFamily": { + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "MetadataDumpResponse": { + "type": "object", + "properties": { + "dumps": { + "type": "array", + "items": { + "$ref": "#/definitions/DumpMetadata" + } + } + } + }, + "PasswordHash": { + "type": "object" + }, + "PasswordLookupRequest": { + "type": "object", + "properties": { + "passwords": { + "type": "array", + "items": { + "$ref": "#/definitions/PasswordHash" + } + } + } + }, + "PasswordLookupResponse": { + "type": "object", + "properties": { + "results": { + "type": "array", + "items": { + "$ref": "#/definitions/SinglePasswordLookupResult" + } + } + } + }, + "SearchResponse": { + "type": "object", + "properties": { + "count": { + "type": "integer" + }, + "count_relation": { + "type": "string" + }, + "identities": { + "type": "array", + "items": { + "$ref": "#/definitions/SearchResponseIdentity" + } + }, + "next_offset": { + "type": "string" + } + } + }, + "SearchResponseIdentity": { + "type": "object" + }, + "SecretDetails": { + "type": "object", + "properties": { + "details": { + "type": "object", + "properties": { + "clear_text_hint": { + "description": "First two characters of the cleartext password", + "type": "string" + }, + "clear_text_value": { + "description": "The password as clear text", + "type": "string" + }, + "properties": { + "description": "Properties exhibited by the password", + "type": "array", + "items": { + "enum": [ + "Letter", + "Number", + "Symbol", + "UpperCase", + "LowerCase", + "MixedCase", + "AtLeast8Characters", + "AtLeast10Characters", + "AtLeast12Characters", + "AtLeast16Characters", + "AtLeast24Characters", + "Cookies", + "UnexpiredCookies", + "AuthorizationTechnology", + "MalwareOnly" + ], + "type": "string" + } + }, + "rank": { + "description": "A ranking of how common this password is", + "enum": [ + "Top100kCommonPasswords", + "TopMillionCommonPasswords" + ], + "type": "string" + } + } + }, + "effectively_clear": { + "type": "boolean" + }, + "hashes": { + "description": "Known hashes for this secret", + "type": "array", + "items": { + "$ref": "#/definitions/PasswordHash" + } + }, + "type": { + "type": "string" + } + } + }, + "SinglePasswordLookupResult": { + "type": "object", + "properties": { + "exposure_status": { + "enum": [ + "NeverExposed", + "Uncommon", + "Common" + ], + "type": "string" + }, + "password": { + "$ref": "#/definitions/PasswordHash" + } + } + }, + "Technology": { + "type": "object", + "properties": { + "category": { + "type": "string" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + } + } + }, + "parameters": {}, + "responses": {}, + "securityDefinitions": { + "ApiKeyAuth": { + "type": "apiKey", + "in": "header", + "name": "X-RFToken" + } + }, + "security": [ + { + "ApiKeyAuth": [] + } + ], + "tags": [], + "x-ms-connector-metadata": [ + { + "propertyName": "Website", + "propertyValue": "https://www.recordedfuture.com" + }, + { + "propertyName": "Privacy Policy", + "propertyValue": "https://www.recordedfuture.com/privacy-policy/" + }, + { + "propertyName": "Categories", + "propertyValue": "AI;Data" + } + ] + } + } + } + ] +} \ No newline at end of file diff --git a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-add-EntraID-security-group-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json similarity index 99% rename from Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-add-EntraID-security-group-user/azuredeploy.json rename to Solutions/Recorded Future Identity/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json index 08d11febdf..09e2594c08 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-add-EntraID-security-group-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json @@ -2,7 +2,7 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { - "title": "RecordedFutureIdentity-add-EntraID-security-group-user", + "title": "RFI-add-EntraID-security-group-user", "description": "This playbook adds a compromised user to an EntraID security group. Triage and remediation should be handled in follow up playbooks or actions.", "lastUpdateTime": "2024-04-17T00:00:00.000Z", "entities": [], diff --git a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-confirm-EntraID-risky-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json similarity index 99% rename from Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-confirm-EntraID-risky-user/azuredeploy.json rename to Solutions/Recorded Future Identity/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json index 37ee216fab..92a16daae0 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-confirm-EntraID-risky-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json @@ -2,7 +2,7 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { - "title": "RecordedFutureIdentity-confirm-EntraID-risky-user", + "title": "RFI-confirm-EntraID-risky-user", "description": "This playbook confirms compromise of users deemed 'high risk' by EntraID.", "lastUpdateTime": "2024-04-16T00:00:00.000Z", "entities": [], diff --git a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-lookup-and-save-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-lookup-and-save-user/azuredeploy.json similarity index 78% rename from Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-lookup-and-save-user/azuredeploy.json rename to Solutions/Recorded Future Identity/Playbooks/RFI-lookup-and-save-user/azuredeploy.json index afe9ea1730..6784ca4167 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-lookup-and-save-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-lookup-and-save-user/azuredeploy.json @@ -1,14 +1,22 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "title": "RecordedFutureIdentity-lookup-and-save-user", + "contentVersion": "1.2.0.0", + "metadata": { + "title": "RFI-lookup-and-save-user", "description": "This playbook gets compromise identity details from Recorded Future Identity Intelligence and saves the data for further review and analysis.", - "lastUpdateTime": "2024-04-16T00:00:00.000Z", - "entities": [], - "tags": ["Identity protection"], + "prerequisites": [ + "The custom connector RFI-CustomConnector-0.1.0 have to be deployed under the same subscription.", + "To use the Recorded Future for Azure connector, you will need a valid API token from Recorded Future as described in the [documentation](https://learn.microsoft.com/en-us/connectors/recordedfuturev2/#how-to-get-credentials)" + ], + "postDeployment": [ + "After deployment, open the playbook to configure all connections and press save." + ], + "prerequisitesDeployTemplateFile": "../RFI-CustomConnector-0.1.0/azuredeploy.json", + "lastUpdateTime": "2024-05-17T01:00:00.000Z", + "entities": [], + "tags": [ "Identity protection" ], "support": { - "tier": "Partner" + "tier": "Partner" }, "author": { "name": "Recorded Future" @@ -19,34 +27,39 @@ "title": "Initial version", "notes": [ "Initial version" ] }, - { + { "version": "1.1", "title": "Updates", "notes": [ "Solution update. Change PlaybookName prefix to RFI." ] + }, + { + "version": "1.2", + "title": "Identity endpoint update", + "notes": [ "Updated lookup envpoint to new version. Structure of data in the lookup_results_log_analytics_custom_log_name " ] } ] }, "parameters": { - "PlaybookName": { + "PlaybookName": { "defaultValue": "RFI-lookup-and-save-user", "type": "string" + }, + "IdentityCustomConnectorName": { + "defaultValue": "RFI-CustomConnector-0.1.0", + "type": "string", + "metadata": { + "description": "Name of the logic app connector which performs Recorded Future Communication. Normaly this dont change from RFI-CustomConnector-0.1.0" + } } }, "variables": { - "LogAnalyticsDataCollectorConnectionName": "[concat('azureloganalyticsdatacollector-', parameters('PlaybookName'))]", - "RecordedFutureIdentityConnectionName": "[concat('recordedfutureidenti-', parameters('PlaybookName'))]" + "IdentityconnectorupdateConnectionName": "[concat('Identityconnectorupdate-', parameters('PlaybookName'))]", + "AzureloganalyticsdatacollectorConnectionName": "[concat('Azureloganalyticsdatacollector-', parameters('PlaybookName'))]" }, "resources": [ { - "type": "Microsoft.Logic/workflows", - "apiVersion": "2019-05-01", - "name": "[parameters('PlaybookName')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", - "[resourceId('Microsoft.Web/connections', variables('RecordedFutureIdentityConnectionName'))]" - ], "properties": { + "provisioningState": "Succeeded", "state": "Enabled", "definition": { "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", @@ -61,7 +74,7 @@ "type": "String" }, "lookup_lookback_days_default": { - "defaultValue": -365, + "defaultValue": -14, "type": "Int" } }, @@ -89,7 +102,7 @@ } }, "actions": { - "Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users": { + "Credential_Lookup_V2_-_Look_up_credential_data_for_one_or_more_users": { "runAfter": {}, "type": "ApiConnection", "inputs": { @@ -103,16 +116,16 @@ }, "host": { "connection": { - "name": "@parameters('$connections')['recordedfutureidenti']['connectionId']" + "name": "@parameters('$connections')['IdentityConnectorUpdate']['connectionId']" } }, "method": "post", - "path": "/credentials/lookup" + "path": "/v2/credentials/lookup" } }, "Response_-_Failed_to_get_Lookup_data": { "runAfter": { - "Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users": [ + "Credential_Lookup_V2_-_Look_up_credential_data_for_one_or_more_users": [ "Failed" ] }, @@ -122,7 +135,7 @@ "body": { "data": { "lookup_lookback_date": "@formatDateTime(addDays(utcNow(), if(equals(triggerBody()?['lookup_lookback_days'], null), parameters('lookup_lookback_days_default'), triggerBody()?['lookup_lookback_days'])), 'yyyy-MM-dd')", - "lookup_results": "@body('Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users')", + "lookup_results": "@body('Credential_Lookup_V2_-_Look_up_credential_data_for_one_or_more_users')", "lookup_results_log_analytics_custom_log_name": "@if(equals(triggerBody()?['lookup_results_log_analytics_custom_log_name'], null), parameters('lookup_results_log_analytics_custom_log_name_default'), triggerBody()?['lookup_results_log_analytics_custom_log_name'])", "parameters_passed": { "lookup_lookback_days": "@triggerBody()?['lookup_lookback_days']", @@ -144,7 +157,6 @@ "type": "string" }, "lookup_results": { - "properties": {}, "type": "object" }, "lookup_results_log_analytics_custom_log_name": { @@ -191,7 +203,7 @@ "body": { "data": { "lookup_lookback_date": "@formatDateTime(addDays(utcNow(), if(equals(triggerBody()?['lookup_lookback_days'], null), parameters('lookup_lookback_days_default'), triggerBody()?['lookup_lookback_days'])), 'yyyy-MM-dd')", - "lookup_results": "@body('Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users')", + "lookup_results": "@body('Credential_Lookup_V2_-_Look_up_credential_data_for_one_or_more_users')", "lookup_results_log_analytics_custom_log_name": "@if(equals(triggerBody()?['lookup_results_log_analytics_custom_log_name'], null), parameters('lookup_results_log_analytics_custom_log_name_default'), triggerBody()?['lookup_results_log_analytics_custom_log_name'])", "parameters_passed": { "lookup_lookback_days": "@triggerBody()?['lookup_lookback_days']", @@ -213,7 +225,6 @@ "type": "string" }, "lookup_results": { - "properties": {}, "type": "object" }, "lookup_results_log_analytics_custom_log_name": { @@ -260,7 +271,7 @@ "body": { "data": { "lookup_lookback_date": "@formatDateTime(addDays(utcNow(), if(equals(triggerBody()?['lookup_lookback_days'], null), parameters('lookup_lookback_days_default'), triggerBody()?['lookup_lookback_days'])), 'yyyy-MM-dd')", - "lookup_results": "@body('Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users')", + "lookup_results": "@body('Credential_Lookup_V2_-_Look_up_credential_data_for_one_or_more_users')", "lookup_results_log_analytics_custom_log_name": "@if(equals(triggerBody()?['lookup_results_log_analytics_custom_log_name'], null), parameters('lookup_results_log_analytics_custom_log_name_default'), triggerBody()?['lookup_results_log_analytics_custom_log_name'])", "parameters_passed": { "lookup_lookback_days": "@triggerBody()?['lookup_lookback_days']", @@ -281,7 +292,6 @@ "type": "string" }, "lookup_results": { - "properties": {}, "type": "object" }, "lookup_results_log_analytics_custom_log_name": { @@ -321,64 +331,82 @@ }, "type": "ApiConnection", "inputs": { - "body": "@{body('Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users')}", + "body": "@{body('Credential_Lookup_V2_-_Look_up_credential_data_for_one_or_more_users')}", "headers": { "Log-Type": "@{if(equals(triggerBody()?['lookup_results_log_analytics_custom_log_name'], null), parameters('lookup_results_log_analytics_custom_log_name_default'), triggerBody()?['lookup_results_log_analytics_custom_log_name'])}", "time-generated-field": "@{utcNow()}" }, "host": { "connection": { - "name": "@parameters('$connections')['azureloganalyticsdatacollector']['connectionId']" + "name": "@parameters('$connections')['azureloganalyticsdatacollector_1']['connectionId']" } }, "method": "post", "path": "/api/logs" } } - }, - "outputs": {} + } }, "parameters": { "$connections": { "value": { - "azureloganalyticsdatacollector": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", - "connectionName": "[variables('LogAnalyticsDataCollectorConnectionName')]", - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azureloganalyticsdatacollector')]" + "IdentityConnectorUpdate": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('IdentityconnectorupdateConnectionName'))]", + "connectionName": "[variables('IdentityconnectorupdateConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('IdentityCustomConnectorName'))]" }, - "recordedfutureidenti": { - "connectionId": "[resourceId('Microsoft.Web/connections', variables('RecordedFutureIdentityConnectionName'))]", - "connectionName": "[variables('RecordedFutureIdentityConnectionName')]", - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/recordedfutureidenti')]" + "azureloganalyticsdatacollector_1": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureloganalyticsdatacollectorConnectionName'))]", + "connectionName": "[variables('AzureloganalyticsdatacollectorConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Azureloganalyticsdatacollector')]" } } } } + }, + "name": "[parameters('PlaybookName')]", + "type": "Microsoft.Logic/workflows", + "location": "[resourceGroup().location]", + "tags": { + "hidden-SentinelTemplateName": "RFI-lookup-and-save-user", + "hidden-SentinelTemplateVersion": "1.2" + }, + "identity": { + "type": "SystemAssigned" + }, + "apiVersion": "2017-07-01", + "dependsOn": [ + "[resourceId('Microsoft.Web/connections', variables('IdentityconnectorupdateConnectionName'))]", + "[resourceId('Microsoft.Web/connections', variables('AzureloganalyticsdatacollectorConnectionName'))]" + ] + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('IdentityconnectorupdateConnectionName')]", + "location": "[resourceGroup().location]", + "kind": "V1", + "properties": { + "displayName": "[variables('IdentityconnectorupdateConnectionName')]", + "customParameterValues": {}, + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('IdentityCustomConnectorName'))]" + } } }, { - "type": "Microsoft.Web/connections", - "apiVersion": "2018-07-01-preview", - "name": "[variables('LogAnalyticsDataCollectorConnectionName')]", - "location": "[resourceGroup().location]", - "properties": { - "api": { - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azureloganalyticsdatacollector')]" - }, - "displayName": "[variables('LogAnalyticsDataCollectorConnectionName')]" - } - }, - { - "type": "Microsoft.Web/connections", - "apiVersion": "2018-07-01-preview", - "name": "[variables('RecordedFutureIdentityConnectionName')]", - "location": "[resourceGroup().location]", - "properties": { - "api": { - "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/recordedfutureidenti')]" - }, - "displayName": "[variables('RecordedFutureIdentityConnectionName')]" - } - } + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('AzureloganalyticsdatacollectorConnectionName')]", + "location": "[resourceGroup().location]", + "kind": "V1", + "properties": { + "displayName": "[variables('AzureloganalyticsdatacollectorConnectionName')]", + "customParameterValues": {}, + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Azureloganalyticsdatacollector')]" + } + } + } ] } \ No newline at end of file diff --git a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-external-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json similarity index 97% rename from Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-external-user/azuredeploy.json rename to Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json index 9d0a18c27e..0da3539d1f 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-external-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json @@ -2,8 +2,8 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { - "title": "RecordedFutureIdentity-search-external-user", - "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-EntraID-security-group-user\n- RecordedFutureIdentity-confirm-EntraID-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", + "title": "RFI-search-external-user", + "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users.\n\nThis playbook depends on:\n- RFI-add-EntraID-security-group-user\n- RFI-confirm-EntraID-risky-user\n- RFI-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", "lastUpdateTime": "2024-04-16T00:00:00.000Z", "entities": [], "tags": ["Identity protection"], @@ -215,7 +215,7 @@ "inputs": {}, "description": "This block is needed only to create 3 branches in this For each loop." }, - "RecordedFutureIdentity-add-EntraID-security-group-user": { + "RFI-add-EntraID-security-group-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -239,7 +239,7 @@ } } }, - "RecordedFutureIdentity-confirm-EntraID-risky-user": { + "RFI-confirm-EntraID-risky-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -262,7 +262,7 @@ } } }, - "RecordedFutureIdentity-lookup-and-save-user": { + "RFI-lookup-and-save-user": { "runAfter": { "Current_time": [ "Succeeded" diff --git a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-workforce-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json similarity index 98% rename from Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-workforce-user/azuredeploy.json rename to Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json index 6f43420339..436e00dd7e 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RecordedFutureIdentity-search-workforce-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json @@ -2,8 +2,8 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { - "title": "RecordedFutureIdentity-search-workforce-user", - "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised workforce users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-EntraID-security-group-user\n- RecordedFutureIdentity-confirm-EntraID-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", + "title": "RFI-search-workforce-user", + "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised workforce users.\n\nThis playbook depends on:\n- RFI-add-EntraID-security-group-user\n- RFI-confirm-EntraID-risky-user\n- RFI-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", "lastUpdateTime": "2024-04-16T00:00:00.000Z", "entities": [], "tags": ["Identity protection"], @@ -309,7 +309,7 @@ "inputs": {}, "description": "This block is needed only to create 3 branches in this For each loop." }, - "RecordedFutureIdentity-add-EntraID-security-group-user": { + "RFI-add-EntraID-security-group-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -333,7 +333,7 @@ } } }, - "RecordedFutureIdentity-lookup-and-save-user": { + "RFI-lookup-and-save-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -357,7 +357,7 @@ } } }, - "RecordedFutureIdentity-confirm-EntraID-risky-user": { + "RFI-confirm-EntraID-risky-user": { "runAfter": { "Current_time": [ "Succeeded" diff --git a/Solutions/Recorded Future Identity/Playbooks/readme.md b/Solutions/Recorded Future Identity/Playbooks/readme.md index c4946fd51e..5be63c9850 100644 --- a/Solutions/Recorded Future Identity/Playbooks/readme.md +++ b/Solutions/Recorded Future Identity/Playbooks/readme.md @@ -329,8 +329,8 @@ Another way to cover this case - you can add a corresponding check to RFI-lookup ##### RFI-add-EntraID-security-group-user -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-add-EntraID-security-group-user%2Fazuredeploy.json) -[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-add-EntraID-security-group-user%2Fazuredeploy.json) +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRFI-add-EntraID-security-group-user%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRFI-add-EntraID-security-group-user%2Fazuredeploy.json) Parameters for deployment: @@ -348,8 +348,8 @@ Parameters for deployment: ##### RFI-confirm-EntraID-risky-user -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-confirm-EntraID-risky-user%2Fazuredeploy.json) -[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-confirm-EntraID-risky-user%2Fazuredeploy.json) +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRFI-confirm-EntraID-risky-user%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRFI-confirm-EntraID-risky-user%2Fazuredeploy.json) Parameters for deployment: @@ -367,8 +367,8 @@ Parameters for deployment: ##### RFI-lookup-and-save-user -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-lookup-and-save-user%2Fazuredeploy.json) -[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-lookup-and-save-user%2Fazuredeploy.json) +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRFI-lookup-and-save-user%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRFI-lookup-and-save-user%2Fazuredeploy.json) Parameters for deployment: @@ -386,8 +386,8 @@ Parameters for deployment: ##### RFI-search-workforce-user -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-workforce-user%2Fazuredeploy.json) -[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-workforce-user%2Fazuredeploy.json) +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRFI-search-workforce-user%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRFI-search-workforce-user%2Fazuredeploy.json) Parameters for deployment: @@ -408,8 +408,8 @@ Parameters for deployment: ##### RFI-search-external-user -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-external-user%2Fazuredeploy.json) -[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRecordedFutureIdentity-search-external-user%2Fazuredeploy.json) +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRFI-search-external-user%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRFI-search-external-user%2Fazuredeploy.json) Parameters for deployment: From 74544fd79be0ea935b47db1865721ae50151e09a Mon Sep 17 00:00:00 2001 From: RecordedFutureOskbo Date: Tue, 11 Jun 2024 12:05:03 +0200 Subject: [PATCH 05/33] repackage --- .../Package/3.0.0.zip | Bin 14059 -> 23908 bytes .../Package/createUiDefinition.json | 2 +- .../Package/mainTemplate.json | 2105 ++++++++++++++++- 3 files changed, 2026 insertions(+), 81 deletions(-) diff --git a/Solutions/Recorded Future Identity/Package/3.0.0.zip b/Solutions/Recorded Future Identity/Package/3.0.0.zip index 3778d4eed817452771619ac36d7e45d3fcbeb050..d66e13b0d662975a39a7eb894ce06404d37f5ef6 100644 GIT binary patch literal 23908 zcmV)cK&Zb^O9KQH000080C`@^SP1~1@t6nz0B{!o02crN0Aq4xVRU6xX+&jaX>MtB zX>V>WYIARHwOH+L9D3?}? z%1Q%^jx)r$@sZU3gEx4n3YpE2EI2v4)`_;WTN!B+%lMnhanSZLnU83#Vwb|eU%x1S z#@AG;Bz4{QFXzR)I6nTDcJl1_m~JvDtRy3s(vZ{SQb|jlWqPfOgcfqCjU-iAC$fy6 z@O!JXiUT?$*7d*t{FiQhCI>I+{#Mqy*_3@4xAE4oJ{_PlQnpdPX_Rdv{nP159V|Xv z#eBwXW{o9pD9qytyG88RT`J*zE;fjS?pK9g7o@DM`u>O&plN5evETY{y>u-+p;8(r z07cFKCrMdqeVbCbpTm4Vbs>9o-^M|86k9je>vd?Fm&>}GoT3S}QPLHV0ZoZ4B1y6k zi%eRwGO7%}MJv$N9XTm-%TC0=a^y(0r=hGgI#*WODJpDep$~v8+ z1wy)mhC0wG?f6Whf)u*T`hrJ53oQ9epu@9`ZKOsY(nY(u%m zWI-M{7u)0@2}XLoXl@^c6Dugqa~Uf(D(ZmNKrxB3%v98PXR8QLEO|K7Im8|%T`JTR zR_gk6LyB6o0~9qzg~w^Jp|#jp(tB|OYMFX3_iAwv9e?+QDKoKIXuYyX$q=&M+K(tU zGXGPhq7^4?TP) zk%sfC;KEE1Bw^ykIKZLXY=Akh_}LEN7%hO`NC@8gcZr3F)jeU4#KS3 z*m-dpQU>?9ajOzy$~ym<-};(Z@z~C_zIGO%SUADi5QK3{OO?ra@#m2IRxmjqOEFu? zD7$*9?BnzE%Sr3ZUqTWw;!mJ)&luY&2;$qGPK>Tf9vj~v#JnCS2pPck-Daiqe&1i} zsN%iqpZi1&%Ke+p-kTNx6F=Zkz#b-2fn;!Z`r5>@lm*U33gujT*l%=I3nBVuRPt5{ zI-J)ATWbN*7rX*i#noldrYZ1g3VafuIoedMJI+eh#=0FQ(FW+Pp!1b_ zaDYe6e#DfxsVNbm5Eyj~I_3@-nilMf1sJ~U1F8v|($>S>kj8@a=;IdD)>$;~G2L_9 zobyh=)ab2T>`POGc}Lk8kFr3xGfxcb|3NdLX9&d3IEl6tNFo@ON{UIVUqw8Ie}Qt& zOBC>#-bau@6(J%|9he_o_&L&ab#3Mxa&)1K!nd|%_Vi*($H!d<@RKk6mcM2n>W&o) zUAY63e~*B8?^+fzp?}l9maZkAKipB6SVxnZ-ZpI1R*OCz?GaVHgaW^JZ;XD#YV}0; zzAr(2n*Ci{ar?UC^|Q`$-|ABbMRrx7l&R}g*Urk;`b>b@yW0vZ=NWAS6}}432>UwD zIz}++3qEYWeC($z)AfSiOBXH+f)~W@3%-}A7%j$p|DVc_`&P-6){+v5R&q7-;qeU= z*2IaMgt}A=yz9HfcNt|B=wEvWdBXL!px^R*-18r!R5=%mQBM9K$-iG`hURrD-6YiG|Eq{4g586(X7H3^B6M z8($yLqbE%7pdg0Dm@jo}m1UH1-E{$O-<|Fu!u~=?SkMGe7kjvIWc-83P;y_uT$JM) zkmI^N#z(^jIGTiyEIy@1ZbC1=WFErBWExO^09jA9Z-I4{k}j-3b;mJa?&! z{!ku7zsN)^@09Zic)~;AjF;rzTHW0qdua$97~$Spd$JAhApJEq&T8+7_OoRV(X~3Z z(e_nGHGN+-#JtDreOIX*_i)!-rTl#u)N8eKgZ5i)?*|0FcVP?qA4+g#zGW)@z1M>t zJ$#c22m7!$!gg!%ISIw@F{|G?q29)U7kwyi8Q!jHFNf<*|94c-IlDt_Yf9S^znR0& z9tL?2Ff~eSwZNsk%|LIP(7$?n7v|AB6~DYe?I73%`_8BRUH^B}U5`FKSAp%9ho_n! z6t=8}19iJ%f*#Qt-Q%Wa-S}6|Rltj<;jf*oQ_MR+w>{y9V{5*1mj~rw2>U_W#xNM7 zeF{0cZ@-KOBHMMxG6$@++uP?9|M2&JP)h>@6aWAK2mpCr%UI{TabM0;006_F0{{^K z003=aX>L?yZE$R1bY(7Tb8l|#z4>z6$g(&1|3rN6fZ)9ovadyP)zPcm6m0Eiuhg^OhP*nK3j_R7r4%FO!Z-~a3XVwl2z zYTW@pVhevTg@LXs+8?D7`DA0nN^GAW@shs5{u-$roiEa~vwJ+EqlETMiX8)fuAvmC3V5&VrlfREU* zK9E&Z^oH-sD#vro(O8EeFjp!+5_pwqLYsY+)uBa=DKgqvQDjyBsv5<6xHK9t=>!jB zgodc0R$H<-MpYTz7%PypALF${sK=T!(GhXWJ1NgQw`{!(AS#gZ({ZM&L9;;pcn<|f$PoFo;UVhr! z@~oZFmey4T#TZlJLe`nF#&hdTXRI?4&!b7|GNZ7X#<1$BsOv*m3QcGJ=gjD&*c!-V zkt;&g;vQc-W>u~$L$&|eV3-G<5hP9LSq` zkC9-Ym>bUIKGTp`ajFYl4fc`;jyM;(s;tR9ooOM~ka!Voug2?R#WNKf)4Z~(z;;C5 z&NCoH1QCxonswV&;U890pVsh)Yp{q`F>`w^U=Du5!(wPp4V!SP%|sKFFbgy}^qq5z zm96sTR&8giUftZ;+AzOslP}wX(OFwFmdfhP+dXOBKDpU9_8HzBHH$3A6%Qp{Wt#^@ zjqi?C=%d(2GNK6FNQ5RuF>4HzZQ2J%QN=!Lkg(H^EDw!Et{6vv=lgwfP&Bzp>`C}H zVIQ-%gx?U&iY9+Ixld~r(Qg1t2;CCm&7LSvw6%36q642E%plONVf7HIj3yaYpT5JCtdw{!ClVjA^S>Oj}(+rbQ#C;-Tuw@=!IJhupJ7v?jvW za3Zi0SJc>7-oZV--#PdusJ5G9{K|#!N{#SJHJDdwbYt|d7s@3ye=ezI#w9f>E~%{` zm(*yvq_(nLQj6vi_bd^WX*{cT2SvQaGVH&DP5i%f@JV2OH>3C#v{R%>Cx;_NpI&yJ z;g*EkK}Lg5Yk&V^FWV7WX{Z^53$?oZr?n2uo%|<+|LT!vRh@G3{uM(RuxFX3razZ#X2vC(R9v#Tf?Tpm%O#sD%O#u9T;iT3qO$$5rpqH}MS^2NR*U5gM4bi+ z`hV%*lfe3JM)55ecuX}^m7Us7sUJT>m})DMskSI*qddk`-=QgMsle5`^ zEz3E~=Leay*QS3SYD}`IOe-m>{0fFvRVx|GWfHn(Gl8>;V6*R5%heijToo0Se--$N ztthg72XUCka%W>SrxU2~!mUT1E92*EX0SUjFkP@4{{6fU6sBIrJb9Rjpbut#yH~QY zjKgY=`vC8NWNw+W`vo{Xt&Y6T&mW-%LK|U_CG_z(T3?!LV)#2;U;8+WV%XGet+;$k z&hHI(kMWCh@IHPY>pNozhBUP~ZGKqpH*=IO`nAv6uHf0%+-S2{b+%a2#vP0D&>3d` z9bByTUz;2pfHV0rW0MEIQ!+UjwPD*&FRK>?Nd)H)K1~T}aScV#N|?4-yK~1He%m{K zTNm~({b~me!Qt5qaxSAwwe&N*T}ws=2$hh!F8@JN2ZHa4qhUD&kq<%o96shBFY|a0 zBiHT2hgIB14H6fdATE50TFdw&n7BPl={{$E&=H?sI|0Xz^}Tah|+4d*6n2p2@BbC=AD`8c9L7kYo&1xY z`Pe9qFElu=ZCglPZa2tY9|Y|+7{qZ|t(J#`;@X1b8Jqt>Wox%J6ch!Hh2TOz1D8Koc$j+&dfV(=ODk+TGB=HsA78)9 zD0FKBGhE>-s`F{>8?U$T(0Ucy`vbl^Yzw_M#MBwA@g``x=C^ojpZ}j9YXZ0CJ&9=+ z0R}UWK@vxecy{nmNIX*m`f68z>}S{7=O1gPqWtrRP4#Vt&m)wVLnk>q0~9pfu%Zf! zBRC7CS2(dtm|L{c*S~o%+;IHeO>eBL_t5sCU5J*iYd=5#QyTH34pKV) zQ{{VwxMCw<jqBe(nQ=;Lat&sf$b%Y}Y5}WyM&L7Rbd1mR zqBRZwg1`9EZX8gmkrtUlulL3xhiw@pp*u*^XYAo!U=xyIy88OJVY|>2QSi!Cw|cnt z6D%2Df#%EPhjk`W3X_FGqBooy!dJy*+5}n4{J;iGV|N&HcbG2>*ft!;jYNv(dTK$A?zOBa{6Y#G4TUaEcJrdl6R5});AFkd?M zb1+~u%cZ^J1@R7W4elWm#t1*pk`UP&_>nZjd=pA)*j5qB36Y{yj#L}Sm|nof;$!9X zE&P>QG)B`4Y7U)-5u^~p&Z#fsA7KsWyL|IekeflblwcJr!9fyjHJr5?ElugPb-N!c z9s8!xgkspT5^ZqIy|dYHjzBc?96I<|uYKuY(H14FOK4gTgwPZXh)*`8Wm=ld*(}KL zO=XMnz9IB2HoJYoElJa0iD*P^u1)e;-x3*Boy&{ZEiY)Hyyu`#X^H& zbzF6W!3)PkQ_C!zVI$&>jXa)X9R7Z&s}| zx0~cnyYO2K(TDO&jC)=3OU!CsVwQV*xS3rKfa@9HdIobnBS@ahLax`_*D%-XbG<$( z=g$~1*X!d*#axB#4a~7Eq52>?tmaR*AUEL87CJZJ`^fU#fS)V+K0+xs;IF6w|2MItSIgzNmjJ(yeLnOX1H~&> z$~Uf7_-aTnK6w)naZj*6mq2Tq@$2ZYjp+J7Bt$nF-X;ljS#e;5c~PAEBQFUSbhaP# z2z?-cCMXq60CWqOz@!VmSKsjMjx*fU3jiEs)l{i5|fGzR3a1NVIjfrGo|3{NUwTftgjvO+94YQCg5WI`X zYUaZpA9Nf8T)X5%%8ElEFjS1kg@+&1gRjIi0UEq@eIda8+c1MQ%_;j9GLVd7Lj)Ps ziGT@Y19J!_u2%rOghZJ+!MAgtHFBmgpyV?v`^(?4#^{$CCSbh2`6LWiCH**!%oVW* z+9LIsTb><74KO-8hN~uU0mcQrVpU!8gLA^AK-dl)@F%334R1FkztxBmYW829KraFL zNQ|NDVp5nY_uHY{fuJ!a?;zt1*kBl#4v31803H&{hQmsX(T&S`v%%Z~Y4mw00d^mL z#B+j?*9B+BVLCiBfUi(MDL8<8vM9j+z{vVB`F|AGHLd8!$DiO1etFd3AA3F^k9VP_#X;0}1UMeuF&7f{}}&A-EilntlS ze;18+7$!uUZ((qv2fwQDwBRk|F`IiCHF6r2@M(};(h>~c$}%;^O`!N-Rsw>uV?4or z@jc-UQ6fjw; z;y$^Z&bk*+*Brz?w{52PESM(~7XCnZqErwrXxdGV0@2FE1WCWjG^oR&U{)&(NxTI4 zK@Upo79fVDG1Hw>I{FGx8 ze=tmi9Gf_7!EdlA3lqcqXYY`N}ly2&-xMXfO3#euB=iCn%H-&JY7X>n*3d0 zwibZ38`GejK2no5CN#&;buV3RJSXdr8_$0ez+FRDnCL7vqdAcn4%>MSr5jgL?23l&e63$61p}$j$}Bnw$Y9~s+o~{M$$7d*&}m=$Y){=7n!?9I!*&9t=4jaI(6B{V;jvO= zC9bHkul(b*9ygeCdYwnCR`|@ZsmIPuy*kCT85Gzi} z(=ZM;pXrj!6+KY#nBZx~QCwp{j+^^pO^4*u2tx%As1h3^yn(m}78LkNoa#bXLtE07 zMG-d|HiGb)^8_nr!VS*MTFJD@e?wU*a23ZVPzRkGsAQ0Bx{LQ8TbW%m31K4Ni8<_t z^Mo;vUKScdJVR-TXPl<^aB9f$%`F$vC{$Cjk}YaMJ3+#cGQ>BJwtgY1K?fhm@fP@Y zu^gCzNBUZm%wmTUnt*>HI9&vk|0o!@Fs=gNN8e}Yu&}EJTg5W`tzf0JC(4uAF#J@5 z5ETIq1h+a9E5j>wj#t}hdKu=K4-Azh%7pcV7TC0H@oAe#I{YCHi8BuU(BXI#1LL?Q zr>zA|fRP!`aOXEh-}`4FNTB8{TVa6?QL{w<*I^-kkYlG>lGzk1_2?lsrNCYAbu0$t zvLna{VI-16mNV459V?nfKv@()sZJTk6Nk6v5bcxWsV@RgUFESzgJ@tP&D!@>2vbHs zx8axW>}#a;V2A=);@j|lBUvR8%yi;?@sPf3#C!hii6 z-MCo&z%XlnVma;rc=6L%?_S80PoOCZy-x&N?UNe`#*c~Dey%gpSQI}y)$TCqj?_`Q zravRabqarq=jTNZf`x*y!D#}!$M`s=0-Sb_&mFA#u@I!KOOkm#B7Tn*#*==nmS%jc zl?eG1=8F8)=XFz_M8&sLKSs(%QiVTN%3rSguZvgY7$WjrOUObz4ag2xmH{!w?mtok zD}0SyZK|ficOlkYD`a;lhcYi%w*W2Mdz|?b69u4K?A=SZP|Jgu%NTtP4iAQK6@$1Z z2R2(lV6%V&VP3E4X%Ndi!g`tTX<6T$=eTYQMtVzX-AHKVi2c-V9y{k4cm6^!3nq*z zl0&Y2u;+I3fn1wiSy3#4smxQHA!)&>QFmP1C2T;X$uNd~!xT7?7uMELP?WjlIWq?z zVy`nJxR1e!wMxhu`HeNdvF10{{KmSF8!Hm#=9Sfub1CYb<$H0UOo>K>P+k2EZVc$uEic|2bzeEmDiXwrWQ zStJyKEiK*}lm7bmM~o*8T_?2V5XfBY^AdW(%5%k@z>5S(|8Fy@IqYS{Dn40YLtikr zD=YkVfmMVOj9i-=2CCol-RK9dl+RlWug1g6U=bPcoMaJLy;Rr?X_0ybao^T1u71HJry;OMov zgQI%^6XPSb))oMc9@s|?j-G>~FAN;rA1V#$jJ(thc|}-&%NYm^A;btAY+y0D2wzAV zilVu0=^@5kI};=OWpK$E7ou`8?rA@lgCS3I>j_7X2lKoGIo`Z~FdPg)5H$mD)CE>* zs%1RrpQQkw#$s(6qZ0&TV14Sb^e3%4=~m%!!S z3xVc`Rgc+N)|sh1W+s9tG7?Id%EFaI6gZ}F)r4^jdC7lCSp?RPhS7n~1PS-{gOj^s zgdm8|`=6goeieCEl{RKLjfhda#IZj; zTLMopA%&_>jdg7Oq> z7AxDg<;oxBGW>n=5SL+M@Q&Z2XT?f%6Ey_THhEU#FQB|{n}3HN^1hJ7cJ_8>8SpDC z1$9m)4#_6Y#8-HL^1rYF21+5!o%F{de3 zBX-Ip9ykCM8G@*c5hs{4SuM^C%;Ke2(jd%F0?}!VYJ+L%>bQ%=hTJ29){q!+d}s{S za=F;R{;Taf`>KMz-5r9R)J#!eZe+oyOaPvFTQlky-@6k87`3gNpkGy=o1R(EN1Zoo z5ksB5j-frYFg|NmX&q`ArFDo>0FozksHI5g;HewqcJr|kI@I%o4i;ObPw1e5-qRfv zu{S~nTk!9b(ZNYabIR!8yS%AWI#`w-G?pUEaaIl*%`guY`^a@mdZQg{R6E&@+E>gj zHBp9hd?DF=Xh%t(jx2Jl4jq9$$AmpH4aKnS)8u#vcd#c*HgPV4<}9l)9xbx#5h;se zTVi+Sk4YZZrSncl?&|Z*W3k-4$%&IS%r%L{a@WL0Z`r4;uzg=&)m89gfvA@JYCAMV&AqcCvfn)EZgT}z7$aHNFPodp%VgXA4aLP|UiPf)Ekqa2>`B3-ib zXwD^8g7PGsL$pNT(U)ysG$)^bL`DMlU!Lk^rBc1fDxB)VFU(qPPDYop(B9n2D*wj9 ztqR}1=9Z|1+=S@CEwfJ05;QLR6N2$bNdX5!n;_?mXNNpDd)c71XFng{AHZ31*Z24$o6Ya7GpKWp}AmOnJ;XB=M%2%n1LBSsKE<-u|aO;4bhDV@- zg-!+UEtIV!2>$2Mvk~Oaxmm^0%>Y!a!7U z3vO~SKJ>JZ1F~zgstOB}!E?pyF%K-{91D7r7dW2au$2X2-L!aMUc$0z-!7W>rlBNH zB*)W4G-dR=ug})=BFfC95qmM$(33yhO2{*{xbI)R#AO`e`21WpVfl{b;}Vrkd&`iZ zd>3&p#AGAg7P$`;%^#wk@)AvARWquQ(X}nh%#^vb-N~3wmIDZfJ#`_tNTRR zo?DGxk6a9dt5{(9$BA94146R(WXGCN|Rx zEi6mjhK8`TMA1qgE(I~W2%Q4Fi;{+T40z6QAV(g*E~$xHyOkTLR`mHrEkPaRZ6B-J zYlB%jzNSR?e%vZK%jX0Eup{8AG_(^TOrwxcLYOaszCo!x8BvSEF9aikcegF~98`l= zV0Cr$BZDQAiwOP=;zGzYXAFY5qm3e5BIi#hE^K%Iu@rI(2up8A%lV*{hYgzKCo`3D z*4%T55q2)ZY6%AznmBEX*l0**KraXUxI5LhW1&rx=50Al9dnwic~M#nX9vwaF;{!8 zVHt9?-(YiYPPNsTli?G%3auh1`ybC9QQiJTB;x0H&$XGKwzNuR25j2w1)sTshNc#I zq*8U{kO@`~#(5sPfOJ}a+QU880q;2ELsg^bPD79Uhyy(mGxDGLp&Y_6&|@q*V*uPn zq76SGPdlBjW9T-B7%X%;qmxy|&V~t9UU!RGZ)&Kxi<37oyui;4ATXP~D660|g8#3= z1wZ+#z!aGg4cWYU0Ci;_~ zfA8e{`*3y|RL^yhEy6+6HemrE_=-aK2i^R9EQT3e^7e7`j^0Li$J7?m!WD8hpF$pv6n#npha>Pm1CUEPqTC%a@B;$Z;5kN?KwU)G60qbt&(xR> z+^@R>9;Gt@_JM-1u?*S{^f*48hr;}XG>;CWR-caH{B|``vQu$YR+|5V@pdCClR8b* zLPW@>(-j?1j^rz^d9ii$a)$m2(eG>^*~xCR#D zJgX?8Kwi(3(A($KW1)y(ut$`dFDFN=G=>1l=%qJbBT=fuO9!%cy`gd=S;u;F9g1z8 ziLoh#$fbRG?WmZ`*_3iNAZFhw_52D^$+?*C9ejJG%My`G-H<=I)Sau;^^;sHEo$R| zNI0tJ0{0y#wz+y4v@*GRnMTkB%Z;UqyZIT!GK|$*4NF<*iXaQbz5(26LMBAytT7&x zMMv|hyu#~(Y2~UU+0B?%z69|r*=JV|4~Z}{yth;4TVJQjvlm_p+55Q5acBrV;s~7X zFN{jp3(0MHRp!VtExA zAVv=ecq*QVA2^cp!^-hP>t-pPb_GJA-=Dy#(O zlJ}~D4kd!VfwVM;>Eb0Mff%swV1*4O2_k9?`VEL~L?Hk9z{?MWfB_jZ78%Fp#UvO} zsktwyy;lShay@MUWy0bdv&o= zUJzR#i*0CeR4ODLpjFOv!Q+r59A|QK6roL-Rm_FGIRbxszldo8n5U~z);EdQAte|K zCOe`PN7NVI-_WqHh}Mv!1>}5xIXFa_d0672pUqWVu4aV#0z@S}bgoNG;-}~T#{X@@ z&5+oU|7}2q<#Kbj?z!B|KuGkZJkvxU?+tf)y^@~;2xP!9{ zt*-tJ27nSe*)u~Z%rFEaW5E;hOga}j@fK(90w<2rnG2iWR@h{qS!CxxUF`_XeK2>* z8kI9A7NldU9g8iJv)!%Lywj)MDL({;fL-$Y*ylsPK~rRcqRayojcHp5SFfVOh%I4A z9$PLxk($q7W;r>NbQ9i7-KGgCs^_AaF3kBHU@gE6j_QH^(F)za^OE zRP~#eYe4Sd&}2PzQ7BE;)16{@yI8IiafAs!3C(_*(P@-fUew5}oG{x!4a8&wTlbFi z&i9uzf9fM z3Tw7g9WHJx(!42%rCLRlLPsoyz7dd!98`hXP+JCkj5W@+byHih9tDH)C9<0S3D#QB zKiQU8F-kPKI&KzpuFuKn1%?XyW1QzfJ^1IVMsSI~b=ziT1I#F-4HFd2oU(7B*V%UX z4bj-Gz&?mN637+i5L&W04)$+Zdu&oSL&%#k={umBBfq?TjWnY>e>Ew9?btCG9Ru(C zfn&UaJBPrlOcS=FPZ%U1{$Q3h$1zxv4}*T3+E`I!RgXQ;7OBVF^6V&TfJPr*of>s; zGHdXIQ*Jtf+!l3izo`8-GcENzT4F9--=Lj4b`}msDgZ(ErS0!Egv>2|r{QGy>)p{Ghxw1_E)2 z;$S;GM6zl+3+gGy{MUaGR5Nk$Y6}1OI*UR5LDI9xH3XT6q(O&V%>ne*F!W0Fh@k{sPMTw)uCsJgsb$ePyOa za7IWNW7hF2ECqE=Cgp0uTgYQ9_R5sVX;i|eL3T+?F#HDGfH?;UU6W&22(g|;4dQU> zG426M8gd;`8$=y;2h4qKgV`UTa74yD=8y`6o;&n}H&hNtd4p z4#E0x8gj~+Wo&AX?@?uZ?>cAA+LkWpSJg)|HtR*6jrKZ*&d~zlHDYb!t!X} z%o@H*E|ehK9RdX+hg>4ey(g^YvfeuQ%C@<)LnZLO;8rJW<5YwnX<^C|qNh8f+VkKs=?h)s0_bKSr;b*zw)@3a!!@OKHplwhkwd5X%J zoopZ&)&Fpw1SVtNQ*nlqj3S+Zmi#beh4&)M@jZ4d>h~t7f6(gsT<}c(({%Kd$90If z&(T6GG*jxKMzxdesA+LbeTV8>Iot8Y1OM|KWk?fo$LdfKoHT2Hm+B^2N`tP`%M$L} zECxWI1^J8$;l@Otu5Es`*qzZBt(;x@d2(WRYq!O}UzfFeRt^_~$3E!xKZLAF?LGN% z!&addwhFa~Rj9u=XJ*(+)WcT7&xThB9FN`Py7t2jKWh{Qj$D&|hPP|!kO4|pNZpyD z=XI)&LbW~1nd;KgoWt?}Ke~jt*`Ln^md0T2f~TbMoq%Sw37S=?&m>p|&eJ&(pq5+T zFC*}2k-;@{j_GiB_%ngK0gP){%`Y6{2kE{KIgv^vAfr+6^Mtq;gJ1}1+m&IfScbn9 ziyLOc@VhdETphru=Dy~{iW{Vk9JH}CNdyx&8dX-|R2P0>)|vq&2lwVyR{1v;E>$5$ zcgGl8ei~}z82ujP#u;R>QjZ=Qn7ZSRi#|j@){^?OWBUxFKF-3cE&LrM9@_h7b6ftH zDF#wc^bWZZ&TywUMxXPaU2@{8ZEenlx`JWM=~vi(ly*c`8v3cJnJpz%wx4AW-tS}o z8JP)i!lX2iFu`XIr+k&F7!>TO{L9#YdoCQX0X}7;umH!73Zdg+aL*wjq&$i`M;?ot zRUDnUo3_EF-_gh{aM_@orGBFk7x!Vg&ox@So)uDB3fxRvMpTk7H`XHJ)VR2Xkk?{y zA7^EPIsErh9%qNYS~MUmtoJ%t2>{#wC(~GsVgZ;gxTT}sCQ@Q6Gp^T>K5A=3LewzS zbR^mYkuI4ac2w!m=R^`^7MQBt*O!Ab6PaRA6h;Dyz}YO9-`87mU#rsUKI)wDvQ{G7 znwbQNnI0ounsLgPbZL{Unu)x9(}ojFG2?V)19M755@m{v-t@UP)4=iv=kHFj)%X;{ zcta`JBY`H63SBBRVaRGEbxF##>3Nc=$6w7ide!T8~ok~(UB%we5%}0;R2PPWyp@+Z1BuSYlD$+uV!2y-NqP3 zTslqEs$xGd6C9WB*0S8p$n4ZqdmdRJiv-xsUepyK9Ee@enE?cHFtFJW!plpEL8O;* z_^mDoLyEJHKDTxf-PA|h%0Mf1C5flgE)QpdEu4nUCniQOI9Qxg33b>(%@DT3k)ltD z$0yp71Q4+@=tTnwdWsIkPTKj;#`w;0YKXzLCJcakWCeHVtX>}!1c;|VEe*<30^AgkT zYM$6Hn%wimep!ap<_S^rgs2}NA!?pm>s==F%X4eJpT`$@B0qDv@=Q&UVkFPhCw}#r{ z)mNd*A4;4e3zAN?9OmAGT<}xK`xD|{D++<>a~HNsjjLwlk|a!{B%6}8$rWuVZUo*O zd(b@}x);A4*@nZe7h2jclSx1Yf-mP9qVXZ^5NB=B43U(MF+?(__C3xpO>kQXCA(*$kZli=ItRL^00B1&kmVgdEcydfzhMB$;eUEDlc)yDHb>~jeLKnir(d( zoq$*91dNdhy~`?WM*yQRS-)U7FZ^64$S{iFxVU{;#JS%K|8a!>1mw=4R1GYhfXA75 zG=}YhvJZwPncmj4!Q4X8uGQ3l)flKF098Rv19=TwqR2f9CrT!7oEf>tm}ftO-u`JD z1u7p_JT5@@E*RgPDxlg(S@=U3ffibNR`~vZcUXOLv9?v|60vPV*uT}9qyHOt{cbjW#jq|&lCQ^FXo@a{l?__Xs_RG z?qADisH}biANLPo-c6V{G~Kv{4~}*l*D&SA_08T*b8vol`0cQAG}xP-yd52!?hV<) zX0v?yHo3WPm3xihdG%!4?+;Ip2Ho%9Ze;NUw&b)WmoIL=*Deo+Ti4~AqnjbuY~3lh z_eb{+_m#oZ!{}o8^zbCH-^7=0?WV#>T%CV>fu();HmD0Hf^vE*o;*B=o5IuR<@8xO zeHbZQg7TuC{?gALs`|FDIo8e&-p(Jtz3n`oO!c$d%EjYDW%v21IzATaUv9JlI=k5)d>>w19*R3Rc#TG|V#?|BUG?Hu zfAey9ad>n0blf@=Pwy%>_xB?A{o!7De)@Jlda4c-R=Oy2k54uJSlsH%mxqJz?6J@s zoeq`DJMoEq9G#3<`Q>t`u&nfQI(pI6%d*~KYvZ%g)dtwEiG9epfUzg(Z3H=ho^eQ8X-fB(*1!e$?fT^Q!{MErGn*1hK>;qmQZ z=bk@#Jt_%mUG5!JC#}o6{=KySQoE4$zR3?aiqt&lUA8Xe@6UVn`Vm{2{MvZ}CFbnQ z$@rOXa5wDb=|t=8i7MZkX!5yGYo5w)XPcYf&Y#P5_1E*;rt)R<@{*rWkzj9XZ zRLjRhzWeKPcs7=+U!Eqd>&x@qoqJf4`>U;2SmGUhcl>&G{MhU5G+s7$v={w$>y0nH zb}RZ9>Ei6R)A^zvS6b?xcyM}s-<eOo5hJv3J_ixoY+5MXqV;wj{mw)%qrXe06-kspvX;!%E-vm*H(|t9SBpA?zG- z^%r&AnMzkv?RtFseA#VC`s0)IsGmRHZgzIIp4t63;p9-PY;JwI8|+QGy42WIH*b%( zFJFb;O>gh=`Rt{J}F1~i>Q2m+*Pl5{#&(jc3XWOS6Zh}jmfiKemHu#n>PC6>SMLL&B?#E zcW?K;--9M_e{m(&zC4sljRrU34{qPar}uJ&<<(ujw$(*I)LH#RtzCB>AN6~^cXT+GANALZv%`~%du`|ZaJqfW z_D0R&{^j-gvoz9PUn&PfZL2Eo>Q_4@5ee|h7p*epx8$vAtpdNlN~Otd?e+RfIFNh7 zY3)_nW_KRGo&KuqKelT8X7d@=XSgTc4NDi5`ddYLeXi97_IT%_bg)}eziGA0X-$*M zaC#3WJJmPk==ospe6v|Q-y6M-gsb}gm($LE=T5(V-GSrb@#aZ=zPmY+wToZh#m)_E z;nT@=c}xHHBHm~xj|Zyut#R{q5A3wFcXjkl{<2p(dU&o%gHdhgW=nl(RnNyDFs@$C z&u*`8Zf+*c%Ij;l`PSUgcMkXNzhAbx$D6k=+QHz8eS5v%t!{0pV|Aw=Q>&j-KjQwXH6DRvm6WmUbGA zJNEmp8asS>sR?qmw6p)TdEDWfuZJ%x|K;RX9cxNmc)i+hj?ZrRo$a?;w?DkUukMJ= zN^N*BJRE+ha3%Hl4QT)E*UsZn8TRV1D#MD5cPsmo{`2_kwZU!1BJt-&njEmy71bNu_kJoQy`}&iMGAI~ps;oLv7tEe+4LR&{cCviH#Z^1ZAa_D{CN{@(7% zgZ_H_RNc8dY;Av+EBmMC!<~cL#nDmkVpC)pXI+K4r$y16nBq~9YZl>XU7`3 z@nj!nv(8}jDh<^^?J2}>0N?y2+0|;nKB*pzieZ^oh*DwjQ$VDF8@XeV9uHQC{s0f; zFUivA*BN`N9gXR-60{1V1V=lv5&L%qzreK2(Q}Lie#Cs@H~JgMqM&K;A%}pJcwPHU zEYGY0!81nCE~AanbwOiroZ4Sf1EV7{2PQfqp0{PQU|MJx5-)B95(5T!?}ompvaZ_h zeQ1%uf{=G|V{&PXjzkD)10$c{i!Z7D)u(pM_mVcZk-z0PxVHKJ3|-i%=K)u3jlVJz z<51XmaV6{m2ty$t>*_mr|GZ9Ux3%#o#f_WTJ%FoHwgGDqmT%6HJcwM3Ln#zzB?^Cy zsk8lPTr5j=2A2xUm<1#{8nG&V^*OVOGQ=v%6!8xX{4|>#gRb6K9?B9(9+g4aNl5%j z=<@)V3^yCbFjK&wejTuk2F^pFCv-t<>sZQ-F;seZPc}=h$6^+4H;#JZWFyA#U9kzk z67qN@-5nd{E~rDh-7giC2m!{$FN&iOc1&qaRoHS$Mg#W#r^@%Rm8~>O0Iij5nRm_P zv@c_@P8Q|^ycfFMB>zaVI#zg1fuB`{M4dN#NzHdR6b;d+W~p=$fjo{yRO@ zXHMS@ArsA4gvELY>;eL7a^>>eO}@IUttvbSrWsB#h3}I2)bx)wQi5G@IGuK|#pBSA z!io^h>Dg)FzG_+sX^{b8WxuUq#BBBxW$(FiPp@1s3QMJ`c`e_$yjsChGcLFF3v-Pl zXF4M;!f%w&c=I094q0Ox9d!w_n^j7!y;yJj?CMykcz1bing!wNF5-$KL+79P#_%e= z4oJS1s5C!K>Vx#l_xHQk-}Z-T)Rr|a)5b7flt(TLWb)A9T57JQ2l=yMfGvNYyi z%|Uw_weJ7-AhthsN#>E@wmK^8W=sF*4amc3`4J_pNS`A)>g`7G`$jvhrPn{E=U~^v&EkQN{n$2)O09 z+o2=e1(U4hA3KkhS@zDV?nn-dlBIZ&5@VoIG*0||TQLSb2+B)2IQ$#nFrr@>FF5Cz zkPvHp^W97M4?D(4r9#jc^yMZQTCYdBp3;Z&+`LUogH4wOX}a7%$wiCZZ6N8ZJH#*y zCPgkYpt60ll&(tiP>qC%kggD*(h3lHM^JC9$viqOP-J?sj?Wk z^L%4e5qEJ7QVaG0rEsVko#4W(?v8ID5nUaJl=Z4fXdy|YahcV7C_tK2=>}_eT6bMx zQR-cAl~=SR3C|yH`j6xZV9>9(yDxp1p52sXJ~s$;n-~tncN{BWbnqL;#ds1=>k|R^ zNvpi{FEzm=tC}p!Inz&C2WSNa%`QX+n5XxkSxu_NB)F0wbs1>)bpOy~*VaaWBb5G7r+C4&%ChLy$Q5?D64O=NckC z{%feQ!E&!6jD23v{TFMbMSA5!a~$dQgKm@!|nCzx-U(JM-w+j0zJ!vK=h>W8`dqcRAOxd;0$u5mND|~shI$kvEooZGDQbC1oSvt#{>v19?$PdbZ-b)B+rJo9Aeu;8Vd4Z8%>~9D< z(L=$naa+^ebB&lDc3n7?#2;)?wC5+~3}4y4hafZoCMJfpT|n3@+Dbhd$PJK8OuL0{ zQd`D;CNUXax#usA#Mipy|>7O)SV96%3aAV<)e?^(_#X8j~_7ADjBJLku zxB{JNImNGEqG+JYLD5H;>Kp(CTH8v2IB2#FG>&E~Y{owm4?i|GFEYj4(4>!D8neaR ze05dHjz1>jW&=dx2HZ;;*IzIM5>9N4V&rtOL_~&cQH!$7CSL!+5vEj}d7Qt3(9{`U zTCXH;4z0#@yljBcNyg24YmaEL*k$rgCjRv}Fq0$&HZ;oCC5w-j2L9m_IU1X#Z6(C6 zxjV?G5)aT4w^%W}!CG?rp+*IAMbnuYxW9f2n<^(krz6~ID^tNuLaRz{y4L%YX*;QU~ZsED`3b#o_TV4QXz^Tra?#ifLw#Yx27O(nWi&X~f)YWt0J*s}KCeMG>S_&q(RqG`X|?Ez6#q65(mmz> z@pcxOa$FPYOz0ah8RM4;>hqr z5E_pXD{m$Z*Ck$u`BZk-;&YEG5)8s`VuBt`dD^$);lG{|0Ny)o$w&`{YYsv+p{>mU z8MFf!^Pzvd=mBCMmxoubl#?VJnqalw-wfR!dhKgpuKB&-RO{WwXgmwY&Yz=qGJV7+ z?H;B2{kL@kL=GH3;1c47?;|rj@UibVLIPS63QKM7jWuy)a#nTjR~I};d<;~|_|3f+ zhvn_eX!>^GC9$t*X@xJeN}7(;HXKoWwesrTVwYN?nh^Ho zms{&d|1oRnVR1lX@}DUi z%;f$^0(V5r%T@_Wy&`yra-}o)!J-ICjmg=2_ryjAXU5N0s)EKnFvrty!ilMNzDb-# zgG_eS910`<7JFCOdh*erG?f&^vC87LYnqTfQx)~|Z=P28kj@rEnE0X((9D`#N?gZ2 z#~wLtTZb0l;lP6b09Vx9Ro9{as!^S9MTDBty-2e~`0%~;%Wtc;l?XrFzssR3LcML$ zgeuisn(_z?u@?p&5{Ui;wrena29bL8Q;|?TL)r6HWMNTDWv0FL9lzB`-X*anUs|9O z%7XN4B2o*pCDYQ;*GnObQ07{eWVQ>R0r#H)xT*jiRcg)nE{)>sGJ>W=#>@i7Sv@=> zI|^U>0v)A_12Q;RW|&pt(+WXWfo4OFA^)U&n-pk){#-y9bS)AKEV^0FGq%vLuwWvI zXv~8sWWCZNS9*S@_Oj%RE1YCBD-3NB1{>l{KEm&@V~Uz#eIbn$$du#+J|`it`kwfU zw-HS>&~wZnEWS(lt(#YYhod}c$);mh)KSZy1fSa}*=?Q8y)~3J)HhHTjFsc9H~b}b zwu0M98#eJfU6Thq=5#Nuc{3+HNwv_%6AI|K9>rIRRAel5$@IewV;?XsN(9}rX1<%P zB?5`QE}n`?|IBWPhH(K#Pz=dX92Rn$R9Iu7u46$=zXg%GTb*|@QiSF+QH#hRk8PFG zQ1jrle1bOS)ZeJF{>HZ6L2d`A8^*aWum(J)QAx*Kq`nC3fqWjYYM6bKBDei;M#4mEd9O zd&{X`gjp;t$Z_3|z~Jn*4@Se*`qLFfL7XInL{XNTd3F=>*`8D~n@*sYOG*Yz3*1sT zzws@~sNVj!Bin7XNnKkac+c?*Tu{`iRgmG+8lrx#YtaagVUNf+UEIwX*wC2px z7PeWkCw-(coFG?~3K5~1UPlX%?~z@#FAE=!ADd}J^(vlv!z3!B&MSgR$T{ZQ1t6?t z^Sk>_?OL|oBCO?)lA0jvVi;x>o)YD^eQsC}9NzgfO!TwU_(%d~!r&D$;bhWzlbHFFO{codKUcirE6R(=O1Amn_C| zHezPCzF)gu<+x)>U*$XS!rPc*T3CnR5=G}9 z_}?{zXP#kz7>Gd0Iax2OwD9a^14`pew#uoYwj^TKFCJ*?*@qMH)A{%H9VH$}{t92i zlv22tt#;+=ZN0cpaT04rFHW-;uDy`CK~ldf-iyr(_2|H`x|VU6sHBqU!>@C`_I2XI z`~= zn)=pekfnVn{b^`>IvjFWnNj(a-8jOC@FOSsWTZYir;a(7pZ&m|>I$WkcBRG3Fb}1C z8PFq8Od8RfaYd+zXI83n+KZAa-}o4qM3hiV0T8C4n~ABm@l0{_CjR^G zEf8@{9dxhD6Og@$(lFWk6y{Ab+uU=Gbj9i+HbW*~r%oa0u>-1Tg5Fh(#3Lf|vv5mB z;=e@&__b$4f*w>=#kwJ!9{qwWanwOf#~4|vdD4FB;wcr%h^GDYub>2(LYeNBrP#ka zpxcDFdu7(!+&>uCNWwx#`?2u*EJtvUS4hlrQs9TE?gpR0#JQ?ZV?{CGbgI*eU@z#u zAO1>M&s;-))M2(Oo|5OVQ-xBtzZc-#Y3+D1J0%nRi^P$caGqYMedC7J8Txdgsgr2x z8oJ_!E(1lQOWI>Q^2EnE+QVwdlLbl3mK|6IV=en7%u1PLD`)=te=$Pe^Q%zSIdiL+ zi%f|El}~bHjpHz?M_F;ez2fSnj+14^V8-P%Z3AGJvM?WCC%lIoGEa+Be3j+_+X$f~ z*-%axHYG-?SzI>DV8AsH=8ZU?oRLW?wclSu;nAhiIHY6eb349s2-}G z7C3{9%EK)e8DZPw*t9y9MPKKzZRc+9F#T1BV}om!rO4$3m}@3H1AX9#LD;xAfu1^J z43y>2lGxjRc#>2%aLt^R9zOPWH^9EM8}Tap7)Lpa+8HCg%O)nzI**81#yqaVHakq- zdo@dVJB!}=3MZq{S(6hH=2{RAT=!^PbJsOWc}x%ANdsBu4#YAncdS-Y$c%WSisb!X zPV$a_J$ihO<@?$>lzB#GC+qjuK&1)A_Z)QS!P!BKA`8HL|I@^ruJhafN=JV#FEQwm zaUQ@E?=xKp_#pPVG&VW}P%D1Se2O{fNOVfK|MEd_BF}DQbka%st5-8F5 zrWX}mM)0sSw(hePo7F##LbC5#4HY)`u>Xqm=sN*|Fb4J|Hans(p43#-)b z2ulTuz1%^Qs$I(;Bx-Eecc-5x3kbqwE21A@9)o~et=YA1*_HGFKk&g?DjhPBu1-vm z{#D6pvOvZLxS0`nLxw*6V(rY?B`}Hde=S?{=G<#)uk7-|x#zL!0Q%_^0#)z1_yQA}7=;QLcALr#?iH+?!uD3!bG^g;o%+*1Rk& z6vA8zD#o)Q3j*w>`KyIf(JBhKZ?HxzeQg4Zc+C@bwUu`)L+-`8DQu}y zI;?K|2VM17-JrY|Ev})lc#2+ZCpf=)uGA$z>{Nr_o!vTFu`L#(Xm+)B=d!4FjC7_g z1&r(OdJBhh-9xr^=U^n~;XF!71*eBl>NN3d3jQ`W$ke*k%l<%5Vkwg~DYIU{4?w1- z8ew-Kv=rAQ^Tt{8)c9}9s9ydZl;{e?svyVWm9>&r^tIK6UeU3Mj(p8g5{-X9iC((* zIS5n~Te&>5g!+}I^o||^8(=-I8Z5KsjFRsOfBRGS_EI2cE6x(tX!+CLFfT|~)4|$s zm~;}o_3`Nau>m{Vg5W=WiTST^rQheUz!2;-s0nw@JS7Q5X$idAu%V=VSpon0&IIv? zwScCm&%c>rlHDWh^Tg1plpDY*xvv`Ow_P!Olj}#OyN39F#A+N#*_Uo;b#rGJCg=A5 zVFCrl{ppgCh#IbJ&|deV;n^VnL{|=pU$)9#FmWp1A+4nRIvx@;3Agw(rkh06bCnhe zxe7J}pb{bbDQBGe+A+LqeM6SC^KPrEPkcJNhyb-(ve9h|F_S6kI141;p!qTo3EvS-XD=rYztz#`5<2(=|3c3%)xx#^HVc_}lXl(bi{p z#Mt{M#sXpXq35HX*1~ueaUUZM9Ba&pez$Fg$`(2pLuYjOI*)`0_{x?UQ;4uX;Q?IdUz+6CkXS`!ElBJuQF54ymdrO@H_I|Wt3M2lc+ z)#C26`xbI#AZH-(Kk*>K*z-O}K8@hCg2!n7LAjx!*s>RqsU?%4Il;%Muh+ zPyOk_?>}A&V;dww=$vu5t}coBNp;>WSY0Em=PZA~pO-=tC%nLN_V00h6UW>UggM=i zL2Y%Qu3HzT%8w?g->NUHQyZ=?VuFfrw;<}IEQr;Y^Qs-O?&BlRf#!T;O4tl+*&$X* zq>VZ0DZD8SA22|R2=$w|A)gTEE>l5b6qo;0C^JPggH1$gKzSL7G>75oQz>pLv2Z(6 zhPFi;>&F*X)P<=PDDkY^2xNtQLkJ;H+{g+m`pHm6qeX1G!iChq9!Vm~M}nC52^J)z zmo3_ObxQQe#HD64eB-B0&SH6pqfdJ{L!%djjV%LLL4034eD5iVnz*Y=uMj9MlF+e_ z?fZFNTrZBcfsS^^G6_d6QtyG+#B>PDYJcj$Gb}wnf*qwJ!z3+p9HfCnFoM-dKL%Dw z;zCrEwZW)ELNx-yC0YGb(78y&cuK@rw|z6jnGLL4(V?-fDNS+1ewC0Dx0A`|+fuKP zmaYEN7J-Sk{)#otXy7X@gj19?#?`tUZpGNL`e+r6QIAboC{EuO9!M)gE0S#QUOSAw zYONVZX}Y^AP0onPxFOgfA>CJuZ%6i`kF|GztsyO8Ml(ae9Jm_7Sbjrlop)faPV80E z1#|q*xTMd|u}MQ%*~nGTYcdGc3CE&l#zngGK@iJR2)9tjG$=DW9@-6e5c^XcHphz+ zAN_F9;Qqz0Q0AOqS8dK-Ecl(()wKPmKtT)!nVjyjXr=*G+dNTH#G(Wt&2amHHGfWB z{dC47Yj=}h7jfY*(KtSNN4aT%dZ9iJ@u2%b-IdFkY1dHzkE@D-A}NE%->jCO^U6YK z9gN|dFu~WJN0bnFrfSbc?EoE1axy9;l`daSw5^#KbYDEPmncpJqR=vIGe<7bc zTGxmxIMSK*tMCz5P`kSMsh!?lpD$S+VEX7{j?d#5+GEFfBC6`##)? zCoAZ^{{sYo9&Uz{ZGIVUaw;;A1Z9ETpQQSEWT?+>>G4Pi5v#X$f1!nPytGz#k|QS9 zDwiLFzF?O4nhQnGQu)R%q*!K0uiTMbN-BIRFv+2x`tnODGbS%C)smp8c(Px&N{J`- zjk|PLjb~xfjAx4VgiIZ~;jRf#nz@`d(`em^D40HnU&kBFlb-h~>=ARwHbNEC8S6^N zmRw_))~-sp5qWuwZ21zGhsD5noSUX@{==({Etn1}sqe%oGI$fy5C?K@OIP7qndz6v zD)llMY~SXAzFk@KD74;y`otWt*|#nM5zNC=7qj_)FY@0VqW`bL)IUx7|1gTGDZwNBCk5u;4*eI$zx?O)e*o~LGBp4I literal 14059 zcmZ|0b8u!+^Qar^jg5&j(ZseUwrxzDH@0otwrwX9+qP}z%=evBb?^P%I(zNvU8|~V z{kiLTR(H!wfkU8!fPlb&+-oMN7b7I(`@?{Mh+u(${Ch!+>`e?DO;pTx8RT(6v-Sy=j!=F}+-cm3*)oTws4iUN?yw(d!JA|30L zN1s3msNO}p(8z}eibg6koq?GB<)tob{EayuX@ySBk3ovo#W9c=L`yTRhUUh zP?-3pp$_|`W#7;>xAGWF8N?d4_Rd9U)~4)CbL7dl>`D8%m%o_^XElfDg8Y0ub-yBO z%9JI}+OPGdBHZjeKL{@mR&N<~Ocm87MCpo%OGb<0lexwpG%;Xl4;1kv%4=nfark$i zRZTIV9Yrh8m%l%S*!dCyQXE}KEjO*kwqn*@&(#T$W^kz1DfQULn&ZA69|{pM3F(aZ z_SqVS# z$82h6LXni%P7_8qW7k6thbUL;O;N;4^${lRKA9RyU0SP5_GRY&rT?2;gH0vI7BPQ6r<=iqoDEQ=hDn7Zw50WpG9-HB zQ?A^&S7;p(^r6w~`)gMb!MH(=mk;D>pu`uhm06-LX zs=^<@ED{Sb9AW3%hP4F*=}@-Olrg>E(+F+p*B4#s;(G13*a^fK%@M=`(StTnwZ7=& zK%ffn*l1OOWi-k9o&b8uRJxkERn=rcQew*5vO)OSn3pke(tlyb=fII48&S0;Mb=mR z9pmHU?@4W(`rsu)A^n2DeU7Zl@+a!PJRLkKH(q;zB0gfxA~FV9cgaYad-rn5D+oU> z_qjr2rFsqD-A&e=Uq2;GEl;5E z<@qftIcNM=$JsSRI6Fo)k5OnqH3j$t|G<~gw)wuy3z>2WX8+F3wKln07DOQ10f|X} zg-LF$RwEH27I1>++QJt|$6Ut(FnF#)E2FU$RgG@O4*Ncw>|-u0X|P-~ZrZJ9-b;g6 zK8VsC6;btfYOP|&)C;sS_h2u52L$Ju!VFGvgf*j!ldw@Ip(m*Jgr^4k1lUhWq2Hu! ziO~d53kiEW?R=I7u+mH9yw7?Kg`cyb19aNJ9lKjpToW!W81ug8x|6G?v-vhIf7V5l zKTfSxrZ#InxJ+z4g{8>vgq$|bBBiEycXXXg$@{o`Rnr!DEz+JhOxbUr89|FUYvl5k zohMC9jV--N>+89&W2mN3G$JU!Q1cL9FfyDEf0WX@_I%#u<0Q`8B;;6;D<5^C#-(?wM0CC(cZH3$ZAlQyI4FvP&2}1;02pMDXbZ525cT+%pYgCWLv2Ok1Ej>Vvwd(;cmK_S{wAo~0Xn-BqS#|)LP_9YRw4VL#iKIL~e z)mq)W+KgGcOX&v$x5NDf(HA)~_Ad&D8ffmiqHdc-(6TVSXbm$uj_}KnHLY{M_(W;qD~4e?Z{u=<>>}!-6dM zuph`ynFOZ7j{nvFtvK-OW#_D6Jxg6C_?XUdmf}$GAwqiaPL(sqSBwW@%2oU-YH{D)W zuh=_YF2#rF(BFP*?795LZa<$5DWR_YwEtGWHwvPyAkMQ9lb+FP6m@C!)?ok2>V$J; z#QV~<$@0Gj*?bD5_`BqJOow*p8^{~i%m^>u*dr8uwMM`1H{!feHvwvS`S8R!#Q*V0 zDF6S#7SwMle@j{rkVRH75R`w|Vr^hilmI#%q4e_lNF-Em)x^Xu5^m>UGdXqlh;X=j zs!4gWgU25_UQQlf4&(~qqa=~yvo5Z=LTX7x|5=(y`L-G4%ef~&jYc) zdh_mtBtJsV&BDKNgU%QG5*V)!3szK3uI8He%nzy*)1kIQU^V})@Cq-VLqK9D2$B

fw3f5D)|-P#%M8WGBk$_)%;S|SF2 zyzeGZ5I!2w!)q|syW241-pO_Hql4rr&mI#OutB55c=|9;y=CTILLoO0}e9U$#y z45m{?Oj**P%_<11yEFH58^fH(&E50%;UY$ET8{qf#c`r1qn4gRcWsqSwuJh;a*fwg z=ZE%J6o(KW5gP$tX54;zftnyHX9~R-V|F#^-EL-S6bg))U<_Mjn!;MQsh#qrCW(Nf(@_K&A1=X}MU3i~nQJRz zr`}TPX%4vGO<1CR+*4(p%W9+YAM-Snmp?(P-PbQTQE6`^397$KN+~%c%FOTB;5Hvw zw3Zw@!yEzt;3y_{H+!j(o~|$e=0biVHc&MyusJr1iurP&5|cW3JEu{XxVrzikh!L1 zDgkANTkWyKa7^dRk!%SCdXgix&}NRGb16_D4_me=e7AAm_7H*EslQB{BJ-&jO*YE0 z{}k~ILZ~e+H2bPDH2X}Xk!K9|={^tYLQr-m+VB`{3AUuMRhH)bjR9F)LnVkZ+g#+f z@^R-thAQYrnl8|^3wAdx4mtZW7dbl(Zg+JGZZ}OAX1t)%pc9*W){!y4f&fhFq)=X0 zmm;{S3wtE5v3g`P^H`TwZFDo^+^63zkxizP8G3-eC(NYAi=s75iP%?D$&;Zo*vnk0k5y?leQ4Z88J; zwV~bb)9MEUx{aW6II7MW$z752zR?UtxZNOa75LrpbJ@5 zbd;MWrhbTM|0&=g`umLNm&s6H(r4i54g{9z5pwXYr@m2jdwGu%7b8=3c#NvT3+zXT zf@h*Emg$B1%>~ylIa{r4f}HHS_taVH{v009U+6z&H@VWPTq7Z7X}7H5`NV^W9Hy~; z`H%mAw)r3*F%9(o@-xH1cECQk$_8(fl%J08Uj)aD5Gv*baLwbjZd045gOS1zyv4kZ z=sWq=4x)XoGL^h_0O_6RLUse0Wx_9xU}!_(-LRH^j@@W(2S`khTrwS684@?X+__p;#^0aM4xmd!Ai$`b-r#o zLXlRhP)q6ud-h6)CS@}38z*PY>xK$ky|U~GRvQMlcaP*h9_NA(=$Gl+Qa=J~Vp_=( z*a9Cb!{0^#o~`q_9TY~i&#z+~Bdn!mko)p2f*hV>b!mqRvHRCp*wHAw`yqVWh_i zowTt#zWct&SL4eCEAG|jp+%~CpQ*s2!&pft6P56F;U%L@=QxZ|wBm6=x7e?Zv(nV5 zd$1Z$fG*{n{QGz!h!LcLo+}qua1RBJ%YpI8Q&1$j%!F7`rv?AWUy4dOFGjy1rIe6P zZNULk!m-f+d_z7pG-#zxXHU}lEdzJuSUE^qw|z+Eqz{B-1%(NKswM7>;yMKYL_M&v zsRdZQwcH|#9d{p-&kG(*hwiN3#kU)F-uLN>D(Zs9PDUQtU2GG=rp1Nvb3-~+o*9(x z;@XeWy@7=oQxfxFh8?!NX7RxUKZsgT(fLlxW!J$GmEZNM9nF9w!S*h*>T$fi2}+NY z7EdlSP*nxarV%lFT7c7>3}M0-138?cV6-DMU5g?c!T?OC8r)?M5@YQEFKOm#F{(wg zuUTI2#OU&2`4>`mvwq9ryQZ3n1Ae=U=I8B&hB!(5u<{Pnw0Ks)uAUv!tKY=3*`1+Z z2|F5)%}>5gnT5~84t1Oy_;TRmgYAA*+m4nY4TjtRBZziRImJ!@9`%`G^V zf-rbP{_91M!Ha%zUw*9KKK7NMmSjK$Lx+=v!Or#p*7<^zn)Y_Kfgbw@JKfjr=3#^_ ztTdv>yI?!jR}c-M24t5vzPIPy`YbAaP1x*h2h22-%%Uj5VL90AkKetMA<@VAX(E)>Rlo~BlR^4EdA;y6UK=H>7{XZHua)JJt+88* z)7$HoEwUo!jwL{(b3t)YwSe+3ba7Fc=GzTA+~EhTx1k={>>d^tQf9UgT_0%*jV9yZ zNL_sy*vm7zQUH~c4)1&X8{J;gwThF)D$fsZ2)SYAomZo$0pd9e12zTW$MPaU-d{hL z$xk#N{J0qA7X>|?W_n1P+bOkl2E|`OGh5&At;sTYalLtLOw0(JRSyod&tJA`27Q@# zXFTRNS7M5yXN&7sgm48B5vHjoMQZ$RoX~pwLC!>~&v9yGodqn+kh)-k-T5sCjB|Dg zsAM*I333O4&`4( zDeF&^3R)!5rn!MvFoLc463?gRdj+fU`|BfEDqgr0w8=SqyNT$38AQm-o41}fD-2oh zt?(SF>{hTJ=*uwqI!;|LmM*g<<(%%_ z$Q!72)^u>(@qZL2BE9b;2FWiinn9SiY=1PoWTb5a_G8b8Oc1*2?4R-CsAy(-CFW;Kua{&2G=NV=qmO^SJ+4*o zsK#&tu6vO=>Rg4S1J`^Yd=zY#;p2?Q1&tHLSpr|8g+IFd!C;GQA_Nl$g(h6$r3~m- zpc8YovjbTMLY5+$4=q^NLgA{ogq-IFFF#>u}8H~CE*DrP9ZVrW(4i2Sb)aY9y9!a$UJ1w-01Vnl9b1h*63z2`@ zskHyiLnL_+PBU*P^0Q(VjoSjoWXAUNSE+Z5rj_ z9lvoK!s?FOXL;SVBdn$^RDIS%KnCCBPO0@=zio}~_e}nrP?P*nf^L$|C4=n3fPMvf z3laZ#Nn^20WYh^gZTd^aO%{jr$_=IQ_BMuQPD+_yaRmvdcjDqyB(a7{nEA-L`7>Od zY&*2xEahH1Jd2KtrS9`}_++~k7~9}Ho;V|~iL&aQbz+#z?ZZ`NFZvqdIEpvJK z*=4~#eqQ~%PIF>S@Trt&S6r75@MIno`*`EY8FKsP|`BlK<;>2W9I6NL2vCho;Q zOZNVXcdiLgH-*+$vlVjlK+=x{!@mGi9|ZqC$0|^}hfTC;x(Z>U4y)TVfIRq|%ReC) zIu1wX^rH)Tu$I281-Ty~WkCo=3&sFIOoImhFJxceNX#;HsWK>DHF@;=nc7U{j zwL!>qA9cw6F_1zWysb<=if{edFG=psl#7BWg`42CCSZlpv=OKqa6en?xm`Eb6aSXW z?qH(#8yLd1#(HFzwiNTbB&q&!#sf?U!Ck`_+Lm*wqr1Ir5eg2r@1lZ=I#68kg=-YRoXle8NH+)xJ}vl$SvG?+I6q(HvDco^!~%CQ zQ|DH3pd>c9=`0Q++~R%NwHdn|=k1@++&P#FRG+A)PEe-=Czt1Pt5+XHg8$uTh*Ckm zVTdw*Je18(mS8yRYtmrY;JHFWILTHD_O5QUC_c-=XSDi&9_4md*K1)7s@0PByThZf z*j&1FXo6NQ%PG6Tt#;~O46HWe3=Xl2gkv&onDS+c*3m{u#vp4thRZUi>A1qdFl(Co z%+s3;s%L1niKD$Epg`-}@TbRJAVCSZ%L&d{|h5P_QX)1KLtPf z%|R8ZNy{9&hhLW0()C@2^a2$2-ff^zX2Xz%?KNos~0wa z+czf;AH+S66xaEepDU{LLfa)Sp493V?eN|lF0L|$NiuGe!|IFn88RXQvrEQu!31=| z&X>~Xxdnve_RUtew4u(;-trlq@ohCLo;zqSW#~gdh=7;MP5CwRUq(( z1)YjRzfVLZzFaN^QuEF?hO9-IxjfwSN^Y4-b)Zfmjb);_gL8BDPyp7^ktrPt3sGYA zzx)}u7`IBoY^{l?NA{|L;4ZxV$|Zse3`(ZR)#y>jy(+=e|$KLQwf(O$NhBGpqH z((JeSs_!Q5o34rG{1q|<^iQmJLJ%q6Ml-YTpr^ZgZBu0Ln4BC5IjY}LA#U}vqd(BvonCd;JO>H4Ou}MiO2@^ zv#U6x4u#q&t=nGse84{~nPATu%Z@8$=OvVJO2432-yzeMH6P%^?p?7E;IGJUR9~}p zc(1s~Qub%Va)`t1&ts_kA05s*yJO7+%NuF#MNyful-$`<$vT$cLMyoIs^Q9N8v}b; zCINTLPWMgnv#;7?_h6F%YjDOmAz^o#y;Ve#?8OVH4EH}kFca0;h3Bw}rDp@Tfcs_> znAYa2$Yh(SVc-p0ojqjx<$NDspuF0kVI6O+i)%)o;W$zSnVFx~9h8T-+JePg7B>|Y zp1k?4a3|}0fX#+$#o{n(uH7C69~Z&eCp(PG>dz4b5ACMED*p+KlZ0wvq8_1(R{t(9Eve%(3oeM8v!ninPtLhS@Jr(6ad4m0clC&$Ukk&Hgu3HslXh=W}X1F7P+= z%b5-eLj50LZwa04nmewBLUV(o{FjEVi{*K6owDJMPR15~5 z-JsjU{=x;A>bV0*KCNfO{E5}4XWtzMr@MIu859qB;vR!{4rhNrA2cyKi!md;!>fM- zVvJRJ^H+wJVbe{YJKkmcG~C1lTsj$rl~;|7KDku~)G7nyPT$AeFH3dPtU+F!J=1B4 zMZ?j|Hzsw#U#RnFHLZB-O-0uA;r2`J@j3b{W4ug4xRhgLsOtZLO)>62utCId+-(!s zg^})sfZ8`L#mx*dR=S}xs^}7Xzs%1hz*unz2wSrZHmk}Yz<6pnrLp$KARxTCUmf<# zso1fdRG^w}2Kmrl4}tViWWHET<6bQpX-789z98U8;mUpaz%T$FF)eW=u>(a3SB z!rLIYXi2X5~*p(Ee^0Dftgpsu$Mcm$y5X(uf3OV|D(1{l7fv;l-v*+G+b`!gT zF7eIkY*U*NA|ljl{&X)T*$?ISm=f&+cs4N>cxGC-R{s{pvmy2oIR3l)o`7#qp@DJ+ zLwa(Ktas_Iuh^gMvMh=dmORjO4Z+S-(b-Z~DL=tWh<5gxDvx#Pg|-buh11`4f>1kB zVm%fU9m?II@fWb56f5Y~<8nD`Wm_>J4J8Pwr=abJVua=S**AXe9M}GF>Lj|s#)Qk` zqI0KiK+>sCX=8!*fkToYs5je!Xd3`a!I>M=DP`+-NiK`tH~4U~w7b2GEnF%N2s^DQ zD!J0NwX8X)VSu4WTdhVSe7U_RhXDrk&qFa8-*u4HN}(!E&bHvm9mVqCQ>H z7|4vnHA3e*g66>DWLVkfDW}CEDNfSfK_=F>i{``^Kj1w#Hgmq6>}E2EGJ+UB;N8&m zvNcCqlSFs6jeT|GP{J!a+@IXUE^|kF5~PNxLbTn7P;Ld~UJ#S)-c6D{2fINB#TdsJ+twdkx#=yXnb7#e z=P7G(`b=+xps5dxTQXzw!;U*jj$Z{dRvKqR^#_PU#g@}`7AO?An=ZiZS{eYcaph75 zKTrRe^Z^2s&ZY#%FI$8(zs;uE9vPAPuJGQRzLxReGyqIeG;EmdZ1lFY4vguyQ!WQ& zY5iWRB%k^rb-sosnoT0N=Oq3%y==b?6*SRgPsYoF`G}}~HMH^Eruk~w9NQ?O1HaIw zZEA;`{93f}a#UB7vRbqOuViDS`mf2X%oQtl7r|$K1 z+$7%6)5A*d=|@8*mdj*|1qDG0W8T8|HhZwi%CG7Sj{=15+Rpz51V?kL8>mb{MLgquaZb{wbsLiQinxeyn-~-d*uGlrVsZ5qsoH$0qo)D_F}|BF#=yE8>9qpe1S# zQo-|ch8rc^-mR3BO|n=)v>}botZFLL`suVG9gFq~WyUj&bfT|_+TCMEqYRC)P1vF0pT>v? zF>p1bW=VJNOoqV;@sB_$j>X3Ii_?l(=8Jx#�H2fB*L4>jr?e#^SodMv2xrfnUSY2XXh4m!vEktNi0aT>n8y&?VVgF!EfuEC0j;`53`#-h~;ffdTj zoR5&26Ah#sHTP-i-s22qM@&1q9eO)(X>7%V1chZZHe3oRV=CrD_fl|51{!v1wXNo_ z9!X=0JsUfY{&>jWY6Yz;5JL6}=EAu5VD^jP@Pd>Q%jb@v3(x>(7=(3}f+abXQ`y5s zQ+nA>{b>7S!H1u)T;d83JJCas-$dvdA_Uq+#>;UqsVGlv1Sa`zgJDS_SqUM-dBhzQ z04l=%pk2>#`x(Bq)>o9mNhRS93M(dkS5vaQALVH@nSnaRXmudjf`c>>NVAvy0TGW{ z@FmR#{rRf>Jh2IqP;jO!kwKm2sU)pXKb|S5@zxpKLE}%JrEkq9E0-8UxJhMeIC>Za z+no$aXsrjb@Wvz(N*eHDGm=mERGr=9vbJ<O{P%;spkC0Fo_y#VENKO9;L$xkyL`R9EoY?+L`5BN*ejZ}e0_co8kiy2;Lli9#9 z?uy0dj|qdjhn%>5>96UnHZNf&v39QDjS9vyMb%@oR4eNwuUwj(@1?h$ii~Fv zSS!fh)$j5m%>vLBgJBCF^jpE3+=`G$rxJ-h;@dvqtxyf`KJu*F6`u3GJluh+xU9kT zBx8ESoF+ccY}ola&OAzdGfmyg<9d=BYleL$;&7vB)TL8|1fcdgluSz5= zd%>LgK@dIjljd(GthmgFV75((0F6|kfvjn#ZdE^}x%3G}MaY(sX&EWQ<-W#je)Y6J zLW|7;H=FCZFsydhVj|e4hti1IR6CAZ2WR|buxwda4`$9CB2$)f8Y>ZRUX9Edh?x4! z9Obyu-&#>g@Wgy*dt#wVSlqZM1^fgh#5*sfE4mVFFRXS;80sJba|UyCx-RT9^!h`Q z+n3{=VMod9&DH(V+abdx;ZAm!u9?ld=SXtLFG6o(6 zVro0x+vhb-bh^*;`}P1k#7(@9)Sme&_ZOL^iMGa%{1YGbHuG4`_Q%Ya=xH$uxotv1 zACd1b(;`iG*9uoF=+$_;oesEu?bn~2t{9#dgD)PG^w#$gn(R4|F-33eMq4bM@V8v` z{en8jR`NxdRMECAZXxd`y&$PW>gWyQt1jimUXe@>sOpn5^@(0wX&A6Zy;|Yrmea%kU*vbQoX96A}g^%qgPTN#`2;g4cVpNIx9Ck@!B3( z7hQIrrD=1~@dBd_>SGA+03mf4;!^nI+E`j% zYf#avojL800~IVL?k?WnLu1$epicz{@Q>kpTiMZrW;0tHA?ePhoX=t943gc2ij{uh z|DF#Jc0DJ-+jc#Tp`ToZbi3}j9&&gBFs#G7Krw7+-k>56R}vbsvHBRq)Q z;Ag~V26uap!^J%Y?*3EYpMKhOoyA$*QtuldCu_{htMd_2wradvZLjbVTBrZjE9Rz_ zG8Rb!$L+y!zT}wD<9P*hbA1D-gUX|iky32*Op%uqr*HtT>*<0vUr7+}iZe+lquQ>} zFGCqdSUHMilz(o;)twGzx2dL_VOmYd(Kr>unGPnraorL9EAs)eYzb6fX{2q8>5eU3 zINdX)IoDNn=>bEHerHhc>JX#l&CMv>DUSCdPZZ?k3#qjsT^J^pYJ>BffDzZ9pqKM8DtWu?0Ii-CTjrV;sHWCh z9n3eYd{{~u7i(sdO^|ORC0?BK_$UjZm;Z5t5kLJpVm>VB zs@dXellyg@#$ZH`9Jlf-w&t?IwX;5I+QUrt20FdNaGA-04_e7JKokT!ix9wDo}mB9 zqD}H@B`W4<)KSIPY~+h|qhyOH2D0n7usybKs{jj=87*p+OK>$QMeZ~dPpBd}tG)q> z1|o!*>OXo%l)21?FvA-BqqZ4vQ7-xno_W6AQOe+)|x^ld<&%THIn|5R%SEOW9}=H67hvLk?9^`eGau*{D14^3%LV zG^q+vwJLyBgxw;1jAgmYVtdkU&b=Ld6X7}Co-H&CJ`bN6*!`ylnuYmywot7Zl^48N zpc?j5=K`y9eb55}ZS^;onBrsT+7>XM&xvY}$Z@+e2^2;cRX>}+p?`u6>l$zBdO1RR zg=`nem-CrFH9~F2*nSY=(!WfE85D~C+{`AXTya+w;plh0$ILpWZH~aYh z-u{MOg4U=P0)1!-z?^x=@tL})Z%d(BT3$db(1m^iCO3akhA}`*Tf#?p3{vp(?HPUR zmHf4OxB<`Md10Ck;?Qm9N9vZ~7kntFiOB@Q1$KwD4Vj&8#5KmMz-8f?c9PZlM3V3& zr$T+Z+jR~zItu#yzEGP3Cy_pK1BSS+1?*t4W|75+m5LyZzLm(>=xz}QdE%mm>6l48Ghl}JC*ae|-Ds~a zl#_@`jM(cqNI$kK}av_yPC@27ScPv)&RXYlZJd8AAABKgTK9q z!~v^XgE%!)`PM#J!y(xm+Kh}wVqf|1TYG&=?kX44nA-M7kPT(=e%v3nMJ193ufG_I zr70xL;CEzmW(WYV^h7?PQ5L)lt_UJB$`WBeJrnmp%7}gv!yTTT3&(3H3`jaA3#XYM zEW+_AgUBKmcI;FFg8?{YH+bqfR;FR{saiEeoOY;c#Z_a^wP9j?9Md2o5FpSD;50me zpWKqqFs%;R0H|A-N+uuyhzA;NY?qkvums!j#$Gh&V6J7^+(B9fjxb1Z$jQOf3^ zY|4e&viqxYIE)gDg`*rtEeLEu_Bq)BT};V9ljPWW0-Y|du`$nmGoxHb{fR-XO*-)J zEyWH@tjy?(F>h(5ucGbDum6IA;IJLc6&mA)P#%D%mdA)3-<6_|k z)V?i>YBsrx?IzO6{t_JHgAycuncjM8Y`apvxWL*`!`W-T^6%4d;Hf`-q^$B&5;0Sf z43@#o$9u}5RZlIUQR?5b_a+P5@UJ(?zSqkMa5raeW~51pIKr`p<}Su^dA~KJYe%(U z3g`_p{@Ml|oYaMdbEf)xd_0Xl+)Jifz-TX=iw|o!V30(1i)k9)O)}|?Sx)S)4=z4G zt(7wwOK+v|kr3^9V|_9fB_=%u^v<8&dxm(b`868an`&xan&=&4nOY+QW+S4W#bv<& ztD35e!il;}595Z^E*9H-la-*<>-yRd(_iA;rf5v!dZck~zA?MkKH&0FpkU}A|M!uy wf9=`-ujl_VVD>)``JWBm|IZ06|EAUcf9>A#Qjk#pNdfz}0{?v#*#5KoU(Tu_z5oCK diff --git a/Solutions/Recorded Future Identity/Package/createUiDefinition.json b/Solutions/Recorded Future Identity/Package/createUiDefinition.json index 10387b412b..70ca4d48a1 100644 --- a/Solutions/Recorded Future Identity/Package/createUiDefinition.json +++ b/Solutions/Recorded Future Identity/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Recorded Future](https://www.recordedfuture.com/) Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:\n1. searches for compromised workforce or external customer users\n2. looking up existing users and saving the compromised user data to a Log file\n3. confirming high risk Azure Active Directory (AAD) users\n4. adding a compromised user to an AAD security group\n\nFor more information, see the [Documentation for this Solution](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/Playbooks).\n\nThe playbooks have internal dependencies where you have to install: \n- RecordedFutureIdentity-add-EntraID-security-group-user \n- RecordedFutureIdentity-confirm-EntraID-risky-user \n- RecordedFutureIdentity-lookup-and-save-user \n\nBefore: \n- RecordedFutureIdentity-search-workforce-user \n- RecordedFutureIdentity-search-external-user.\n\nThis solution depends on underlying Microsoft technologies. Some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:\n* [Log Analytics](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/workspace-design)\n* [Logic apps](https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-pricing)\n\n\n**Playbooks:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Recorded Future](https://www.recordedfuture.com/) Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:\n1. searches for compromised workforce or external customer users\n2. looking up existing users and saving the compromised user data to a Log file\n3. confirming high risk Azure Active Directory (AAD) users\n4. adding a compromised user to an AAD security group\n\nFor more information, see the [Documentation for this Solution](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/Playbooks).\n\nThe playbooks have internal dependencies where you have to install: \n- RecordedFutureIdentity-add-EntraID-security-group-user \n- RecordedFutureIdentity-confirm-EntraID-risky-user \n- RecordedFutureIdentity-lookup-and-save-user \n\nBefore: \n- RecordedFutureIdentity-search-workforce-user \n- RecordedFutureIdentity-search-external-user.\n\nThis solution depends on underlying Microsoft technologies. Some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:\n* [Log Analytics](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/workspace-design)\n* [Logic apps](https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-pricing)\n\n\n**Custom Azure Logic Apps Connectors:** 1, **Playbooks:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions", diff --git a/Solutions/Recorded Future Identity/Package/mainTemplate.json b/Solutions/Recorded Future Identity/Package/mainTemplate.json index b4bf265d2f..187eee6f06 100644 --- a/Solutions/Recorded Future Identity/Package/mainTemplate.json +++ b/Solutions/Recorded Future Identity/Package/mainTemplate.json @@ -36,49 +36,57 @@ "_solutionVersion": "3.0.0", "solutionId": "recordedfuture1605638642586.recorded_future_identity_sentinel_solution", "_solutionId": "[variables('solutionId')]", - "RecordedFutureIdentity-add-EntraID-security-group-user": "RecordedFutureIdentity-add-EntraID-security-group-user", - "_RecordedFutureIdentity-add-EntraID-security-group-user": "[variables('RecordedFutureIdentity-add-EntraID-security-group-user')]", + "RFI-add-EntraID-security-group-user": "RFI-add-EntraID-security-group-user", + "_RFI-add-EntraID-security-group-user": "[variables('RFI-add-EntraID-security-group-user')]", "playbookVersion1": "1.0", - "playbookContentId1": "RecordedFutureIdentity-add-EntraID-security-group-user", + "playbookContentId1": "RFI-add-EntraID-security-group-user", "_playbookContentId1": "[variables('playbookContentId1')]", "playbookId1": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId1'))]", "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1'))))]", "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]", - "RecordedFutureIdentity-confirm-EntraID-risky-user": "RecordedFutureIdentity-confirm-EntraID-risky-user", - "_RecordedFutureIdentity-confirm-EntraID-risky-user": "[variables('RecordedFutureIdentity-confirm-EntraID-risky-user')]", + "RFI-confirm-EntraID-risky-user": "RFI-confirm-EntraID-risky-user", + "_RFI-confirm-EntraID-risky-user": "[variables('RFI-confirm-EntraID-risky-user')]", "playbookVersion2": "1.0", - "playbookContentId2": "RecordedFutureIdentity-confirm-EntraID-risky-user", + "playbookContentId2": "RFI-confirm-EntraID-risky-user", "_playbookContentId2": "[variables('playbookContentId2')]", "playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]", "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))))]", "_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]", - "RecordedFutureIdentity-lookup-and-save-user": "RecordedFutureIdentity-lookup-and-save-user", - "_RecordedFutureIdentity-lookup-and-save-user": "[variables('RecordedFutureIdentity-lookup-and-save-user')]", - "playbookVersion3": "1.0", - "playbookContentId3": "RecordedFutureIdentity-lookup-and-save-user", + "RFI-lookup-and-save-user": "RFI-lookup-and-save-user", + "_RFI-lookup-and-save-user": "[variables('RFI-lookup-and-save-user')]", + "playbookVersion3": "1.2", + "playbookContentId3": "RFI-lookup-and-save-user", "_playbookContentId3": "[variables('playbookContentId3')]", "playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]", "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]", "_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]", - "RecordedFutureIdentity-search-workforce-user": "RecordedFutureIdentity-search-workforce-user", - "_RecordedFutureIdentity-search-workforce-user": "[variables('RecordedFutureIdentity-search-workforce-user')]", + "RFI-search-workforce-user": "RFI-search-workforce-user", + "_RFI-search-workforce-user": "[variables('RFI-search-workforce-user')]", "TemplateEmptyObject": "[json('{}')]", "blanks": "[replace('b', 'b', '')]", "playbookVersion4": "1.0", - "playbookContentId4": "RecordedFutureIdentity-search-workforce-user", + "playbookContentId4": "RFI-search-workforce-user", "_playbookContentId4": "[variables('playbookContentId4')]", "playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]", "playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))))]", "_playbookcontentProductId4": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId4'),'-', variables('playbookVersion4'))))]", - "RecordedFutureIdentity-search-external-user": "RecordedFutureIdentity-search-external-user", - "_RecordedFutureIdentity-search-external-user": "[variables('RecordedFutureIdentity-search-external-user')]", + "RFI-search-external-user": "RFI-search-external-user", + "_RFI-search-external-user": "[variables('RFI-search-external-user')]", "playbookVersion5": "1.0", - "playbookContentId5": "RecordedFutureIdentity-search-external-user", + "playbookContentId5": "RFI-search-external-user", "_playbookContentId5": "[variables('playbookContentId5')]", "playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]", "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))))]", "_playbookcontentProductId5": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId5'),'-', variables('playbookVersion5'))))]", + "RFI-CustomConnector-0.1.0": "RFI-CustomConnector-0.1.0", + "_RFI-CustomConnector-0.1.0": "[variables('RFI-CustomConnector-0.1.0')]", + "TemplateEmptyArray": "[json('[]')]", + "playbookVersion6": "1.0", + "playbookContentId6": "RFI-CustomConnector-0.1.0", + "_playbookContentId6": "[variables('playbookContentId6')]", + "playbookTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-lc-',uniquestring(variables('_playbookContentId6'))))]", + "_playbookcontentProductId6": "[concat(take(variables('_solutionId'),50),'-','lc','-', uniqueString(concat(variables('_solutionId'),'-','LogicAppsCustomConnector','-',variables('_playbookContentId6'),'-', variables('playbookVersion6'))))]", "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" }, "resources": [ @@ -492,7 +500,7 @@ } ], "metadata": { - "title": "RecordedFutureIdentity-add-EntraID-security-group-user", + "title": "RFI-add-EntraID-security-group-user", "description": "This playbook adds a compromised user to an EntraID security group. Triage and remediation should be handled in follow up playbooks or actions.", "lastUpdateTime": "2024-04-17T00:00:00Z", "tags": [ @@ -510,7 +518,7 @@ "version": "1.1", "title": "Updates", "notes": [ - "Solution update." + "Solution update. Change PlaybookName prefix to RFI." ] } ] @@ -972,7 +980,7 @@ } ], "metadata": { - "title": "RecordedFutureIdentity-confirm-EntraID-risky-user", + "title": "RFI-confirm-EntraID-risky-user", "description": "This playbook confirms compromise of users deemed 'high risk' by EntraID.", "lastUpdateTime": "2024-04-16T00:00:00Z", "tags": [ @@ -990,7 +998,7 @@ "version": "1.1", "title": "Updates", "notes": [ - "Solution update." + "Solution update. Change PlaybookName prefix to RFI." ] } ] @@ -1026,14 +1034,21 @@ "PlaybookName": { "defaultValue": "RFI-lookup-and-save-user", "type": "string" + }, + "IdentityCustomConnectorName": { + "defaultValue": "RFI-CustomConnector-0.1.0", + "type": "string", + "metadata": { + "description": "Name of the logic app connector which performs Recorded Future Communication. Normaly this dont change from RFI-CustomConnector-0.1.0" + } } }, "variables": { - "LogAnalyticsDataCollectorConnectionName": "[[concat('azureloganalyticsdatacollector-', parameters('PlaybookName'))]", - "RecordedFutureIdentityConnectionName": "[[concat('recordedfutureidenti-', parameters('PlaybookName'))]", - "connection-2": "[[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',variables('workspace-location-inline'),'/managedApis/azureloganalyticsdatacollector')]", + "IdentityconnectorupdateConnectionName": "[[concat('Identityconnectorupdate-', parameters('PlaybookName'))]", + "AzureloganalyticsdatacollectorConnectionName": "[[concat('Azureloganalyticsdatacollector-', parameters('PlaybookName'))]", + "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('IdentityCustomConnectorName'))]", "_connection-2": "[[variables('connection-2')]", - "connection-3": "[[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',variables('workspace-location-inline'),'/managedApis/recordedfutureidenti')]", + "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azureloganalyticsdatacollector')]", "_connection-3": "[[variables('connection-3')]", "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", "workspace-name": "[parameters('workspace')]", @@ -1041,15 +1056,8 @@ }, "resources": [ { - "type": "Microsoft.Logic/workflows", - "apiVersion": "2019-05-01", - "name": "[[parameters('PlaybookName')]", - "location": "[[variables('workspace-location-inline')]", - "dependsOn": [ - "[[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", - "[[resourceId('Microsoft.Web/connections', variables('RecordedFutureIdentityConnectionName'))]" - ], "properties": { + "provisioningState": "Succeeded", "state": "Enabled", "definition": { "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", @@ -1063,7 +1071,7 @@ "type": "String" }, "lookup_lookback_days_default": { - "defaultValue": -365, + "defaultValue": -14, "type": "Int" } }, @@ -1091,7 +1099,7 @@ } }, "actions": { - "Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users": { + "Credential_Lookup_V2_-_Look_up_credential_data_for_one_or_more_users": { "type": "ApiConnection", "inputs": { "body": { @@ -1104,16 +1112,16 @@ }, "host": { "connection": { - "name": "@parameters('$connections')['recordedfutureidenti']['connectionId']" + "name": "@parameters('$connections')['IdentityConnectorUpdate']['connectionId']" } }, "method": "post", - "path": "/credentials/lookup" + "path": "/v2/credentials/lookup" } }, "Response_-_Failed_to_get_Lookup_data": { "runAfter": { - "Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users": [ + "Credential_Lookup_V2_-_Look_up_credential_data_for_one_or_more_users": [ "Failed" ] }, @@ -1123,7 +1131,7 @@ "body": { "data": { "lookup_lookback_date": "@formatDateTime(addDays(utcNow(), if(equals(triggerBody()?['lookup_lookback_days'], null), parameters('lookup_lookback_days_default'), triggerBody()?['lookup_lookback_days'])), 'yyyy-MM-dd')", - "lookup_results": "@body('Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users')", + "lookup_results": "@body('Credential_Lookup_V2_-_Look_up_credential_data_for_one_or_more_users')", "lookup_results_log_analytics_custom_log_name": "@if(equals(triggerBody()?['lookup_results_log_analytics_custom_log_name'], null), parameters('lookup_results_log_analytics_custom_log_name_default'), triggerBody()?['lookup_results_log_analytics_custom_log_name'])", "parameters_passed": { "lookup_lookback_days": "@triggerBody()?['lookup_lookback_days']", @@ -1191,7 +1199,7 @@ "body": { "data": { "lookup_lookback_date": "@formatDateTime(addDays(utcNow(), if(equals(triggerBody()?['lookup_lookback_days'], null), parameters('lookup_lookback_days_default'), triggerBody()?['lookup_lookback_days'])), 'yyyy-MM-dd')", - "lookup_results": "@body('Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users')", + "lookup_results": "@body('Credential_Lookup_V2_-_Look_up_credential_data_for_one_or_more_users')", "lookup_results_log_analytics_custom_log_name": "@if(equals(triggerBody()?['lookup_results_log_analytics_custom_log_name'], null), parameters('lookup_results_log_analytics_custom_log_name_default'), triggerBody()?['lookup_results_log_analytics_custom_log_name'])", "parameters_passed": { "lookup_lookback_days": "@triggerBody()?['lookup_lookback_days']", @@ -1259,7 +1267,7 @@ "body": { "data": { "lookup_lookback_date": "@formatDateTime(addDays(utcNow(), if(equals(triggerBody()?['lookup_lookback_days'], null), parameters('lookup_lookback_days_default'), triggerBody()?['lookup_lookback_days'])), 'yyyy-MM-dd')", - "lookup_results": "@body('Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users')", + "lookup_results": "@body('Credential_Lookup_V2_-_Look_up_credential_data_for_one_or_more_users')", "lookup_results_log_analytics_custom_log_name": "@if(equals(triggerBody()?['lookup_results_log_analytics_custom_log_name'], null), parameters('lookup_results_log_analytics_custom_log_name_default'), triggerBody()?['lookup_results_log_analytics_custom_log_name'])", "parameters_passed": { "lookup_lookback_days": "@triggerBody()?['lookup_lookback_days']", @@ -1319,14 +1327,14 @@ }, "type": "ApiConnection", "inputs": { - "body": "@{body('Credential_Lookup_-_Look_up_credential_data_for_one_or_more_users')}", + "body": "@{body('Credential_Lookup_V2_-_Look_up_credential_data_for_one_or_more_users')}", "headers": { "Log-Type": "@{if(equals(triggerBody()?['lookup_results_log_analytics_custom_log_name'], null), parameters('lookup_results_log_analytics_custom_log_name_default'), triggerBody()?['lookup_results_log_analytics_custom_log_name'])}", "time-generated-field": "@{utcNow()}" }, "host": { "connection": { - "name": "@parameters('$connections')['azureloganalyticsdatacollector']['connectionId']" + "name": "@parameters('$connections')['azureloganalyticsdatacollector_1']['connectionId']" } }, "method": "post", @@ -1338,46 +1346,61 @@ "parameters": { "$connections": { "value": { - "azureloganalyticsdatacollector": { - "connectionId": "[[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", - "connectionName": "[[variables('LogAnalyticsDataCollectorConnectionName')]", - "id": "[[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',variables('workspace-location-inline'),'/managedApis/azureloganalyticsdatacollector')]" + "IdentityConnectorUpdate": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('IdentityconnectorupdateConnectionName'))]", + "connectionName": "[[variables('IdentityconnectorupdateConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('IdentityCustomConnectorName'))]" }, - "recordedfutureidenti": { - "connectionId": "[[resourceId('Microsoft.Web/connections', variables('RecordedFutureIdentityConnectionName'))]", - "connectionName": "[[variables('RecordedFutureIdentityConnectionName')]", - "id": "[[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',variables('workspace-location-inline'),'/managedApis/recordedfutureidenti')]" + "azureloganalyticsdatacollector_1": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureloganalyticsdatacollectorConnectionName'))]", + "connectionName": "[[variables('AzureloganalyticsdatacollectorConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azureloganalyticsdatacollector')]" } } } } }, + "name": "[[parameters('PlaybookName')]", + "type": "Microsoft.Logic/workflows", + "location": "[[variables('workspace-location-inline')]", "tags": { + "hidden-SentinelTemplateName": "RFI-lookup-and-save-user", + "hidden-SentinelTemplateVersion": "1.2", "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" - } + }, + "identity": { + "type": "SystemAssigned" + }, + "apiVersion": "2017-07-01", + "dependsOn": [ + "[[resourceId('Microsoft.Web/connections', variables('IdentityconnectorupdateConnectionName'))]", + "[[resourceId('Microsoft.Web/connections', variables('AzureloganalyticsdatacollectorConnectionName'))]" + ] }, { "type": "Microsoft.Web/connections", - "apiVersion": "2018-07-01-preview", - "name": "[[variables('LogAnalyticsDataCollectorConnectionName')]", + "apiVersion": "2016-06-01", + "name": "[[variables('IdentityconnectorupdateConnectionName')]", "location": "[[variables('workspace-location-inline')]", + "kind": "V1", "properties": { + "displayName": "[[variables('IdentityconnectorupdateConnectionName')]", "api": { "id": "[[variables('_connection-2')]" - }, - "displayName": "[[variables('LogAnalyticsDataCollectorConnectionName')]" + } } }, { "type": "Microsoft.Web/connections", - "apiVersion": "2018-07-01-preview", - "name": "[[variables('RecordedFutureIdentityConnectionName')]", + "apiVersion": "2016-06-01", + "name": "[[variables('AzureloganalyticsdatacollectorConnectionName')]", "location": "[[variables('workspace-location-inline')]", + "kind": "V1", "properties": { + "displayName": "[[variables('AzureloganalyticsdatacollectorConnectionName')]", "api": { "id": "[[variables('_connection-3')]" - }, - "displayName": "[[variables('RecordedFutureIdentityConnectionName')]" + } } }, { @@ -1403,14 +1426,30 @@ "email": "support@recordedfuture.com", "tier": "Partner", "link": "https://support.recordedfuture.com/" + }, + "dependencies": { + "criteria": [ + { + "kind": "LogicAppsCustomConnector", + "contentId": null, + "version": null + } + ] } } } ], "metadata": { - "title": "RecordedFutureIdentity-lookup-and-save-user", + "title": "RFI-lookup-and-save-user", "description": "This playbook gets compromise identity details from Recorded Future Identity Intelligence and saves the data for further review and analysis.", - "lastUpdateTime": "2024-04-16T00:00:00Z", + "prerequisites": [ + "The custom connector RFI-CustomConnector-0.1.0 have to be deployed under the same subscription.", + "To use the Recorded Future for Azure connector, you will need a valid API token from Recorded Future as described in the [documentation](https://learn.microsoft.com/en-us/connectors/recordedfuturev2/#how-to-get-credentials)" + ], + "postDeployment": [ + "After deployment, open the playbook to configure all connections and press save." + ], + "lastUpdateTime": "2024-05-17T01:00:00Z", "tags": [ "Identity protection" ], @@ -1426,7 +1465,14 @@ "version": "1.1", "title": "Updates", "notes": [ - "Solution update." + "Solution update. Change PlaybookName prefix to RFI." + ] + }, + { + "version": "1.2", + "title": "Identity endpoint update", + "notes": [ + "Updated lookup envpoint to new version. Structure of data in the lookup_results_log_analytics_custom_log_name " ] } ] @@ -1740,7 +1786,7 @@ "inputs": "[variables('TemplateEmptyObject')]", "description": "This block is needed only to create 3 branches in this For each loop." }, - "RecordedFutureIdentity-add-EntraID-security-group-user": { + "RFI-add-EntraID-security-group-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -1764,7 +1810,7 @@ } } }, - "RecordedFutureIdentity-lookup-and-save-user": { + "RFI-lookup-and-save-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -1788,7 +1834,7 @@ } } }, - "RecordedFutureIdentity-confirm-EntraID-risky-user": { + "RFI-confirm-EntraID-risky-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -2140,8 +2186,8 @@ } ], "metadata": { - "title": "RecordedFutureIdentity-search-workforce-user", - "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised workforce users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-EntraID-security-group-user\n- RecordedFutureIdentity-confirm-EntraID-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", + "title": "RFI-search-workforce-user", + "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised workforce users.\n\nThis playbook depends on:\n- RFI-add-EntraID-security-group-user\n- RFI-confirm-EntraID-risky-user\n- RFI-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", "lastUpdateTime": "2024-04-16T00:00:00Z", "tags": [ "Identity protection" @@ -2158,7 +2204,7 @@ "version": "1.1", "title": "Updates", "notes": [ - "Added subscriptionId as a parameter and updated solution to match V3." + "Added subscriptionId as a parameter and updated solution to match V3. Change PlaybookName prefix to RFI." ] } ] @@ -2382,7 +2428,7 @@ "inputs": "[variables('TemplateEmptyObject')]", "description": "This block is needed only to create 3 branches in this For each loop." }, - "RecordedFutureIdentity-add-EntraID-security-group-user": { + "RFI-add-EntraID-security-group-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -2406,7 +2452,7 @@ } } }, - "RecordedFutureIdentity-confirm-EntraID-risky-user": { + "RFI-confirm-EntraID-risky-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -2429,7 +2475,7 @@ } } }, - "RecordedFutureIdentity-lookup-and-save-user": { + "RFI-lookup-and-save-user": { "runAfter": { "Current_time": [ "Succeeded" @@ -2668,8 +2714,8 @@ } ], "metadata": { - "title": "RecordedFutureIdentity-search-external-user", - "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users.\n\nThis playbook depends on:\n- RecordedFutureIdentity-add-EntraID-security-group-user\n- RecordedFutureIdentity-confirm-EntraID-risky-user\n- RecordedFutureIdentity-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", + "title": "RFI-search-external-user", + "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users.\n\nThis playbook depends on:\n- RFI-add-EntraID-security-group-user\n- RFI-confirm-EntraID-risky-user\n- RFI-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", "lastUpdateTime": "2024-04-16T00:00:00Z", "tags": [ "Identity protection" @@ -2686,7 +2732,7 @@ "version": "1.1", "title": "Updates", "notes": [ - "Added subscriptionId as a parameter and updated solution to match V3." + "Added subscriptionId as a parameter and updated solution to match V3. Change PlaybookName prefix to RFI." ] } ] @@ -2705,6 +2751,1900 @@ "version": "[variables('playbookVersion5')]" } }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('playbookTemplateSpecName6')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "RFI-CustomConnector-0.1.0 Playbook with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('playbookVersion6')]", + "parameters": { + "ConnectorName": { + "defaultValue": "RFI-CustomConnector-0.1.0", + "type": "String", + "metadata": { + "description": "Recorded Future Identity Custom Connector 0.1.0" + } + }, + "ServiceEndpoint": { + "defaultValue": "https://api.recordedfuture.com/gw/azure-identity", + "type": "String", + "metadata": { + "description": "Recorded Future Identity API" + } + } + }, + "variables": { + "operationId-Credential_Lookup": "Credential_Lookup", + "_operationId-Credential_Lookup": "[[variables('operationId-Credential_Lookup')]", + "operationId-Credential_Search": "Credential_Search", + "_operationId-Credential_Search": "[[variables('operationId-Credential_Search')]", + "operationId-Credential_Lookup_V2": "Credential_Lookup_V2", + "_operationId-Credential_Lookup_V2": "[[variables('operationId-Credential_Lookup_V2')]", + "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", + "playbookContentId6": "RFI-CustomConnector-0.1.0", + "playbookId6": "[[resourceId('Microsoft.Web/customApis', parameters('ConnectorName'))]", + "workspace-name": "[parameters('workspace')]", + "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/customApis", + "apiVersion": "2016-06-01", + "name": "[[parameters('ConnectorName')]", + "location": "[[variables('workspace-location-inline')]", + "properties": { + "connectionParameters": { + "api_key": { + "type": "securestring" + } + }, + "backendService": { + "serviceUrl": "[[parameters('ServiceEndPoint')]" + }, + "capabilities": "[variables('TemplateEmptyArray')]", + "brandColor": "#FFFFFF", + "description": "Recorded Future Identity Connector enables access to the Recorded Future Identity Intelligence. The connector has dedicated actions for search and lookup of identity leaks.", + "displayName": "[[parameters('ConnectorName')]", + "iconUri": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEBLAEsAAD/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsKCwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT/wAARCAAoADADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9U6a7rGpZ2CqoyWY4Ap1YXjjwXpvxC8K6h4d1hZX02+QJMIZDG+AwYYYdOVFVHlckpOyJlzKLcVdniXxW8VeJvF/ir4ofD2wSO4tY/Cq3NnBGoWRpnIDfOSOoYjB44Fa/wz8ZeIdL+JujeAdRaOKwsfBlreSwsoMi3IKoxL55GMj04rzjx5p+m+G/id8VYLnT573RbLwLbxfZlnaNpI1KKq+bgkH5evPQ9a0PBvh3S/GPxkt9LaznttC1L4b20HkeczOkLuo2+ZwSQOM98V9U6VP6va3u8t9uvLHXff8Aq58sqtT6xe/vc1t+nNLTbb+rH1SrBlDKQVIyCOhpay/C/h2z8I+HdN0TTldbHT4Et4RI5dtijAyT1NalfKStd22Pqo3sr7nnvgr45eHPHV5pttaRanYtqkTS6fJqNi8Ed4qrubynPysQuTjOcAntXZnXtMXT5b86jaCxiJEl156+UhBwctnA5r5TH7OvifRfBOjLNczCb/hHLmxmGpaqDBol2y482PL7QjoWiOzO3dkcE1f0H4X3mrXMGsaZpFtqlpYX9rPeeG21LT2ju1SKZAwjt0WFWUyAgu2X2c7doz79TBYVtypVNPl3+W//AAdmeDTxuKVo1aer9e36f8DdM+ifFcHhzxN4fk0jWbq0fTtciNsqtciM3KsOkbAgk88bfWrGlz6D4d0yHT7S7s7a1023WAI1wpMMSYQBiTnAIAye9fP2tfBTxBcR6o0fgfSXj1jR20+zs471CmhSmaV/My/Y+YrHys4ZMAYwaZo/7P2t6R4atJr3QbXXtVtfFEuoXtvNLEJNVs8MEy7HafmIkCOQMjnmsvq1Dks62l9tP8/l/wAA1+s1ue6o6231/wAvn/wT3vQPiDofiK3vp7a8WGKz1CXS3e5IjDTxkBlUk/N14x1pvj34iaH8N/D9/rGs3Oy3so0llihw82xpFjDBM5I3MBmvmiP4C+KbCbUtQv8AQUXRZrjURFosNzYlbRZpFZJQ06tGqlRsJXDrsGARxVjx58BPFGo+B/FWj2nhm38R6rqS2Mun6/PqMLTQRRRwI1vvcIxI8t8EBVYOScH5TqsDhPaxvV9266rur63+f5XMnjcV7OVqT5rdn2dtLf11se2ftIK0nwJ8bKqlmOmyYAGT2ri4G1P4ReKPB8usnRdK0XUJLqK8k8O6W9vDIwgBt1mA3Fm3b9vuSO9FFZ4P36caL2k5X/8AAUaYz3akqq3io2/8CZ5HbeIvEqre+JTrusp4ivPCIuLRe87x3cgkVV28lI13kDkEk+1d/rHxE1fxz8XF0vQPE2o2nhu91CwgjuLJNn7t7K6eTyy6d2jX5scEcdKKK9+rShyzqWV0nbRd1+VvxZ4NKrNShTu7Nq+r7frfX5D/AId674p8U+NINJ1/VpJmmubuHVdFupHdo4Yy/kMsS2wEJBWI+Y0pEgJ6lgB9JWtvHZ28UES7Yo1CKMk8D3NFFfN5laNSKirK1z6PLbypycnd3t+R/9k=", + "swagger": { + "swagger": "2.0", + "info": { + "title": "Recorded Future Identity", + "description": "The Recorded Future Identity Intelligence Connector enables security and IT\nteams to detect identity compromises, for both employees and customers. To\ndo this, Recorded Future automates the collection, analysis, and production\nof identity intelligence from a vast range of sources. Through this\nconnector, organizations can incorporate identity intelligence into\nautomated workflows (e.g., password resets) with applications such as Azure\nActive Directory and Microsoft Sentinel.", + "contact": { + "name": "Recorded Future Support", + "url": "https://support.recordedfuture.com", + "email": "support@recordedfuture.com" + }, + "version": "0.1.0" + }, + "host": "api.recordedfuture.com", + "basePath": "/gw/azure-identity", + "schemes": [ + "https" + ], + "consumes": "[variables('TemplateEmptyArray')]", + "produces": "[variables('TemplateEmptyArray')]", + "paths": { + "/credentials/lookup": { + "post": { + "tags": [ + "Identity" + ], + "summary": "Credential Lookup - Look up credential data for one or more users", + "description": "Look up exposed credential data for a specific set of subjects", + "operationId": "[[variables('_operationId-Credential_Lookup')]", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "body", + "name": "body", + "schema": { + "$ref": "#/definitions/CredentialsLookupRequest" + } + } + ], + "responses": { + "200": { + "description": "Returns detailed information on the exposed credentials", + "schema": { + "type": "object", + "properties": { + "exposed_credentials": { + "title": "Exposed credentials", + "description": "List of exposed credentials", + "type": "array", + "items": { + "type": "object", + "properties": { + "clear_text_hint": { + "description": "First two letters of the exposed secret. Only available for secrets exposed in clear text", + "type": "string", + "example": "s5", + "x-ms-visibility": "important" + }, + "dumps": { + "description": "List of data dumps in which the signature has been involved.", + "type": "array", + "items": { + "type": "object", + "properties": { + "breaches": { + "description": "List of data breaches related to the dump", + "type": "array", + "items": { + "type": "object", + "properties": { + "breached": { + "type": "string", + "example": "2016-06-01T00:00:00Z", + "x-ms-visibility": "important" + }, + "description": { + "type": "string", + "example": "Evony.com reportedly suffered data breaches in June and August 2016, resulting in the exposure of over 34 million user accounts.", + "x-ms-visibility": "important" + }, + "domain": { + "type": "string", + "example": "evony.com", + "x-ms-visibility": "important" + }, + "name": { + "type": "string", + "example": "Evony", + "x-ms-visibility": "important" + }, + "precision": { + "type": "string", + "example": "month", + "x-ms-visibility": "important" + }, + "site_description": { + "type": "string", + "example": "Evony.com is the website of Evony LLC, which develops browser and mobile-based online games.", + "x-ms-visibility": "important" + }, + "start": { + "type": "string", + "example": "2016-06-01T00:00:00Z", + "x-ms-visibility": "important" + }, + "stop": { + "type": "string", + "example": "2016-08-31T23:59:59Z", + "x-ms-visibility": "important" + }, + "type": { + "type": "string", + "example": "Breach", + "x-ms-visibility": "important" + } + } + } + }, + "description": { + "description": "Description of the dump", + "type": "string", + "example": "This credential data was derived from stealer malware logs. These logs were obtained through Recorded Future\\u2019s proprietary sources.", + "x-ms-visibility": "important" + }, + "downloaded": { + "description": "Date when the dump was downloaded", + "type": "string", + "example": "2021-07-23T00:00:00Z", + "x-ms-visibility": "important" + }, + "name": { + "description": "Name of the dump", + "type": "string", + "example": "XSS.is Dump 2021", + "x-ms-visibility": "important" + }, + "type": { + "description": "Type of the dump", + "type": "string", + "example": "Combo List", + "x-ms-visibility": "important" + } + } + } + }, + "exposed_secret_format": { + "description": "Format of the exposed secret. Either the hash algorithm or clear for cleartext.", + "type": "string", + "example": "clear", + "x-ms-visibility": "important" + }, + "first_seen": { + "description": "Date when the signature was first seen exposed", + "type": "string", + "example": "2021-07-23T00:00:00Z", + "x-ms-visibility": "important" + }, + "last_seen": { + "description": "Date when the signature was last seen exposed", + "type": "string", + "example": "2021-07-23T00:00:00Z", + "x-ms-visibility": "important" + }, + "malware_family": { + "title": "Malware family", + "description": "Family of malware used to extract the credentials", + "type": "string", + "example": "RedLine Stealer", + "x-ms-visibility": "important" + }, + "secret_hashes": { + "description": "List of known hashes of the exposed secret. Calculated by Recorded Future if the secret was exposed in clear text.", + "type": "array", + "items": { + "type": "object", + "properties": { + "algorithm": { + "title": "algorithm", + "description": "Hash algorithm used", + "type": "string", + "example": "SHA1", + "x-ms-visibility": "important" + }, + "hash": { + "title": "hash", + "description": "Hash value", + "type": "string", + "example": "a7862e41d43a09e0297f197ec4673ad2c0e0d43c", + "x-ms-visibility": "important" + } + } + } + }, + "secret_properties": { + "description": "Properties of the clear text", + "type": "array", + "items": { + "type": "string", + "example": "Letter", + "x-ms-visibility": "important" + }, + "x-ms-visibility": "important" + }, + "secret_rank": { + "description": "Any common password collections the password is part of", + "type": "string", + "example": "Top100kCommonPasswords", + "x-ms-visibility": "important" + }, + "signature": { + "title": "signature", + "description": "Requested signature", + "type": "string", + "example": "06regq@www.google.com", + "x-ms-visibility": "important" + } + } + } + } + } + } + }, + "401": { + "description": "Authorization token is missing", + "schema": { + "$ref": "#/definitions/401Error" + } + }, + "403": { + "description": "Provided token is not authorized to use the API.", + "schema": { + "$ref": "#/definitions/403Error" + } + } + }, + "security": [ + { + "ApiKeyAuth": "[variables('TemplateEmptyArray')]" + } + ], + "x-ms-api-annotation": { + "family": "Credential_Lookup", + "revision": 1 + }, + "x-ms-visibility": "important" + } + }, + "/credentials/search": { + "post": { + "tags": [ + "Identity" + ], + "summary": "Credential Search - Search credential data for one or more domains", + "description": "Search credential data exposed in data dumps and through malware logs", + "operationId": "[[variables('_operationId-Credential_Search')]", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "body", + "name": "body", + "schema": { + "type": "object", + "properties": { + "domain_type": { + "title": "Credential type", + "description": "Select credential type", + "default": "My Organization (workforce use case)", + "enum": [ + "My Organization (workforce use case)", + "Customer (external use case)" + ], + "type": "string", + "example": "My Organization (workforce use case)", + "x-ms-visibility": "important" + }, + "domains": { + "title": "Domains", + "description": "List of domains to search", + "type": "array", + "items": { + "title": "Domain", + "description": "A domain owned by your organization", + "type": "string", + "example": "google.com", + "x-ms-visibility": "important" + }, + "x-ms-visibility": "important" + }, + "filter": { + "type": "object", + "properties": { + "breach_properties": { + "$ref": "#/definitions/BreachProperties" + }, + "dump_properties": { + "$ref": "#/definitions/DumpProperties" + }, + "latest_downloaded_gte": { + "format": "date-time", + "title": "From", + "description": "YYYY-MM-DD (until today)", + "type": "string", + "example": "2017-07-21T19:32:28+02:00", + "x-ms-visibility": "important" + }, + "properties": { + "$ref": "#/definitions/CredentialProperties" + } + } + }, + "limit": { + "title": "Results", + "description": "Maxiumum number of results", + "default": 500, + "type": "number", + "example": 10, + "x-ms-visibility": "advanced" + }, + "offset": { + "title": "Offset", + "description": "Records from offset", + "type": "string", + "example": "eyJzdWJqZWN0IjpudWxsLCJsb2dpbiI6IjU2MDQwMjQ5MjUxIiwiYXV0aG9yaXphdGlvbl9zZXJ2aWNlIjoiZ29vZ2xlLmNvbSJ9", + "x-ms-visibility": "advanced" + } + } + } + } + ], + "responses": { + "200": { + "description": "Returns a list exposed credentials related to the searched domains", + "schema": { + "type": "object", + "properties": { + "count": { + "title": "Count", + "description": "Number of returned credentials", + "type": "number", + "example": 2, + "x-ms-visibility": "important" + }, + "credential_dumps": { + "title": "Credential dumps", + "description": "List of credentials exposed in data dumps", + "type": "array", + "items": { + "type": "string", + "example": "test@domain.com", + "x-ms-visibility": "important" + } + }, + "malware_logs": { + "title": "Malware logs", + "description": "List of credentials exposed through malware logs", + "type": "array", + "items": { + "type": "object", + "properties": { + "domain": { + "title": "Domain", + "description": "Login domain", + "type": "string", + "example": "www.domain.com", + "x-ms-visibility": "important" + }, + "login": { + "title": "Login", + "description": "Login username", + "type": "string", + "example": "testuser", + "x-ms-visibility": "important" + } + } + } + }, + "next_offset": { + "title": "Next offset", + "description": "Offset used to request succeeding records", + "type": "string", + "example": "eyJzdWJqZWN0IjpudWxsLCJsb2dpbiI6IjU2MDQwMjQ5MjUxIiwiYXV0aG9yaXphdGlvbl9zZXJ2aWNlIjoiZ29vZ2xlLmNvbSJ9", + "x-ms-visibility": "important" + } + } + } + }, + "401": { + "description": "Authorization token is missing", + "schema": { + "$ref": "#/definitions/401Error" + } + }, + "403": { + "description": "Provided token is not authorized to use the API.", + "schema": { + "$ref": "#/definitions/403Error" + } + } + }, + "security": [ + { + "ApiKeyAuth": "[variables('TemplateEmptyArray')]" + } + ], + "x-ms-visibility": "important" + } + }, + "/v2/credentials/lookup": { + "post": { + "tags": [ + "Identity" + ], + "summary": "Credential Lookup V2 - Look up credential data for one or more users", + "description": "Look up exposed credential data for a specific set of subjects", + "operationId": "[[variables('_operationId-Credential_Lookup_V2')]", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "body", + "name": "body", + "schema": { + "$ref": "#/definitions/CredentialsLookupRequest" + } + } + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/LookupResponse" + } + } + }, + "security": [ + { + "ApiKeyAuth": "[variables('TemplateEmptyArray')]" + } + ], + "x-ms-api-annotation": { + "family": "Credential_Lookup", + "revision": 2 + }, + "x-ms-visibility": "important" + } + } + }, + "definitions": { + "401Error": { + "type": "object", + "properties": { + "error": { + "type": "object", + "properties": { + "status": { + "type": "number", + "example": 401 + } + } + } + } + }, + "403Error": { + "type": "object", + "properties": { + "code": { + "type": "number", + "example": 403 + }, + "error": { + "type": "object", + "properties": { + "message": { + "type": "string", + "example": "Not Authenticated" + }, + "status": { + "type": "string", + "example": "fail" + } + } + } + } + }, + "CredentialProperties": { + "description": "Filter on credential properties", + "type": "array", + "items": { + "description": "Credentials must include", + "enum": [ + "Letter", + "Number", + "Symbol", + "UpperCase", + "LowerCase", + "MixedCase", + "AtLeast8Characters", + "AtLeast12Characters", + "AtLeast16Characters", + "AtLeast24Characters" + ], + "type": "string", + "example": "Letter" + }, + "x-ms-visibility": "advanced" + }, + "AuthorizationService": { + "type": "object", + "properties": { + "domain": { + "type": "string" + }, + "fqdn": { + "type": "string" + }, + "protocols": { + "type": "array", + "items": { + "type": "string" + } + }, + "technology": { + "type": "array", + "items": { + "$ref": "#/definitions/Technology" + } + }, + "url": { + "type": "string" + } + } + }, + "BreachMetadata": { + "type": "object", + "properties": { + "breached": { + "format": "date-time", + "type": "string" + }, + "description": { + "type": "string" + }, + "domain": { + "type": "string" + }, + "name": { + "type": "string" + }, + "precision": { + "enum": [ + "year", + "month", + "day" + ], + "type": "string" + }, + "site_description": { + "type": "string" + }, + "start": { + "format": "date-time", + "type": "string" + }, + "stop": { + "format": "date-time", + "type": "string" + }, + "type": { + "type": "string" + } + } + }, + "BreachProperties": { + "type": "object", + "properties": { + "date": { + "format": "date-time", + "description": "YYYY-MM-DD (until today)", + "type": "string", + "example": "2022-02-08T11:32:37.951+01:00" + }, + "name": { + "type": "string", + "example": "Cit0day" + } + }, + "x-ms-visibility": "advanced" + }, + "CleartextPasswordDetails": { + "type": "object", + "properties": { + "clear_text_hint": { + "description": "First two characters of the cleartext password", + "type": "string" + }, + "clear_text_value": { + "description": "The password as clear text", + "type": "string" + }, + "properties": { + "description": "Properties exhibited by the password", + "type": "array", + "items": { + "enum": [ + "Letter", + "Number", + "Symbol", + "UpperCase", + "LowerCase", + "MixedCase", + "AtLeast8Characters", + "AtLeast10Characters", + "AtLeast12Characters", + "AtLeast16Characters", + "AtLeast24Characters", + "Cookies", + "UnexpiredCookies", + "AuthorizationTechnology", + "MalwareOnly" + ], + "type": "string" + } + }, + "rank": { + "description": "A ranking of how common this password is", + "enum": [ + "Top100kCommonPasswords", + "TopMillionCommonPasswords" + ], + "type": "string" + } + } + }, + "Compromise": { + "type": "object", + "properties": { + "antivirus": { + "type": "array", + "items": { + "type": "string" + } + }, + "computer_name": { + "type": "string" + }, + "exfiltration_date": { + "format": "date-time", + "type": "string" + }, + "malware_file": { + "type": "string" + }, + "os": { + "type": "string" + }, + "os_username": { + "type": "string" + }, + "timezone": { + "type": "string" + }, + "uac": { + "type": "string" + } + } + }, + "Cookie": { + "type": "object", + "properties": { + "dns": { + "type": "string" + }, + "expiration": { + "format": "date-time", + "type": "string" + }, + "http": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "secure": { + "type": "boolean" + } + } + }, + "CountryCodeMappingModel": { + "type": "object", + "properties": { + "alpha2Code": { + "type": "string" + }, + "alpha3Code": { + "type": "string" + }, + "countryCode": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "Credentials": { + "type": "object", + "properties": { + "authorization_service": { + "type": "object", + "properties": { + "domain": { + "type": "string" + }, + "fqdn": { + "type": "string" + }, + "protocols": { + "type": "array", + "items": { + "type": "string" + } + }, + "technology": { + "type": "array", + "items": { + "$ref": "#/definitions/Technology" + } + }, + "url": { + "type": "string" + } + } + }, + "compromise": { + "type": "object", + "properties": { + "exfiltration_date": { + "format": "date-time", + "type": "string" + } + } + }, + "cookies": { + "type": "array", + "items": { + "$ref": "#/definitions/Cookie" + } + }, + "dumps": { + "type": "array", + "items": { + "$ref": "#/definitions/DumpMetadata" + } + }, + "exposed_secret": { + "$ref": "#/definitions/SecretDetails" + }, + "first_downloaded": { + "format": "date-time", + "type": "string" + }, + "latest_downloaded": { + "format": "date-time", + "type": "string" + }, + "malware_family": { + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "subject": { + "type": "string" + } + } + }, + "CredentialsLookupRequest": { + "type": "object", + "properties": { + "filter": { + "type": "object", + "properties": { + "authorization_protocols": { + "description": "Only include credentials with these authorization protocols", + "type": "array", + "items": { + "type": "string" + }, + "x-ms-visibility": "important" + }, + "authorization_technologies": { + "description": "Only include credentials with these authorization technologies", + "type": "array", + "items": { + "type": "string" + }, + "x-ms-visibility": "important" + }, + "breach_properties": { + "description": "Only include credentials from breaches that exhibit these properties", + "type": "object", + "properties": { + "date": { + "format": "date-time", + "type": "string" + }, + "name": { + "type": "string" + } + }, + "x-ms-visibility": "important" + }, + "dump_properties": { + "description": "Only include credentials from dumps that exhibit these properties", + "type": "object", + "properties": { + "date": { + "format": "date-time", + "type": "string" + }, + "name": { + "type": "string" + } + }, + "x-ms-visibility": "important" + }, + "exfiltration_date_gte": { + "format": "date-time", + "description": "YYYY-MM-DD (until today)", + "type": "string", + "x-ms-visibility": "important" + }, + "first_downloaded_gte": { + "format": "date-time", + "description": "YYYY-MM-DD (until today)", + "type": "string", + "x-ms-visibility": "important" + }, + "latest_downloaded_gte": { + "format": "date-time", + "description": "YYYY-MM-DD (until today)", + "type": "string", + "x-ms-visibility": "important" + }, + "malware_families": { + "description": "Only include credentials with these malware families", + "type": "array", + "items": { + "type": "string" + }, + "x-ms-visibility": "important" + }, + "properties": { + "description": "Only include breaches of passwords that exhibit these properties", + "type": "array", + "items": { + "enum": [ + "Letter", + "Number", + "Symbol", + "UpperCase", + "LowerCase", + "MixedCase", + "AtLeast8Characters", + "AtLeast10Characters", + "AtLeast12Characters", + "AtLeast16Characters", + "AtLeast24Characters", + "Cookies", + "UnexpiredCookies", + "AuthorizationTechnology", + "MalwareOnly" + ], + "type": "string" + }, + "x-ms-visibility": "important" + }, + "username_properties": { + "description": "Only include credentials with these username properties", + "type": "array", + "items": { + "enum": [ + "Email" + ], + "type": "string" + }, + "x-ms-visibility": "important" + } + } + }, + "organization_id": { + "type": "string", + "x-ms-visibility": "important" + }, + "subjects": { + "title": "Emails", + "description": "List of email addresses to look up", + "type": "array", + "items": { + "description": "An email-address with exposed credentials", + "type": "string", + "x-ms-visibility": "important" + }, + "x-ms-visibility": "important" + }, + "subjects_login": { + "title": "Credential with auth domain", + "description": "List of breached domain users to look up", + "type": "array", + "items": { + "$ref": "#/definitions/DomainLogin" + }, + "x-ms-visibility": "important" + }, + "subjects_sha1": { + "title": "Hashed emails", + "description": "List of hashed email addresses to look up", + "type": "array", + "items": { + "description": "The SHA1 hash of an email-address with exposed credentials", + "type": "string", + "x-ms-visibility": "advanced" + }, + "x-ms-visibility": "advanced" + } + } + }, + "CredentialsSearchRequest": { + "type": "object", + "properties": { + "domain_types": { + "type": "array", + "items": { + "enum": [ + "Authorization", + "Email" + ], + "type": "string" + } + }, + "domains": { + "type": "array", + "items": { + "type": "string" + } + }, + "filter": { + "type": "object", + "properties": { + "authorization_protocols": { + "description": "Only include credentials with these authorization protocols", + "type": "array", + "items": { + "type": "string" + } + }, + "authorization_technologies": { + "description": "Only include credentials with these authorization technologies", + "type": "array", + "items": { + "type": "string" + } + }, + "breach_properties": { + "description": "Only include credentials from breaches that exhibit these properties", + "type": "object", + "properties": { + "date": { + "format": "date-time", + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "dump_properties": { + "description": "Only include credentials from dumps that exhibit these properties", + "type": "object", + "properties": { + "date": { + "format": "date-time", + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "exfiltration_date_gte": { + "format": "date-time", + "description": "Only include exfiltrations this time onwards", + "type": "string" + }, + "first_downloaded_gte": { + "format": "date-time", + "description": "Only include breaches this time onwards", + "type": "string" + }, + "latest_downloaded_gte": { + "format": "date-time", + "description": "Only include breaches this time onwards", + "type": "string" + }, + "malware_families": { + "description": "Only include credentials with these malware families", + "type": "array", + "items": { + "type": "string" + } + }, + "properties": { + "description": "Only include breaches of passwords that exhibit these properties", + "type": "array", + "items": { + "enum": [ + "Letter", + "Number", + "Symbol", + "UpperCase", + "LowerCase", + "MixedCase", + "AtLeast8Characters", + "AtLeast10Characters", + "AtLeast12Characters", + "AtLeast16Characters", + "AtLeast24Characters", + "Cookies", + "UnexpiredCookies", + "AuthorizationTechnology", + "MalwareOnly" + ], + "type": "string" + } + }, + "username_properties": { + "description": "Only include credentials with these username properties", + "type": "array", + "items": { + "enum": [ + "Email" + ], + "type": "string" + } + } + } + }, + "limit": { + "type": "integer" + }, + "offset": { + "type": "string" + }, + "organization_id": { + "type": "string" + } + } + }, + "DeprecatedCompromise": { + "type": "object", + "properties": { + "exfiltration_date": { + "format": "date-time", + "type": "string" + } + } + }, + "DomainLogin": { + "type": "object", + "properties": { + "domain": { + "description": "domain.com", + "type": "string", + "x-ms-visibility": "important" + }, + "login": { + "description": "Either input username or hash of username", + "type": "string", + "x-ms-visibility": "important" + }, + "login_sha1": { + "description": "Either input username or hash of username", + "type": "string", + "x-ms-visibility": "important" + } + } + }, + "DumpMetadata": { + "type": "object", + "properties": { + "breaches": { + "type": "array", + "items": { + "$ref": "#/definitions/BreachMetadata" + } + }, + "compromise": { + "type": "object", + "properties": { + "antivirus": { + "type": "array", + "items": { + "type": "string" + } + }, + "computer_name": { + "type": "string" + }, + "exfiltration_date": { + "format": "date-time", + "type": "string" + }, + "malware_file": { + "type": "string" + }, + "os": { + "type": "string" + }, + "os_username": { + "type": "string" + }, + "timezone": { + "type": "string" + }, + "uac": { + "type": "string" + } + } + }, + "description": { + "type": "string" + }, + "downloaded": { + "format": "date-time", + "type": "string" + }, + "infrastructure": { + "type": "object", + "properties": { + "ip": { + "type": "string" + } + } + }, + "location": { + "type": "object", + "properties": { + "address": { + "type": "string" + }, + "address1": { + "type": "string" + }, + "address2": { + "type": "string" + }, + "city": { + "type": "string" + }, + "country": { + "type": "object", + "properties": { + "alpha2Code": { + "type": "string" + }, + "alpha3Code": { + "type": "string" + }, + "countryCode": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "postal_code": { + "type": "string" + }, + "state": { + "type": "string" + }, + "zip": { + "type": "string" + } + } + }, + "name": { + "type": "string" + }, + "type": { + "type": "string" + } + } + }, + "DumpMetadataSearchRequest": { + "type": "object", + "properties": { + "limit": { + "type": "integer" + }, + "names": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "DumpProperties": { + "type": "object", + "properties": { + "date": { + "format": "date-time", + "description": "YYYY-MM-DD (until today)", + "type": "string", + "example": "2022-02-08T11:32:37.951+01:00" + }, + "name": { + "type": "string", + "example": "XSS.is Dump 2021" + } + }, + "x-ms-visibility": "advanced" + }, + "IdentityDetails": { + "type": "object", + "properties": { + "subjects": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "IdentityRequestFilter": { + "type": "object", + "properties": { + "authorization_protocols": { + "description": "Only include credentials with these authorization protocols", + "type": "array", + "items": { + "type": "string" + } + }, + "authorization_technologies": { + "description": "Only include credentials with these authorization technologies", + "type": "array", + "items": { + "type": "string" + } + }, + "breach_properties": { + "description": "Only include credentials from breaches that exhibit these properties", + "type": "object", + "properties": { + "date": { + "format": "date-time", + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "dump_properties": { + "description": "Only include credentials from dumps that exhibit these properties", + "type": "object", + "properties": { + "date": { + "format": "date-time", + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "exfiltration_date_gte": { + "format": "date-time", + "description": "Only include exfiltrations this time onwards", + "type": "string" + }, + "first_downloaded_gte": { + "format": "date-time", + "description": "Only include breaches this time onwards", + "type": "string" + }, + "latest_downloaded_gte": { + "format": "date-time", + "description": "Only include breaches this time onwards", + "type": "string" + }, + "malware_families": { + "description": "Only include credentials with these malware families", + "type": "array", + "items": { + "type": "string" + } + }, + "properties": { + "description": "Only include breaches of passwords that exhibit these properties", + "type": "array", + "items": { + "enum": [ + "Letter", + "Number", + "Symbol", + "UpperCase", + "LowerCase", + "MixedCase", + "AtLeast8Characters", + "AtLeast10Characters", + "AtLeast12Characters", + "AtLeast16Characters", + "AtLeast24Characters", + "Cookies", + "UnexpiredCookies", + "AuthorizationTechnology", + "MalwareOnly" + ], + "type": "string" + } + }, + "username_properties": { + "description": "Only include credentials with these username properties", + "type": "array", + "items": { + "enum": [ + "Email" + ], + "type": "string" + } + } + } + }, + "IncidentReportCredentials": { + "type": "object", + "properties": { + "authorization_domain": { + "type": "string" + }, + "contains_active_cookies": { + "type": "boolean" + }, + "contains_cookies": { + "type": "boolean" + }, + "contains_high_risk_technologies": { + "type": "boolean" + }, + "domain_category": { + "type": "string" + }, + "domain_technology": { + "type": "string" + }, + "email_or_login": { + "type": "string" + }, + "password": { + "type": "string" + }, + "password_sha1": { + "type": "string" + } + } + }, + "IncidentReportDetails": { + "type": "object", + "properties": { + "antivirus": { + "type": "string" + }, + "country": { + "type": "string" + }, + "exfiltration_date": { + "type": "string" + }, + "ip_address": { + "type": "string" + }, + "malware_family": { + "type": "string" + }, + "malware_file": { + "type": "string" + }, + "os": { + "type": "string" + }, + "os_username": { + "type": "string" + }, + "postal_code": { + "type": "string" + }, + "timezone": { + "type": "string" + }, + "uac": { + "type": "string" + } + } + }, + "IncidentReportRequest": { + "type": "object", + "properties": { + "include_details": { + "type": "boolean" + }, + "limit": { + "type": "integer" + }, + "offset": { + "type": "string" + }, + "organization_id": { + "type": "string" + }, + "source_malware_log": { + "type": "string" + } + } + }, + "IncidentReportResponse": { + "type": "object", + "properties": { + "count": { + "type": "integer" + }, + "credentials": { + "type": "array", + "items": { + "$ref": "#/definitions/IncidentReportCredentials" + } + }, + "details": { + "type": "object", + "properties": { + "antivirus": { + "type": "string" + }, + "country": { + "type": "string" + }, + "exfiltration_date": { + "type": "string" + }, + "ip_address": { + "type": "string" + }, + "malware_family": { + "type": "string" + }, + "malware_file": { + "type": "string" + }, + "os": { + "type": "string" + }, + "os_username": { + "type": "string" + }, + "postal_code": { + "type": "string" + }, + "timezone": { + "type": "string" + }, + "uac": { + "type": "string" + } + } + }, + "next_offset": { + "type": "string" + }, + "total_count": { + "type": "integer" + } + } + }, + "Infrastructure": { + "type": "object", + "properties": { + "ip": { + "type": "string" + } + } + }, + "LeakedIdentity": { + "type": "object", + "properties": { + "count": { + "type": "integer" + }, + "credentials": { + "type": "array", + "items": { + "$ref": "#/definitions/Credentials" + } + }, + "identity": { + "$ref": "#/definitions/IdentityDetails" + } + } + }, + "Location": { + "type": "object", + "properties": { + "address": { + "type": "string" + }, + "address1": { + "type": "string" + }, + "address2": { + "type": "string" + }, + "city": { + "type": "string" + }, + "country": { + "type": "object", + "properties": { + "alpha2Code": { + "type": "string" + }, + "alpha3Code": { + "type": "string" + }, + "countryCode": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "postal_code": { + "type": "string" + }, + "state": { + "type": "string" + }, + "zip": { + "type": "string" + } + } + }, + "LookupResponse": { + "type": "object", + "properties": { + "count": { + "type": "integer" + }, + "identities": { + "type": "array", + "items": { + "$ref": "#/definitions/LeakedIdentity" + } + }, + "next_offset": { + "type": "string" + } + } + }, + "MalwareFamily": { + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "MetadataDumpResponse": { + "type": "object", + "properties": { + "dumps": { + "type": "array", + "items": { + "$ref": "#/definitions/DumpMetadata" + } + } + } + }, + "PasswordHash": { + "type": "object" + }, + "PasswordLookupRequest": { + "type": "object", + "properties": { + "passwords": { + "type": "array", + "items": { + "$ref": "#/definitions/PasswordHash" + } + } + } + }, + "PasswordLookupResponse": { + "type": "object", + "properties": { + "results": { + "type": "array", + "items": { + "$ref": "#/definitions/SinglePasswordLookupResult" + } + } + } + }, + "SearchResponse": { + "type": "object", + "properties": { + "count": { + "type": "integer" + }, + "count_relation": { + "type": "string" + }, + "identities": { + "type": "array", + "items": { + "$ref": "#/definitions/SearchResponseIdentity" + } + }, + "next_offset": { + "type": "string" + } + } + }, + "SearchResponseIdentity": { + "type": "object" + }, + "SecretDetails": { + "type": "object", + "properties": { + "details": { + "type": "object", + "properties": { + "clear_text_hint": { + "description": "First two characters of the cleartext password", + "type": "string" + }, + "clear_text_value": { + "description": "The password as clear text", + "type": "string" + }, + "properties": { + "description": "Properties exhibited by the password", + "type": "array", + "items": { + "enum": [ + "Letter", + "Number", + "Symbol", + "UpperCase", + "LowerCase", + "MixedCase", + "AtLeast8Characters", + "AtLeast10Characters", + "AtLeast12Characters", + "AtLeast16Characters", + "AtLeast24Characters", + "Cookies", + "UnexpiredCookies", + "AuthorizationTechnology", + "MalwareOnly" + ], + "type": "string" + } + }, + "rank": { + "description": "A ranking of how common this password is", + "enum": [ + "Top100kCommonPasswords", + "TopMillionCommonPasswords" + ], + "type": "string" + } + } + }, + "effectively_clear": { + "type": "boolean" + }, + "hashes": { + "description": "Known hashes for this secret", + "type": "array", + "items": { + "$ref": "#/definitions/PasswordHash" + } + }, + "type": { + "type": "string" + } + } + }, + "SinglePasswordLookupResult": { + "type": "object", + "properties": { + "exposure_status": { + "enum": [ + "NeverExposed", + "Uncommon", + "Common" + ], + "type": "string" + }, + "password": { + "$ref": "#/definitions/PasswordHash" + } + } + }, + "Technology": { + "type": "object", + "properties": { + "category": { + "type": "string" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + } + } + }, + "securityDefinitions": { + "ApiKeyAuth": { + "type": "apiKey", + "in": "header", + "name": "X-RFToken" + } + }, + "security": [ + { + "ApiKeyAuth": "[variables('TemplateEmptyArray')]" + } + ], + "tags": "[variables('TemplateEmptyArray')]", + "x-ms-connector-metadata": [ + { + "propertyName": "Website", + "propertyValue": "https://www.recordedfuture.com" + }, + { + "propertyName": "Privacy Policy", + "propertyValue": "https://www.recordedfuture.com/privacy-policy/" + }, + { + "propertyName": "Categories", + "propertyValue": "AI;Data" + } + ] + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[[concat(variables('workspace-name'),'/Microsoft.SecurityInsights/',concat('LogicAppsCustomConnector-', last(split(variables('playbookId6'),'/'))))]", + "properties": { + "parentId": "[[variables('playbookId6')]", + "contentId": "[variables('_playbookContentId6')]", + "kind": "LogicAppsCustomConnector", + "version": "[variables('playbookVersion6')]", + "source": { + "kind": "Solution", + "name": "Recorded Future Identity", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Recorded Future Premier Integrations", + "email": "[variables('_email')]" + }, + "support": { + "name": "Recorded Future Support Team", + "email": "support@recordedfuture.com", + "tier": "Partner", + "link": "https://support.recordedfuture.com/" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId6')]", + "contentKind": "LogicAppsCustomConnector", + "displayName": "RFI-CustomConnector-0.1.0", + "contentProductId": "[variables('_playbookcontentProductId6')]", + "id": "[variables('_playbookcontentProductId6')]", + "version": "[variables('playbookVersion6')]" + } + }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", "apiVersion": "2023-04-01-preview", @@ -2715,7 +4655,7 @@ "contentSchemaVersion": "3.0.0", "displayName": "Recorded Future Identity", "publisherDisplayName": "Recorded Future Support Team", - "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

• Review the solution Release Notes

\n

• There may be known issues pertaining to this Solution, please refer to them before installing.

\n

Recorded Future Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:

\n
    \n
  1. searches for compromised workforce or external customer users
    2. \n
  2. looking up existing users and saving the compromised user data to a Log file
    3. \n
  3. confirming high risk Azure Active Directory (AAD) users
    4. \n
  4. adding a compromised user to an AAD security group
    5. \n
\n

For more information, see the Documentation for this Solution.

\n

The playbooks have internal dependencies where you have to install:

\n
    \n
  • RecordedFutureIdentity-add-EntraID-security-group-user
    • \n
  • RecordedFutureIdentity-confirm-EntraID-risky-user
    • \n
  • RecordedFutureIdentity-lookup-and-save-user
    • \n
\n

Before:

\n
    \n
  • RecordedFutureIdentity-search-workforce-user
    • \n
  • RecordedFutureIdentity-search-external-user.
    • \n
\n

This solution depends on underlying Microsoft technologies. Some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

\n\n

Playbooks: 5

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

• Review the solution Release Notes

\n

• There may be known issues pertaining to this Solution, please refer to them before installing.

\n

Recorded Future Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:

\n
    \n
  1. searches for compromised workforce or external customer users
    2. \n
  2. looking up existing users and saving the compromised user data to a Log file
    3. \n
  3. confirming high risk Azure Active Directory (AAD) users
    4. \n
  4. adding a compromised user to an AAD security group
    5. \n
\n

For more information, see the Documentation for this Solution.

\n

The playbooks have internal dependencies where you have to install:

\n
    \n
  • RecordedFutureIdentity-add-EntraID-security-group-user
    • \n
  • RecordedFutureIdentity-confirm-EntraID-risky-user
    • \n
  • RecordedFutureIdentity-lookup-and-save-user
    • \n
\n

Before:

\n
    \n
  • RecordedFutureIdentity-search-workforce-user
    • \n
  • RecordedFutureIdentity-search-external-user.
    • \n
\n

This solution depends on underlying Microsoft technologies. Some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

\n\n

Custom Azure Logic Apps Connectors: 1, Playbooks: 5

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", @@ -2742,28 +4682,33 @@ "criteria": [ { "kind": "Playbook", - "contentId": "[variables('_RecordedFutureIdentity-add-EntraID-security-group-user')]", + "contentId": "[variables('_RFI-add-EntraID-security-group-user')]", "version": "[variables('playbookVersion1')]" }, { "kind": "Playbook", - "contentId": "[variables('_RecordedFutureIdentity-confirm-EntraID-risky-user')]", + "contentId": "[variables('_RFI-confirm-EntraID-risky-user')]", "version": "[variables('playbookVersion2')]" }, { "kind": "Playbook", - "contentId": "[variables('_RecordedFutureIdentity-lookup-and-save-user')]", + "contentId": "[variables('_RFI-lookup-and-save-user')]", "version": "[variables('playbookVersion3')]" }, { "kind": "Playbook", - "contentId": "[variables('_RecordedFutureIdentity-search-workforce-user')]", + "contentId": "[variables('_RFI-search-workforce-user')]", "version": "[variables('playbookVersion4')]" }, { "kind": "Playbook", - "contentId": "[variables('_RecordedFutureIdentity-search-external-user')]", + "contentId": "[variables('_RFI-search-external-user')]", "version": "[variables('playbookVersion5')]" + }, + { + "kind": "LogicAppsCustomConnector", + "contentId": "[variables('_RFI-CustomConnector-0.1.0')]", + "version": "[variables('playbookVersion6')]" } ] }, From 9f74303918835c0331633d97a1c0364b0e923599 Mon Sep 17 00:00:00 2001 From: Niklas Logren Date: Tue, 11 Jun 2024 13:00:08 +0200 Subject: [PATCH 06/33] add hidden-sentinelTemplateVersion to playbooks --- .../RFI-add-EntraID-security-group-user/azuredeploy.json | 3 +++ .../Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json | 3 +++ .../Playbooks/RFI-search-external-user/azuredeploy.json | 3 +++ .../Playbooks/RFI-search-workforce-user/azuredeploy.json | 3 +++ 4 files changed, 12 insertions(+) diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json index 09e2594c08..8720d7a95c 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json @@ -41,6 +41,9 @@ "apiVersion": "2019-05-01", "name": "[parameters('PlaybookName')]", "location": "[resourceGroup().location]", + "tags": { + "hidden-SentinelTemplateVersion": "1.1" + }, "dependsOn": [ "[resourceId('Microsoft.Web/connections', variables('EntraIDConnectionName'))]" ], diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json index 92a16daae0..46f35f0669 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json @@ -42,6 +42,9 @@ "apiVersion": "2019-05-01", "name": "[parameters('PlaybookName')]", "location": "[resourceGroup().location]", + "tags": { + "hidden-SentinelTemplateVersion": "1.1" + }, "dependsOn": [ "[resourceId('Microsoft.Web/connections', variables('EntraIDConnectionName'))]", "[resourceId('Microsoft.Web/connections', variables('EntraIDIdentityProtectionConnectionName'))]" diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json index 0da3539d1f..d74bf1e17f 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json @@ -55,6 +55,9 @@ "apiVersion": "2019-05-01", "name": "[parameters('PlaybookName')]", "location": "[resourceGroup().location]", + "tags": { + "hidden-SentinelTemplateVersion": "1.1" + }, "dependsOn": [ "[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", "[resourceId('Microsoft.Web/connections', variables('AzureMonitorLogsConnectionName'))]", diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json index 436e00dd7e..f40698557d 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json @@ -55,6 +55,9 @@ "apiVersion": "2019-05-01", "name": "[parameters('PlaybookName')]", "location": "[resourceGroup().location]", + "tags": { + "hidden-SentinelTemplateVersion": "1.1" + }, "dependsOn": [ "[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", "[resourceId('Microsoft.Web/connections', variables('AzureMonitorLogsConnectionName'))]", From a4ab7e3236d1a0d242e17c8728a3b982c28fb50e Mon Sep 17 00:00:00 2001 From: Niklas Logren Date: Tue, 11 Jun 2024 13:11:33 +0200 Subject: [PATCH 07/33] repackage --- .../Package/3.0.0.zip | Bin 23908 -> 23520 bytes .../Package/mainTemplate.json | 36 ++++++++++-------- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/Solutions/Recorded Future Identity/Package/3.0.0.zip b/Solutions/Recorded Future Identity/Package/3.0.0.zip index d66e13b0d662975a39a7eb894ce06404d37f5ef6..1b5613d9efeb7728119b2f997a268bac73d19b52 100644 GIT binary patch literal 23520 zcmV)bK&ih_O9KQH0000803&J3SOROzdxZ!902dbk02crN0Aq4xVRU6xX+&jaX>MtB zX>V>WYIARHwOH$J8^;y?@25CmTZk06OIdBuLah@hl9LLM8$nj$AEICkcZcLeyEB`a zSu(UMpwH4r>yz|5vls4?l%4eQMW4i3(HZ@l z!I(uYg-$bRS=1YqSmVsx$LE1{he1WVlGcF@)AmGFw}r4GmmV}A_=ppnB}UKHqWz8& z<=&|e!lpQzi_FP!b1@T6C9Xq?vsAjos>0Vo|Dy5*Ih(wiwr;Uv9WRt$mb21H3vr%Z z!%hh{RDYwlI8<6@6L<*wbBck$+@wTly+WZ8K3aIGg-+7 zoe}f;*FXMAx50_MOS-?66>k>h9)^v*m95Vk=&h8Em2YciTT6d;dQusS4_7I_@ta94 zDF}-5bi`^A>vgx3P(K$NSVH%Y+N?Dx=gO`=;t`m16IaV`^ml=}A|6p8trx%`dw`v! z95uR)so3{nzVEu2wYqQYpvsD^8te5sw)N$_3Mad0M2(en1!REJLh3}4)MA!NM@}ZC zruUrUt0<=I<@B~sj+c>w{K!ws4FRuk2=V-B52&#}{VxgikXblvTD2hxawRWydaN;Pyna)ABl60vMQ%I@e)0QV{ z&<;>k7!?7hdP8fmab))F2Glb3LGH!kAUggW0#jsSGc)GV!6kjj25CPc*zo*MrAi*z zY1?4Ie-1FH=<3t?t$-Bh2(ltDdC z+_C_faz1?K+Yl2cR!v>&a%Tccg%|7%K`6I0SDBpZ-^UbMg3bBa61A1Aa*xl2eRzI; zIck*oLrfw~`JLDo#&R@)e4En?Ys!Ml#y2oAugVEb&PA1NPRgM7{iR7tZm8irII0)! z|7-2NX#g+^1@5i~yro!$gsftd%0gdaiHPRxuFM18E zimS`0aZ?oB6a^=K;%ObV_Blsw^VwGn9xw+|A|ORJ^i%zHsPCUtwt{Zd0`;@P>IV&& z1AXmPgtP6el^;8aDYa2e?*nIsiq-9 zAbiNHoM#6VO^30I2^hYt1EL9;(pAOXl0kzM^+jTwcSzo2y63bx=bnJ7(P_EpmsZDl zJFGDtrG~kaFcDUNqq;y(V2GQr6I~(TL`+m_p+^mWm2esU70lT$NyKkDA2A221QvzS zf#;)(P)F*luEd;!jxLPWA+;S(PcO%GeB5RLpL`Lz{59)PWvrN)(jTb&djm+&u9-qc z^mp3l(x&96AGae+YLd}lyd6eeIqOcN+c6b)cpkd$jWsJY)-VF!cL=CEU4Pev+r4S0 z`AI9bBl5X-BD>O#vDJyJn-q=giNHYbZ%a%#&ok?B2myGWHbijJ&H{rD-9!8NspG25 zRDFHdO;`^Ew}qW^UPDxhyy7AMuPW5|hQ*lHk`@yAR;Cl5SQMT9WF1r|7)Jxg{A>QXR*=Pl-O7pc76V? z)xV>S-xRXHl(qPc&uxBQC?pfcj;!~{nCwom@`F(H&~$kpquFNbq6bwqgaZx3ZU#b%O2KbFacmHaR*aGray=bVGd!-MKP=(IINOkc+>~{(I{Rq`Iu_D z5xx47Cq!Ns-O!tBaJ2Ou;yuFPT%R3;+z13ij<9Ea?o8()e^icb z+SdzF*lICAJ?`wmp>6H`48YqH+FJOz1B>r157gfWKFG$y`%paSY5dgr)@yg4^<<{> zo?rf_o(ux^&%3zY&SyJ(0~vOc?ysMi#oW$RTFs-bUA{_q2=0zh7z*^N$S=7^VK%L; z{_5RboG0&9`sxND17U0E`{3>O-Jd&m6nc8z@9pP@gXxXIvnYGDa@#ke&X_c~$9m=b z@INe>K-2KQD4S!{G9a~i5$awee!Z2vQ(r@kY;5S($3f4q=F6~4v29{ZazIwyjMif8&FFF1QY-O00;mhY0Fq0eMtvhQUCxfj{^V^0001OVQFquWo>Y5VRU6KYIARH z?R{r=<2bVD_xTk#+WU^XZ?~-IGJx^Qi#4oFVBC zoMez*-&Ck6hRVaws$z`Zz2CH__~9DKzh%})8n22Y3!K8Gq60&N!bi|CbRa{B7pE&= z#AzDf)L~KA2WSg49sKvXHAS)2R}4ugqOQe#SUllWfmcws|K0@P5du-xbjS&KRG{}E z`0t6L4zv-+!=er3e}hS1fB;o-jHc|W%8)caZvdx5!2z1z5jJ%SYqF!32^Hlo-^f^ZEX8^nl!u?8>91{8fPK_36M@o|PI?>6l3 zH{QSh5wmFbTEo{Aid`&geYEESGJ=rc{khTu4Vjasy2xwj^dQ3h3z1h9P3h{Og^56h z5c+^o28TGtoGNl13A$(laS2f(pvIDC+iCmF8R*>x`EcX?52uxVAeRVu8hdbP z*5AR!duk5nK@IHhn*#pI3twfsytQ51-L6-+cDFa}@7m^&ZTpfPlD!Hn4Fw4*2k zYkw;ybFcWnJ}_^9rcg<`0{RGUfP*b4@Y(%rLT(E0HXJ11L?j^cB}|81NttLHA3@Cc z!3pepuQh@^#?FeHv$*+zL+u;yKW>y}Ftn^qXv&({>+4!+<6~U!;z%lPd^BY7#egO^ zc;|wfvULb>7wFDdx6Y;n_Gsw9cQu0MealG>hz>WwTNVPQi+XKB22&6HMznB~ZuCHYsts=)PO#NDf~_V1ncg{)R;yH6t!756RTf&Ut|6^f zy=WCmJJq$NooYPoRD-l5p>NS0z{x^UD?l!qei8UT4vNyW1)`P8d67%kveK?OC7a%>Zk>&LxY^k_lx9w6?FI>@}Pg|rjO9> zegdI3bRnaSBS*uLKE3KZBgKadgO&bw8-M-nYTA)Fd7xP+i#qY}-9`tk+x$;B)z#x} zraIfY>HQ+fu1+PpdS+x-XCb@#8j@X|k?iVgOLp~mva5%Z9ehQ5h~!@y)p@_85M7{i z2+eugg_Flt9C>Up0Z8u_NgZ2M>e$MRI<{D-V`~kmV~deGw$_$9w&JN{D@Yv&hNde+ zG>D9@0YxpAH!GWE8~f;Ay6GddyPrU)4Z|*_hN^N?*PZn3M>s8QTPEpHTH0n?4ZU9^ zF>Ozn9aKH|K5osK9@JlO=RAnp*Xr7X_RW^!iGxIe! z5?w~xYPni7-}j2uDOHs*2sfa^gmZ^ZFa9~wnJ4%xNyDg_neT_UJLNUd z`Oe-B>z%^;E#-BG-6HN9#P<;7`TB3yUw?bR4!+YkUsMel&CPhpj4mEwr(_c@9>aBvLCP+QvLwpp zooOPJ&=`qYiC`2b_|F+L`XKnO8Qfn|I)?(_d3p?c^u;=|{3CK$haHBnknpZPyMJ24 zKXtcd8xukiF?hk)KLK(HUN}CLB1jzm>jd+LEyNpwEuH=Q7LL*WJ@nrt-`FsYGK|jk zf|N+U>5GB@<)ZxnYjZM>7e#P6!H&*Z*~d(Sb%qKX-ZKlF8<~QBAv#}w3sD3yozBR` zhdWg6<3}O<^CJLG$VKLSuj%GBgE$K2fO15qXvaDommyp<@A3_WTKOjnD(LdLqjYTbp7g)z@Ynefr#@z>LqLuWLG zZ9!CtW;1OI3KphfJH`kM{vYajMS)?9ENvpPv_)ar5RnJTHWrl}XOe8^kN7qcHfI(k zf@Y#-pnuLzWn2td7aD@lc5R=ov>WE}9)=xnS5Zk@t_UlWYPJma$t{ApucVFl-!^Ok{l_<#%-xJ!Llo6Ut#8KQ zM@qz%Lhe@L&RHmp(G^@G#G#cw{RL(0H+g^CJWz%RtI=is&bsUN@v-6EkLREpKi>ac z8p2@*3laaJ!fx0?Ll^`d>_SSEnV-U&-5_5vZ?Cp;r5xT5-al}b&OUwK_8^V|yKSSvw?gl1}T8J(K z^HUa#@8_AAv!Rhc$QK{ljYBqh&_Qf8>4UYs5og7Q+N7P0jugNnCm^ON%N+LUFUu~X zjU+M1IsKB}#*dF+;}b&jviZwL5X)=LO~MQ|k^mxi#AhZ&EERks#!%~AfPF6D12E4O zIOhsX0Db^Y3w}oiakh?lYHy~H8bi4hBe%wSC?|-7lj#Q{=aaVAGBSwWN#E)Z` zN}M=g!t-KqQqWdPZ5uewQ2rN-BX~4?*F_(HIOUo@sdeYKzIO}UwgpJJ%@7SERA5SR zMa0_iW`o9ZOD1{S{opkZnWmR(*sV+{4mHt%xoj-Qi0eWD-)3CU`g6Ekdk>KeG_8yH z%oKwI(*d+9JCMDSWtg5>3`Kz`Kx(U*y4c1Mp^(X78*Y8hl5w(GmlK!pF0ALmx-&#Btb<%w_l=ob(br3T_~ixp zYPpLD-A$`UN%$&~0$vGd30@W%$ejB-53XzyYT!kvPqcC81<^vC=%3JlUOG zfW=`20+eKsDuiT^@nj_T^yKa2Q~s{hOw`mNY%_(uTw0rPx(qi~Z_ar`a{c8=`$4aEVZp3RDU&Ms z!&L72q6Ta-!L|(zZ~(0XafG3WG-t=e!O6gy#b?~u1a}ARV6Ylw(iA5*o8{4$q1Lurr9! z+R7mlo2&8l547>yjspZ42R}9Ujsw4WE;MEl4YyO9$RGn?k5x`a_~Xt;giZ){#aE1Y z2*)YbvcTH@2>W*SjcfhrMkD#;&cb=S-6SM=S}?ib4@zf8#-a5L%6fLU*bBkc#kyfz z#5xyJ1jgMk#Z_!~Jqy2y{X$(b&SX#E%`ZsxLAXk`=ATgn|- z&2vX)k~=cIa>%crHZqVAF!QvLv2|Ho{ohc=NUNJIlw3P93Bz3CD9=yHoS)M5b#2X; zE{>G3jG$oCj&1eluO3S|;V|K%FZQ%)1ZI z%$JReV^;b54op>eHn)i96(AJaE~EYYw2}$EuFm&)$!TlxdYeLg_9fe4cK+RENNyXI zd1+k}-!7X|FsHutvkJ>3b>O18Oz1mLT+6sqzuqmmo_A!PxRx}^6W8X6YxBgl3D=S* zuFVtI&Y;MUNbl~7wN5!v0B3p}5m@=Ui z;SNO2?MJ=|5LR{&NK-IX3>D~5=42f=!Wpn6k%uz&HphYT0a4R&+nymd=t7RT+=DNQ z0eB8O6Zce3fad6Kza8SdPPiJ-v9r6~GtaFB5^yeg zJ!T%ezh1HXdFn5aU`O)|xOoQLOjVs+f$&Yba?w3cLhD|^n-P?AiE}n~E^)fY%tgCg zw98bqTX0s_gr?Zp4{SyhFkYJs!ehhEh1=W; z99U*9lRIPQGP!%q+zPy2s=_ZXwC5RI^9-)5&EOiUmN@Y}%R5P?F#EaBHhz}3ecEP1 zl0~qUKcfE5Gxj>eW_d;O2RmgSMNY*EHY@VljLt}ZxjGbLRX>6su`WY`ed zrELzIAy3sl;t(k^*FRDth9#W8DQ50a7V5Q$HE9|8&Itpwa?1b7<;FzJhYA0Tw?Dp=<7%ex24 zaA?TZqwOZRM2$FUYK9#N=*R(Y-o9NVsDbb`G7Fx}Nv!STa8_c915t^lL%JkQJKey< zg0>Qok2KXqUc+a>E0RRUi~=CK=K|ATgJ_#8*eH3DC6g}x^vU>kz%9efvphL?Vrca( zB!Y5i>snS~?D$P#u|(5zH3v=6z-x<+Muj|M_WEVajO|C{hB%WN>wH^ga;O4ikRP#o4ya7qpy>l}6tu^(* zdAJv(lh!BV0Y7Gi`2RXcqHPP@R75zgh!rMIKeUX??>Ip?L}d5Q(D_Sc@(xLS zV)vby3M!CNkVdaKtsqW)_1-HyNAYefR>X3|Q@pq+3c|)bi3pLLj8T;(H}HHO z-)|_{ucPAF%8hB=UenaS<7#O}wpz(VnQW4pQd2(lpl0TZvOP^IXEdR=KvBYn!>YnQNQgpKP^F%(`uL z(^@ycoEx|~cdmnyR=Exu3Qw+sGQ*kcpg!Po9W)BATn8m%?`e&|x=K5zOT)F;9#`@(o!Ngf6Lo~s;G_ma7C!-v1 zSM>^+y?1}%(_dNYAb&@BPBRKf=pY^8=+j@nq7o9dOZc>r>RaqV83$`Zq1Y9nWad5p z%hrP<;ttl%sh^9C(QQ}O)VrS>i6sQJwvZH;ln~XWWzG!=vWVsundDz(N;WWO_Ep9? z=F7dh-iZJb-!5?!x&+ink_}=`3`sWCq7h}K$q^R8+I*h`u+EiRH9SoRC8cFBtCJaT zZwJ>?^1f!2bk#~^M@d%D7X?I%#TKSV8A^6yA9wmKrVKjaLwT|QR2e!t=^UEDe6N&j z5wuLKfeo^VnUyzq0QCG;&eu!7i zhGnElw(?gnrbkYF^JYb-_CwbL1>(50BT-3>=MX8f&%x~{t2IZ8c`w^_$Bp@giR^QB zXN)4hTW0Orf-`GVGE0%32{MC*4Ut`D?XVg0%-VTo?FDAmrtE_${6U!ye>Ex~l?t&2 zG2Aj6Y7DV4mgo|V(Ma zwE+kS08!Gc?3N)^PsmD=#2z|o2oMzH^-0KLT{snhS7n4DCNjXx$@AMO)(%UI{v&Q`av zAZ>z{t{OaH4NBMKq!w35@@NI}7{W1GckJ^X8^$GIQ4xwy2L1~8+9vXqy#XW3*iGE#7P~AIcGW*%iT+^#oI`E^g;|7x)}H--NFZ2L z&6go3O*j?e#jIkP7v}Vs=`Fgf&Ac&eZ=_&P656S4Z)HzBxKhX%wgpio*XA?@({alN z9f^|%6t#c?YMLz!Kxbw{QexZD3zrZYS+cD&!`!R zvO47GZY@?@9Gt3-Nin8MNUL!7eTYLo@KX>I{L6%FmZZc1Y|cZBt+Ue*1RM$2c7+Fe zZ>u(Z9Vr^(NFl0~Bi5$a+l z6Ra4SsF3`Mh~yH(vO^;3?q!caE?jMy!hF&GB`&De6b;s~?w1K!+cEh}!Ievq0`Huc zBjWMIa~h1!yi=GhH41rwFV>Wzy=}Y?$7_n7?iri4ni+W{PFc>(4L(h|+sLxWm?REG z>}$0Z8k)a`0mD>#?|KFayX$|MhnWq}I7S@ch$F1x0_lWp8BUN=CbUg%c;MH+JNVui z;yvw1k+LhoPKbteF~|A26XBSClR!icsaP3~G-`~n?Xs<_oUCD*LNw;NYvXQKGRTZM z;=%5e2JRGlKas8sjFPmoG1?8N+HG?qF|qVR#)}Kzb{fvoZizY^A~Ko>XQG*AOqP*w zVoNMWu!%#Kd!qOgr|BSP+E%(ARKaUsPf7dOqQJE5fH?P<3!KpdA%-?~cZpp&6Kim( z>4qF3%17iJWTbK-`mD^D30t=2?4#x+$-4t<#0U^v(zGoRQ=SPvGtJXTd9L#&teGM8 z-ttK};R@GJ(OCu^hpjp-4F|NS%;=W}X->PT&v?VkDbz#S%$m_H{pt;zY5SeId+*;c zjb?q5vPy_^6J@g-exHgOURNB+u}ni6+Vt;?Z&7>X-Z9DUWcc)?Pr5UbKWS^TfJk{K zcFIVG5OY<>M)MVs#t(e=QxRXC`bD{|7s7%iG&m7WnYSzja2JPvW^HX0tR(={8;Pwjs#wQY6^@`T+UBURz^#ZQOk{{l;S@4wKun-S zT(rZ1T`t@m6_%oWcjOgiSAC0YgiUh7l@aA!jtPKNo{PZB2!VpSGxVpaUu{=X)9MU= zvx!}Dr@D&T#Kn1~*()<&A5(Gn(Cy5CHBepB*`A}>_(LW!SF5``)*K+&X@{tzH}^K zX&=F)FYa&eEQ36 z?N63eapV2p-{t?o)rPQp9w1hsf0+T7k-2eJlF%cN#CkoGdAwjcIHVP@bhXBf!Yk1^ z&Fp6&;?P5UHg1ojIlkS)DeQM#M0-^v7$9O4VC!za;%XrV9|r& z*9{eyUn;C1F-|rQ8%gtSEs!g&pU?KfIU;-RRUbDbk<tR5l*cG8<#svIj6H^pntmWkpUJ_?LuL`8Jm+(!NO)|U; zT^cfFF%bd3zcYJDwk->0ElFg^oUQy;Y$XGEA*t%BP=*K$77KBrtbubJRAR21 ziooJMlD41wCGcIbGyQyE2)h|fn`<+GR-WJ zlf*i|uW=E`#Khvauq*)=Qq?SDMS-}%-}1@(id`l?Yg+d3C7d^N;kfjt&NjsxJ^QdC zpUFf$woB@dsK0%f<;NRJl}jI9FjTqREtYp^MdY0xa>k55t2&r*MGetP!!CI-Sl7~1 zy_b5}GAd0M`|{s&*r?n#9a$}!LY)kYWEh$h6N@AWP;@SqfE6}AwT`bzu-7Fy+NCGO*`wDUuOtfpyN-#%Ew6G_Wz6-pf-Q+`T)RH5s*7G@Z&gL+^)b z%AxRGBcWY{Drllp=$Rxze~q2hEb#zp7ARnaQ8Pv(MGZ6TgaX+zyMa5%(JS@NfU{=! zwn$O8ar)HO#d&0X6YKAwPIDk0*djgg<$MFN_#z&JyG_c!^rm2Ba``7tgFv3w_V<%<^pl zb{9%pIb>pUHNO6VHhvRofOo{fUx|d@JQo^Yi-x-)U`p`n(SXwcH*@G99=`?|AGNf& zHb$-?r}KUAP}>9tee5X$?E4E#G}!;XE571(2y-bezkv<;BkbGRH?B=XH#R>&>iJpt z-DNjw`L}&{{J2UBw41*$c4f9Ki2t5;> zDQmC?ZjB(1&u7cM1ztUhDsek{l&7C{Q(eg(=1}-XvYKF!Z)bK!y2&wmgM9g7T=GA5 z1&dGs>=QRh$!E#*(9!Hno!cTz)b~pWF8sy|R?!*=dOKXq3~SJ>t+zQl2v8+<+q4hJ zC&?84LnB1(k*vrko2GGbh?coY?8-#6GQZPGNEhET@uY+fNm8am7j|vpJV*cVaC(~# zLpYs}6t?_ILev{r!OheuQf;7!df2`ObuydaG)nz+-}P8Xl$??k%(!7PgqSfeB^69+ z-wa_(l;DjDVZ;c@;B?>m9t?FyarqFG(WvTuS%`kcD~6=H3V9_dMBDZ#GrL}qlFr3q zPV&x3d%H+FtJ@U5u5UE)FSEWywS%j2P3*V+hwn&jt#`!tVi~aqwWvL)MejjQVbZF|idwp>f+nH=K7{JNcf~7?I+J{3CK$M>q@-sKUF>WVqnl@i0=5dvptO z)UB6oW)aG^?b(9*CxZpsmw%Aq0Rst5TS#b%dbkK@dW(CZuuLEn4ZklU{aY@!FjC4; zvPHaySjFGh(K)MT@I`}y3bf~j0MvB#!1;OwE=Wssby={Ng>Sw<#=O|~3Qae)jlvO$ z&ZY(PU`b7s#R#w5r0Pj{l2Di8vRy21W5va$+ZhxT#l?XnsK8XPo<+6VMJp_`#j&{U zxfqXGN+g-@r=lWhL;OiNz${5`=v02$8NPCe;KObA9{5@mfjJI7S|nBi0E?A+ELcrB z;hwSkyeHX8I_b5~Nm|00^Rkm$26KY;!TDmgJz?(pc^7$)pCZo5oVV7L3tm}jgsN?C zWsgze>9U!3)_q}iBu*YsWMvAdX||B5M9fM7r+i9XjGYHNf(hS3D<^Oyo~taaP`j=Q zUkoe3aN&@nKRH`%MRcL4V-7!=h9wvd_tJ#en;SoPFu}h}$m|1j0XF9$#?=MOCO_Al zVGc=C9jq?mp#}A95*MY<=jbYaX_iDyw0orbDH$O=t}0n5QzrR7W97H(g9syI-mH8L zPM{09)u9UB*;a4tApm$zgE5hNY$;8FFJg`&c}5q%jL6E3`Ijg$73v_*TRNI>B1;N~ zNT}V@SCS$iu7HOm4n^#RvsEsKHe0)}N2;xAJ%b%*gsYXz!_0W%M1UCTs3EIG(d9Z_6wC4j^S&J9{-+xIY;xgW94WeZYf@N zMr*{v%MyC?P$y;ToHN$6faHudEn}szso%U}`}$h5qV^%L)=q&ueYN(yCOLJ)H&UhT zSFK5&7i4x1`bLoPO_$bOgM!R?+1X!}GV-#sF|+0+-e`m7CEoH9Z=tR85^ukIiMPD= zQtZYpnu+GMm&|?0YcHi)_L|jR%1io?LGzM6fd+X=pI@T5M_$q=FX@w)^vO&50|a-VM(8@1();*B*M0OCdjiNHbizMeZpqQ zOZwy`ecpOWpQr@!%c|((r0aRdTPb|r=e2$Q%xn9&R+HEE$!q(#x~;ml&lY`-bhUlL zSaAB%K7Q~Ll=ks=O&}rt;l`&oT-s+lFYS{_X&>`#-%`mGwOHOn*Tk=1+h^OaEkxG# zakeK(aUbf=Qj*?#GtCCR50wqABWXG5?6Xtrht&|Faap-SCE{CT2%v<70|O4MO_)lC9& z&2|zFQ<#}?wqu{r$awhC$9Hde_#dt8(QjUX#k+Y7=4Pw-LzJ00V*giXP@Y+cuVZ~j z(4yM|7#=k@t8j*eA4scnX8y1_vtaj1B+FTsR2Wd2`Sraj1$TLNzg^?|joI$Sb0e-J zN}{!G;VGSnqj-p!5~pMm4it$P`3nCyCO@=>%s0Ms)k9MH1nILpLT?Rgqs+#jO>l>r z^3G6wq!yz-I3gMKwBnSX`0 z(YQEh^vJ)5jmgCk{&)YTcf5at8r~=;`;#xt!-j&s)Xokj+T~%td2@JEzdh_}=STZr zZjNp*?vHQp9}XM4PoMX{+<)G0qQCFVv2V~=je9iC0F5`eKfKW{(J%M&{d-rMG#a-D zjfT=VME`3w8;w4i=Jja5w0qMyL0>j*?#VjQzm3_?(LrN!bG+ZFMk7;o1IxJ8Cw|XRnjnhgP}U z7+h3Or@h|b?6}W=`FyKLr|3w|T1xry?n~|JaIk$-zCFGj2+h|0=G za4m0}`-Apma%At1x#ZCOIl}vMfEpd{H+XY@Zcb~Y?d#Fee(UIUzkj-aeXnl?A$>HApHn*dG9(}DIyeQMhFZIT#^5yCIdGa(GzaH$K zZTIT}I?<0`kT)x}dsoi$YC+D5l z?pI0XE=SGE+1bm7PH%9s1;^JndtCW?f84LNN}sP^2m0PQ_fyvOgUWfmQ!SqiApi4f zaBe8o4__y(o2!ex-3PQK57*mcw8gvno-sZ@dFpm|8!ubC+KYa-{R&HCzM_ASFVF8f zoe%0srKRpmhi5kr&FR4vI?rk8pwzGa+--h15iZMjcaqRKxvL-P_1or_po`CqDZ*t= z>YlZ9p<2CuQEHmHBg^BSTHk^v*C!8KBVFfiIr)qJGPrAPcTZm~#oZ&J{-PS4seC=v zZj8IH)jZS;)lQd=1=-RUoY$3LHYTy^HT2K>AZM} zwwf0&YG>Njpws9Lc6U47NAFSEW7udbcED244A~RSdYTY*%X)^!HdUP3~&rn``k<>56By@o0zJef)g( zvvTm%s==-1GuofQzH~n*T~_L^mC^XQRu{RG-OJM9UP=9|)vl&BO(~X#e5MRf|8_x_i+M``6s-_+hWQy{#JRcI`uV>*+#%<{x&h9$xOYR6(u^ z`gylf(O|W!H_yuQtm!RQTcaPBpYqT^wH@G>!9HxV!UO<9maLhw84>tkedFgQLNRicnHd zUJ>rU{@i^!E~B$Lsw!wljJ?Xir1xx`pI*v4`p(%lyqiw9h3fOumc}3P!r9r`-UqeS zpZyO^aBPfD1f~9ES{htvt?K0HbpNsW;Y)dR)H~gldi#5)kNWuJYjyYjsI~J& zsT`bL40aD|m&eE5%Pon!Y@LbfS>@;U^?7GHn)0$x(?8sn_6Gl=zMM}uoCPLSly<%@ zRKx1eiE>woPyn2#&Lr>Zv?ov2x6PnXY`;Yk$+da+9ku3$L`W7Oev+HXu(QWd?IRI+ zJBr>1SiV=L5R2Dn0Q+fFLxQvNT^1CQUiD)DI?h1Nu$i2Q;+6|FTFpm5e5*Cw2ah*0 zE&k}6@3LE-7Tt^LBB%g|6kkmTBu)*B-j+6t1$b34dVK=Oci9o;KLU4U6bI) zs5actzIK#Ufo_bY6EIexuI=EVcylf3LoE0a!8hi9(%`1n-oYoV8N>9twQ1KtbTr=( zXcr=4U_6ChB-=b2ijt$ah_x`E0Z$u;Plh&%sAhyPayaDFsn>=IObaI{l3xJ&ZMHCg z6>P%#6d5rY72wP!rV~h%YrBtI+vAcbEkum8@j0N4ATM@B9x-U0@H2x%jYUr6ve^cm z8xz{bJp;QiF!DUuv$aK?iwjwoF`L_vH%G1tGcPI$ZH)>7b+KcXw$9sOY|gs>P+^yt z&PuaNx?0Iq(bO*d`C>pVq;RJFlP)b=)GnJTQMCAY`)auyyV{@)5HWEXTjq3<$O>Sw z3kRv=w_5C{f@F*!wZ$e6Vc&b(l50hFMvohBW)8HsfN#5jXDsmH$e2foH^3Uf&%Q*B zFr?%gYD477$->lyq^)FJaq{D^dL=v*s~0apPHpS(Rd4s{kHQh1eOr4hs%UTZi2@|3 zV~&LP*^RtNSXZIG39fKK18$6v9dmcf{*1rUoTj1-2xtI<#<&FpCg)Xx{@@(Z)2dQU zI&UTE_*xul#j&V~QC2ff-xK=IpS~_X1L;MU=;iG=@T$7*CxxIi*+~lhKQBwnS88^-V=PR^JZES(&0|%)!{> zB2`Qx%9{1?gAXjx>c~uK&%)}S=0tomr#KgDggH*f8o}DjsEX4uBcx_4o>5#ZX7-94 z>UYdMY!(d2{lmcyyRC-XWgP|x%SYpEp6@IK$3|Xf>nlde6P0lo~ z!hB5s%#Rb=$N9GRRi-;4GWK2!k-Y649jTBPnF0ftnOhM}Zk=tfFHT0pvMsDYsd5D9J;%t8|jdeRwOR}d%wMRz2|(` z>#TLw{(Saxp64e@cJ{!882vupAeu{%uw}iUHzJADa%g@M9TN}Q3W(PD=D2-km+~P2 z`}tz+U31ixBiN@(H0;r|oELoRD;$nVHpdi9XYlM$bEntvdq;Zs?sSTdRRX=avUKI6 zt&MD}z*92JmHvFc;vgCN!&Jn}mXU)$Cp-OfAO8alL1uFxFy-gji%V(G5bpxW`VdXzb3Q1}6ww)9>M0KD&_X0vG{7%qhdY*jf z+>whBr1lNLf}8WMoa%C*4E$6gijeF&(i4Et)H~P9pS}%&`p3q;rnefvxH$OY^ceZ` zgLWIk=vB1b7qg!}aQ+}Zr>#vq&)n3Tyqs67>m!M3mUH$siEal`f_n*K4qVAXL>=h~8x{2H2YDtDfuxErsRDRUt!UPvW z`SiI0AAZRfZ?jUGG^2b<;BT^QCt!(plc`}xbw6zG#@g)u&Ohq8bGVVzm zfQP1aG0pC-7X3IyaCsux3PU z6Q8@2U;jF%;a`l@;q%U#OV7N|7tdvCu7yJ466NafDL8z2b5-*Afo%8Fy?G5U^k1yZ zKy5fvv!PjarR&2~cO+{mf#5 zAnYDevhDTkml5AiGN$U5_y6{O#J>M(adBSk`{{WA4vGUW#sE0bsa>E57N*1Q*<|Bt ztFTef=y+|xN6JaD7$}~_9r;V8vrE#0duK8sHKw8ODHzJW6NHDmMpc4Jt*x5lVv?Pb z4lzuzJvf4~3@02oNea8vmS4n!o|C`M=0Yu)zkk=6s(a}luvODM7)mbTHj8s ziRLjBh8WqcY#FLsz|TCB1om-gV&6zVJ0fs=v!zo?V-JegTKD+Xf#JylTVwj(5zHA z5GJt5oSWm|S?&`XK#A-LiXb~4h?X_DU^zhFGABF~0THKmt@^#9Yg_4~ ztvA?H`%7G?-EABXUO!CdGGclrB*Z&&$TIet;%!iwwbp9TWN zZtOG@Vi1~%n`(7;)*wHBPS5@G8^a@0rTYJLj4)acYMwl&!003oRPUcP z=bOEhyAm4#sq-=K(@Ob((49`5&*?efuC&EzD~Ow^H5t#Bf78<*RE^uK?L=qu?0ti^ zUzcR|eXumy@26x~6xu}C);HEH8Q=@rbpxR6u&nx7(yz~Xu?vdz9W#j|K_AIPa%12- zxZPms4`yVWaEjEUM*C8y@_qLb&ggCCghM3C3DAIrI!4P>{@Hy*TPLACC$gIt({e#R zt&X47g8K4fDV2EEmNhgULl3PcpSlXNkvePYOQCA#eC>rz-^|RKsfH6NUS7v}k;)=( zBxEFQZG<6M>C>|hsywJEQl4~qibFgSi}NjA#?F-Bf$Ip)sPNCm=x!ypMLyjWOl)jZ zPi8NF`&5!$-{aj)Jlk9$$Bm4I`E!wdx74MMt&K5#-mN@s9TLZ%er#l`FUByXbtn+2AqA(s@a_7>D|6JOmpfu{Kqtc8kuN29HgFPrTNPPo*zpxZ(_ zNF{MfmDv<@DVVcbx9-*A=uoobCsD8d>jBkS}BMO^Z)DexgX(vGa+G-s?0T@g)l*cskV*<~so;V3igjq_rm4qEw^dqM0G} zHW{oiVY7qYLx6Ff*u1MU6OQA3zR#O?h0?dSqXIX=rF^ECHLS-()6?_1?R?{uQ?Shc z;c`{3M4b>SIhPbyq-ViE5QBMD{7GaEVCz^JkcU6nN z?Y;_*1UPgl+pplYoU`z+8nAm4i?nHaz$N~UTb&rN_p#~y0QCL!Z zPVoJ!HIwlkwUxXeMm@WbnIPt{E6XVfB$aX$0Ha4$i&L(8k-Qg>51PPG<#2E0zP>uB|vISVi$!ygU|2Gh0u~)qLKXPwZNn zQQ@tsayZ9NNkiTk4(bcFGw?8O3z3mQDNZb!0BRDK?*!wX?kY0*zJxd7*5vBN=lMbD zQW?7nJ||F6V;flLB5p}}^GhbUdtZ%=CPmF*bU~V*<=1nSf@~B4A z1YZ5Vt4^3Ghw@iMiiV?yLS62A0Ici1lKfFLR{Mq2im@!LEOfD395JY^Bc?+efs{Xrl_;a)LN#``is8D% zq`uN=9*ZcfFsN1roZQw?4^GW^|G5T)z@q(`J3`-+`r2XEEoQkrrpL`8bxJk0NtO22 ziadI~8ZU(}@-yta?>aXJG}3D`{=${>WJl1cGF3LcmXA9nUqvdD+D}F7h1pLNDlgZ= zY$#ZKWoRIhlw|2q!q9CaeO(<_e3!Tx5P1`sYbgN7K&-9Y_Vp|giNK( z#$oOXbQjP7XQZ014J@vy#X$OFgXd(<^zHRguQX zt|9S0*qQzQC@ohx(Pzt<$GCx4xHKt@_s(m zYxU`$Rr;+gJfED*Mi_^flW2ys&i8(zGX7q;)%ZQ!(XR;wKP242ghPdcI}`4WHZWZ; z7wufj{(EdN1OkR7k0SQ+ll+csx#+Uh6Z4w#(tAn?|FXlH9!WRvhEN)V@5$XO-<_8^ zUr%4fqAqEmsJ06s^?teu9&axT|CZ~@BV6}SWe5UGn|auZb7M+dVkA~vYb*DL| zpFn^;Vi|MRvBh7L=lLW1#Dwh_1hAiD6`Iyv*$tDJy~}gEP#aG*LK7?cz3wA@0;E8n zz5i(7$-=iJf~*u#Oq*RDVY{%=z_mZ4$wQ^1a0q`})rc|2J?T!>a3MOOnP&2>;6*XB zyC2|HT{X5FAi`d?uc=0A?lKPoQin|U$27-fe{VkW^V3l^JAvB~4+Ez8e|2R`%-W+N zc+K-+IwAa&_}4Q91Xy9OZ1-imd|Q~%*%YQF%Ez>>vP33QYu(e=N;GdT_)JQ{Bk`_@ zNR15BOd}iHyp@rJzE zP6+a}BSF4-Xp=mH9-6%MW4W_XLRQFDH`{yQv> z{4gsyB|i;j9Npk=#tuzw)pb#@9qq~Jif_zn9Bo?S=nmJ7qU zf<~&Quxj2iUNBl#-{7dd20)wN^;(+W6{%DGgG`!aDDJ!~yxKp&Pd2?O%P{$XFE7Qp z=XpYATPM@gbYsJH%HV;?xv-Yf{w!%Vjyf)IYClIS1o&2L1oM~pIDcx}>sm^P&lflIMQ0S%^Y}1q zgSR_?P)pOnai|PG z#tLxWdkf=e5>>$(KHOeCCTOnehCxRBpqdMnY7Fq**v?X&cWu@UJXj9KYlBJcCD8Dq zx?9h8zw*yjX66sj_mA<;T)JJN!>|yv zJjKP$L82{Kgx$$V=2blU9f;lvWZ0}{67QY2Y+#k^r59f2T;VEGZITv$A#5te{h}ul zkw=37uq@o?THp5P&3z5~*J7${l~C-MWAgqR>!8V6Me(*i3gV1Oa<{aid2%;L{vu8fXpORz{QU=%*l1Q+~D%6M}f9tlsYS+OQ43C9Yi>FaU@Q>Erb$=HsjWtmU zU1~{?5@*=3;rkEk;BBo+?L`FB}K$|7FIWW$Vj z{^Y0N53s_Y1uQUZEsKTU@9X>RA(-vYSzQ~>9<~%6v0X+s35m<-nJdXaAKr?!3(-0L zhmh&PjQR$8je+Obe_Edc@VDzulvdVe7Kv~Hj`aszQUGRAhh#BC+-X-|EUGx2G3ZEM zusqbYS5>*RoPJ(qb;d1bPhGP-EWM(gNQ}d-{+Mkkob7JOaubKC2~HtINDDu#ruFnXW<)3kbzZF-iPJ5qGwtiHzkpt~W#S)=U%!$$_EQn3sf6&JG&dWL z7WUmtx;KSXx@3rrq(yR}qF1ltb7TIPydd~KFowwAd4lWc;#TV^2>#)exhJ~+9edEi zZs8w{N*R;o&%xMhl5-(dH^~x8T&FVT$vCX%nK2D4`%Sbey-!(FIseIRNqyyzq@{PI zg}k!@SARSa9^@5c|0g14GDW_UWVUC&oh5MGg(AaB z@SOR&@l&!LUHgCxGEa5BKCK5(fm!@>!ttgOfpS_`>*EE7c6?W%CKA5A@u4Mpczl?6 z#QMHnCQa1&M&gH(+~Z+O4`BdeO-wTUuV@fLFYA%7@i%Bti~E2(yo80^u)w%h%#3Fd z{AfN~+vIy0*Y!D#d082ysig>U?uxWY)0%pehJtWbZ7 zH~Of-0n^!qU27D{<(E_?py;^ZwwWzs#q zeUY%!Eir4^X9aJ+9j|NY4!yFr@-X4 zt|UcJ>O?L)nHQ=46>j5_)^O~L#~9Cp>-(-B=Ynh=7xX*QiBvfF*}WIVbRD#I!cHYN z{E;W-aV{DfeZ{^08tBoFFH0-U9ysd`sM@v=9y*J{rBAR(WZR&5Bfs2_D@rYzdzZMJ zEH{Nhjxnryu4AJ)CHMx2hx8JJSm&7bAOebczRIo8mP%lXj~P7&wK|Cq|HMJtdWL?p z8%nVyVH+YjhTC4s-9LC@0u*z+JhiUJl!H>in*8ug-;<_d@kKkrQw>!Do79d^KGY7te#9a5v}aSjI!Sha$NpM!=MLbA1% zUQkae(j<`%dye%W+6onF3l&;dtJv^pJ0+d$NdxC}`rFC=#-+HyW=4a(UsaCsdH zi`XMAG!kEFZXt_n24Ts|U|0&iBthQcsVTi%L4!tdkr3a%z5MTw*``B%}6r~YSdkVk61K%$m<3kzv>Qw!k(ss<>aL|>?CryCXJ8U)oB)kr9 z{dr{Lk>NZTEqs=ioM+tXOuZi|&*udfTmEn;x>QzB`s}oq)wbl{nsFph?zHzr?HM_r%PMZT73eurxGH$@g-h<*60H zA1?MoE_N|4wke=muSR6YtKs7#$=?Fw+Xps#1PLQ@r=!X*6_xq1^D{B3pMmHWTlpNw zNe0}ViDStq9qeos57k~;NG1fFW%=-J07n=`%J@IgikvwnV$EcE|0!VsYPxkb;*_BVEZTP|y+t{5EI-Yt9p3R*hDCv{3qb+bm+Oscf$xQ7G3d+qqJZzo5d3d7*M#rGU{NFj+Pe985yNW;m uSN<2O_Wx}1KarOIuLT-f@#p3zMECy(xYPn;VgGjp<7tOKRYk~ur~d=&c(Sbk literal 23908 zcmV)cK&Zb^O9KQH000080C`@^SP1~1@t6nz0B{!o02crN0Aq4xVRU6xX+&jaX>MtB zX>V>WYIARHwOH+L9D3?}? z%1Q%^jx)r$@sZU3gEx4n3YpE2EI2v4)`_;WTN!B+%lMnhanSZLnU83#Vwb|eU%x1S z#@AG;Bz4{QFXzR)I6nTDcJl1_m~JvDtRy3s(vZ{SQb|jlWqPfOgcfqCjU-iAC$fy6 z@O!JXiUT?$*7d*t{FiQhCI>I+{#Mqy*_3@4xAE4oJ{_PlQnpdPX_Rdv{nP159V|Xv z#eBwXW{o9pD9qytyG88RT`J*zE;fjS?pK9g7o@DM`u>O&plN5evETY{y>u-+p;8(r z07cFKCrMdqeVbCbpTm4Vbs>9o-^M|86k9je>vd?Fm&>}GoT3S}QPLHV0ZoZ4B1y6k zi%eRwGO7%}MJv$N9XTm-%TC0=a^y(0r=hGgI#*WODJpDep$~v8+ z1wy)mhC0wG?f6Whf)u*T`hrJ53oQ9epu@9`ZKOsY(nY(u%m zWI-M{7u)0@2}XLoXl@^c6Dugqa~Uf(D(ZmNKrxB3%v98PXR8QLEO|K7Im8|%T`JTR zR_gk6LyB6o0~9qzg~w^Jp|#jp(tB|OYMFX3_iAwv9e?+QDKoKIXuYyX$q=&M+K(tU zGXGPhq7^4?TP) zk%sfC;KEE1Bw^ykIKZLXY=Akh_}LEN7%hO`NC@8gcZr3F)jeU4#KS3 z*m-dpQU>?9ajOzy$~ym<-};(Z@z~C_zIGO%SUADi5QK3{OO?ra@#m2IRxmjqOEFu? zD7$*9?BnzE%Sr3ZUqTWw;!mJ)&luY&2;$qGPK>Tf9vj~v#JnCS2pPck-Daiqe&1i} zsN%iqpZi1&%Ke+p-kTNx6F=Zkz#b-2fn;!Z`r5>@lm*U33gujT*l%=I3nBVuRPt5{ zI-J)ATWbN*7rX*i#noldrYZ1g3VafuIoedMJI+eh#=0FQ(FW+Pp!1b_ zaDYe6e#DfxsVNbm5Eyj~I_3@-nilMf1sJ~U1F8v|($>S>kj8@a=;IdD)>$;~G2L_9 zobyh=)ab2T>`POGc}Lk8kFr3xGfxcb|3NdLX9&d3IEl6tNFo@ON{UIVUqw8Ie}Qt& zOBC>#-bau@6(J%|9he_o_&L&ab#3Mxa&)1K!nd|%_Vi*($H!d<@RKk6mcM2n>W&o) zUAY63e~*B8?^+fzp?}l9maZkAKipB6SVxnZ-ZpI1R*OCz?GaVHgaW^JZ;XD#YV}0; zzAr(2n*Ci{ar?UC^|Q`$-|ABbMRrx7l&R}g*Urk;`b>b@yW0vZ=NWAS6}}432>UwD zIz}++3qEYWeC($z)AfSiOBXH+f)~W@3%-}A7%j$p|DVc_`&P-6){+v5R&q7-;qeU= z*2IaMgt}A=yz9HfcNt|B=wEvWdBXL!px^R*-18r!R5=%mQBM9K$-iG`hURrD-6YiG|Eq{4g586(X7H3^B6M z8($yLqbE%7pdg0Dm@jo}m1UH1-E{$O-<|Fu!u~=?SkMGe7kjvIWc-83P;y_uT$JM) zkmI^N#z(^jIGTiyEIy@1ZbC1=WFErBWExO^09jA9Z-I4{k}j-3b;mJa?&! z{!ku7zsN)^@09Zic)~;AjF;rzTHW0qdua$97~$Spd$JAhApJEq&T8+7_OoRV(X~3Z z(e_nGHGN+-#JtDreOIX*_i)!-rTl#u)N8eKgZ5i)?*|0FcVP?qA4+g#zGW)@z1M>t zJ$#c22m7!$!gg!%ISIw@F{|G?q29)U7kwyi8Q!jHFNf<*|94c-IlDt_Yf9S^znR0& z9tL?2Ff~eSwZNsk%|LIP(7$?n7v|AB6~DYe?I73%`_8BRUH^B}U5`FKSAp%9ho_n! z6t=8}19iJ%f*#Qt-Q%Wa-S}6|Rltj<;jf*oQ_MR+w>{y9V{5*1mj~rw2>U_W#xNM7 zeF{0cZ@-KOBHMMxG6$@++uP?9|M2&JP)h>@6aWAK2mpCr%UI{TabM0;006_F0{{^K z003=aX>L?yZE$R1bY(7Tb8l|#z4>z6$g(&1|3rN6fZ)9ovadyP)zPcm6m0Eiuhg^OhP*nK3j_R7r4%FO!Z-~a3XVwl2z zYTW@pVhevTg@LXs+8?D7`DA0nN^GAW@shs5{u-$roiEa~vwJ+EqlETMiX8)fuAvmC3V5&VrlfREU* zK9E&Z^oH-sD#vro(O8EeFjp!+5_pwqLYsY+)uBa=DKgqvQDjyBsv5<6xHK9t=>!jB zgodc0R$H<-MpYTz7%PypALF${sK=T!(GhXWJ1NgQw`{!(AS#gZ({ZM&L9;;pcn<|f$PoFo;UVhr! z@~oZFmey4T#TZlJLe`nF#&hdTXRI?4&!b7|GNZ7X#<1$BsOv*m3QcGJ=gjD&*c!-V zkt;&g;vQc-W>u~$L$&|eV3-G<5hP9LSq` zkC9-Ym>bUIKGTp`ajFYl4fc`;jyM;(s;tR9ooOM~ka!Voug2?R#WNKf)4Z~(z;;C5 z&NCoH1QCxonswV&;U890pVsh)Yp{q`F>`w^U=Du5!(wPp4V!SP%|sKFFbgy}^qq5z zm96sTR&8giUftZ;+AzOslP}wX(OFwFmdfhP+dXOBKDpU9_8HzBHH$3A6%Qp{Wt#^@ zjqi?C=%d(2GNK6FNQ5RuF>4HzZQ2J%QN=!Lkg(H^EDw!Et{6vv=lgwfP&Bzp>`C}H zVIQ-%gx?U&iY9+Ixld~r(Qg1t2;CCm&7LSvw6%36q642E%plONVf7HIj3yaYpT5JCtdw{!ClVjA^S>Oj}(+rbQ#C;-Tuw@=!IJhupJ7v?jvW za3Zi0SJc>7-oZV--#PdusJ5G9{K|#!N{#SJHJDdwbYt|d7s@3ye=ezI#w9f>E~%{` zm(*yvq_(nLQj6vi_bd^WX*{cT2SvQaGVH&DP5i%f@JV2OH>3C#v{R%>Cx;_NpI&yJ z;g*EkK}Lg5Yk&V^FWV7WX{Z^53$?oZr?n2uo%|<+|LT!vRh@G3{uM(RuxFX3razZ#X2vC(R9v#Tf?Tpm%O#sD%O#u9T;iT3qO$$5rpqH}MS^2NR*U5gM4bi+ z`hV%*lfe3JM)55ecuX}^m7Us7sUJT>m})DMskSI*qddk`-=QgMsle5`^ zEz3E~=Leay*QS3SYD}`IOe-m>{0fFvRVx|GWfHn(Gl8>;V6*R5%heijToo0Se--$N ztthg72XUCka%W>SrxU2~!mUT1E92*EX0SUjFkP@4{{6fU6sBIrJb9Rjpbut#yH~QY zjKgY=`vC8NWNw+W`vo{Xt&Y6T&mW-%LK|U_CG_z(T3?!LV)#2;U;8+WV%XGet+;$k z&hHI(kMWCh@IHPY>pNozhBUP~ZGKqpH*=IO`nAv6uHf0%+-S2{b+%a2#vP0D&>3d` z9bByTUz;2pfHV0rW0MEIQ!+UjwPD*&FRK>?Nd)H)K1~T}aScV#N|?4-yK~1He%m{K zTNm~({b~me!Qt5qaxSAwwe&N*T}ws=2$hh!F8@JN2ZHa4qhUD&kq<%o96shBFY|a0 zBiHT2hgIB14H6fdATE50TFdw&n7BPl={{$E&=H?sI|0Xz^}Tah|+4d*6n2p2@BbC=AD`8c9L7kYo&1xY z`Pe9qFElu=ZCglPZa2tY9|Y|+7{qZ|t(J#`;@X1b8Jqt>Wox%J6ch!Hh2TOz1D8Koc$j+&dfV(=ODk+TGB=HsA78)9 zD0FKBGhE>-s`F{>8?U$T(0Ucy`vbl^Yzw_M#MBwA@g``x=C^ojpZ}j9YXZ0CJ&9=+ z0R}UWK@vxecy{nmNIX*m`f68z>}S{7=O1gPqWtrRP4#Vt&m)wVLnk>q0~9pfu%Zf! zBRC7CS2(dtm|L{c*S~o%+;IHeO>eBL_t5sCU5J*iYd=5#QyTH34pKV) zQ{{VwxMCw<jqBe(nQ=;Lat&sf$b%Y}Y5}WyM&L7Rbd1mR zqBRZwg1`9EZX8gmkrtUlulL3xhiw@pp*u*^XYAo!U=xyIy88OJVY|>2QSi!Cw|cnt z6D%2Df#%EPhjk`W3X_FGqBooy!dJy*+5}n4{J;iGV|N&HcbG2>*ft!;jYNv(dTK$A?zOBa{6Y#G4TUaEcJrdl6R5});AFkd?M zb1+~u%cZ^J1@R7W4elWm#t1*pk`UP&_>nZjd=pA)*j5qB36Y{yj#L}Sm|nof;$!9X zE&P>QG)B`4Y7U)-5u^~p&Z#fsA7KsWyL|IekeflblwcJr!9fyjHJr5?ElugPb-N!c z9s8!xgkspT5^ZqIy|dYHjzBc?96I<|uYKuY(H14FOK4gTgwPZXh)*`8Wm=ld*(}KL zO=XMnz9IB2HoJYoElJa0iD*P^u1)e;-x3*Boy&{ZEiY)Hyyu`#X^H& zbzF6W!3)PkQ_C!zVI$&>jXa)X9R7Z&s}| zx0~cnyYO2K(TDO&jC)=3OU!CsVwQV*xS3rKfa@9HdIobnBS@ahLax`_*D%-XbG<$( z=g$~1*X!d*#axB#4a~7Eq52>?tmaR*AUEL87CJZJ`^fU#fS)V+K0+xs;IF6w|2MItSIgzNmjJ(yeLnOX1H~&> z$~Uf7_-aTnK6w)naZj*6mq2Tq@$2ZYjp+J7Bt$nF-X;ljS#e;5c~PAEBQFUSbhaP# z2z?-cCMXq60CWqOz@!VmSKsjMjx*fU3jiEs)l{i5|fGzR3a1NVIjfrGo|3{NUwTftgjvO+94YQCg5WI`X zYUaZpA9Nf8T)X5%%8ElEFjS1kg@+&1gRjIi0UEq@eIda8+c1MQ%_;j9GLVd7Lj)Ps ziGT@Y19J!_u2%rOghZJ+!MAgtHFBmgpyV?v`^(?4#^{$CCSbh2`6LWiCH**!%oVW* z+9LIsTb><74KO-8hN~uU0mcQrVpU!8gLA^AK-dl)@F%334R1FkztxBmYW829KraFL zNQ|NDVp5nY_uHY{fuJ!a?;zt1*kBl#4v31803H&{hQmsX(T&S`v%%Z~Y4mw00d^mL z#B+j?*9B+BVLCiBfUi(MDL8<8vM9j+z{vVB`F|AGHLd8!$DiO1etFd3AA3F^k9VP_#X;0}1UMeuF&7f{}}&A-EilntlS ze;18+7$!uUZ((qv2fwQDwBRk|F`IiCHF6r2@M(};(h>~c$}%;^O`!N-Rsw>uV?4or z@jc-UQ6fjw; z;y$^Z&bk*+*Brz?w{52PESM(~7XCnZqErwrXxdGV0@2FE1WCWjG^oR&U{)&(NxTI4 zK@Upo79fVDG1Hw>I{FGx8 ze=tmi9Gf_7!EdlA3lqcqXYY`N}ly2&-xMXfO3#euB=iCn%H-&JY7X>n*3d0 zwibZ38`GejK2no5CN#&;buV3RJSXdr8_$0ez+FRDnCL7vqdAcn4%>MSr5jgL?23l&e63$61p}$j$}Bnw$Y9~s+o~{M$$7d*&}m=$Y){=7n!?9I!*&9t=4jaI(6B{V;jvO= zC9bHkul(b*9ygeCdYwnCR`|@ZsmIPuy*kCT85Gzi} z(=ZM;pXrj!6+KY#nBZx~QCwp{j+^^pO^4*u2tx%As1h3^yn(m}78LkNoa#bXLtE07 zMG-d|HiGb)^8_nr!VS*MTFJD@e?wU*a23ZVPzRkGsAQ0Bx{LQ8TbW%m31K4Ni8<_t z^Mo;vUKScdJVR-TXPl<^aB9f$%`F$vC{$Cjk}YaMJ3+#cGQ>BJwtgY1K?fhm@fP@Y zu^gCzNBUZm%wmTUnt*>HI9&vk|0o!@Fs=gNN8e}Yu&}EJTg5W`tzf0JC(4uAF#J@5 z5ETIq1h+a9E5j>wj#t}hdKu=K4-Azh%7pcV7TC0H@oAe#I{YCHi8BuU(BXI#1LL?Q zr>zA|fRP!`aOXEh-}`4FNTB8{TVa6?QL{w<*I^-kkYlG>lGzk1_2?lsrNCYAbu0$t zvLna{VI-16mNV459V?nfKv@()sZJTk6Nk6v5bcxWsV@RgUFESzgJ@tP&D!@>2vbHs zx8axW>}#a;V2A=);@j|lBUvR8%yi;?@sPf3#C!hii6 z-MCo&z%XlnVma;rc=6L%?_S80PoOCZy-x&N?UNe`#*c~Dey%gpSQI}y)$TCqj?_`Q zravRabqarq=jTNZf`x*y!D#}!$M`s=0-Sb_&mFA#u@I!KOOkm#B7Tn*#*==nmS%jc zl?eG1=8F8)=XFz_M8&sLKSs(%QiVTN%3rSguZvgY7$WjrOUObz4ag2xmH{!w?mtok zD}0SyZK|ficOlkYD`a;lhcYi%w*W2Mdz|?b69u4K?A=SZP|Jgu%NTtP4iAQK6@$1Z z2R2(lV6%V&VP3E4X%Ndi!g`tTX<6T$=eTYQMtVzX-AHKVi2c-V9y{k4cm6^!3nq*z zl0&Y2u;+I3fn1wiSy3#4smxQHA!)&>QFmP1C2T;X$uNd~!xT7?7uMELP?WjlIWq?z zVy`nJxR1e!wMxhu`HeNdvF10{{KmSF8!Hm#=9Sfub1CYb<$H0UOo>K>P+k2EZVc$uEic|2bzeEmDiXwrWQ zStJyKEiK*}lm7bmM~o*8T_?2V5XfBY^AdW(%5%k@z>5S(|8Fy@IqYS{Dn40YLtikr zD=YkVfmMVOj9i-=2CCol-RK9dl+RlWug1g6U=bPcoMaJLy;Rr?X_0ybao^T1u71HJry;OMov zgQI%^6XPSb))oMc9@s|?j-G>~FAN;rA1V#$jJ(thc|}-&%NYm^A;btAY+y0D2wzAV zilVu0=^@5kI};=OWpK$E7ou`8?rA@lgCS3I>j_7X2lKoGIo`Z~FdPg)5H$mD)CE>* zs%1RrpQQkw#$s(6qZ0&TV14Sb^e3%4=~m%!!S z3xVc`Rgc+N)|sh1W+s9tG7?Id%EFaI6gZ}F)r4^jdC7lCSp?RPhS7n~1PS-{gOj^s zgdm8|`=6goeieCEl{RKLjfhda#IZj; zTLMopA%&_>jdg7Oq> z7AxDg<;oxBGW>n=5SL+M@Q&Z2XT?f%6Ey_THhEU#FQB|{n}3HN^1hJ7cJ_8>8SpDC z1$9m)4#_6Y#8-HL^1rYF21+5!o%F{de3 zBX-Ip9ykCM8G@*c5hs{4SuM^C%;Ke2(jd%F0?}!VYJ+L%>bQ%=hTJ29){q!+d}s{S za=F;R{;Taf`>KMz-5r9R)J#!eZe+oyOaPvFTQlky-@6k87`3gNpkGy=o1R(EN1Zoo z5ksB5j-frYFg|NmX&q`ArFDo>0FozksHI5g;HewqcJr|kI@I%o4i;ObPw1e5-qRfv zu{S~nTk!9b(ZNYabIR!8yS%AWI#`w-G?pUEaaIl*%`guY`^a@mdZQg{R6E&@+E>gj zHBp9hd?DF=Xh%t(jx2Jl4jq9$$AmpH4aKnS)8u#vcd#c*HgPV4<}9l)9xbx#5h;se zTVi+Sk4YZZrSncl?&|Z*W3k-4$%&IS%r%L{a@WL0Z`r4;uzg=&)m89gfvA@JYCAMV&AqcCvfn)EZgT}z7$aHNFPodp%VgXA4aLP|UiPf)Ekqa2>`B3-ib zXwD^8g7PGsL$pNT(U)ysG$)^bL`DMlU!Lk^rBc1fDxB)VFU(qPPDYop(B9n2D*wj9 ztqR}1=9Z|1+=S@CEwfJ05;QLR6N2$bNdX5!n;_?mXNNpDd)c71XFng{AHZ31*Z24$o6Ya7GpKWp}AmOnJ;XB=M%2%n1LBSsKE<-u|aO;4bhDV@- zg-!+UEtIV!2>$2Mvk~Oaxmm^0%>Y!a!7U z3vO~SKJ>JZ1F~zgstOB}!E?pyF%K-{91D7r7dW2au$2X2-L!aMUc$0z-!7W>rlBNH zB*)W4G-dR=ug})=BFfC95qmM$(33yhO2{*{xbI)R#AO`e`21WpVfl{b;}Vrkd&`iZ zd>3&p#AGAg7P$`;%^#wk@)AvARWquQ(X}nh%#^vb-N~3wmIDZfJ#`_tNTRR zo?DGxk6a9dt5{(9$BA94146R(WXGCN|Rx zEi6mjhK8`TMA1qgE(I~W2%Q4Fi;{+T40z6QAV(g*E~$xHyOkTLR`mHrEkPaRZ6B-J zYlB%jzNSR?e%vZK%jX0Eup{8AG_(^TOrwxcLYOaszCo!x8BvSEF9aikcegF~98`l= zV0Cr$BZDQAiwOP=;zGzYXAFY5qm3e5BIi#hE^K%Iu@rI(2up8A%lV*{hYgzKCo`3D z*4%T55q2)ZY6%AznmBEX*l0**KraXUxI5LhW1&rx=50Al9dnwic~M#nX9vwaF;{!8 zVHt9?-(YiYPPNsTli?G%3auh1`ybC9QQiJTB;x0H&$XGKwzNuR25j2w1)sTshNc#I zq*8U{kO@`~#(5sPfOJ}a+QU880q;2ELsg^bPD79Uhyy(mGxDGLp&Y_6&|@q*V*uPn zq76SGPdlBjW9T-B7%X%;qmxy|&V~t9UU!RGZ)&Kxi<37oyui;4ATXP~D660|g8#3= z1wZ+#z!aGg4cWYU0Ci;_~ zfA8e{`*3y|RL^yhEy6+6HemrE_=-aK2i^R9EQT3e^7e7`j^0Li$J7?m!WD8hpF$pv6n#npha>Pm1CUEPqTC%a@B;$Z;5kN?KwU)G60qbt&(xR> z+^@R>9;Gt@_JM-1u?*S{^f*48hr;}XG>;CWR-caH{B|``vQu$YR+|5V@pdCClR8b* zLPW@>(-j?1j^rz^d9ii$a)$m2(eG>^*~xCR#D zJgX?8Kwi(3(A($KW1)y(ut$`dFDFN=G=>1l=%qJbBT=fuO9!%cy`gd=S;u;F9g1z8 ziLoh#$fbRG?WmZ`*_3iNAZFhw_52D^$+?*C9ejJG%My`G-H<=I)Sau;^^;sHEo$R| zNI0tJ0{0y#wz+y4v@*GRnMTkB%Z;UqyZIT!GK|$*4NF<*iXaQbz5(26LMBAytT7&x zMMv|hyu#~(Y2~UU+0B?%z69|r*=JV|4~Z}{yth;4TVJQjvlm_p+55Q5acBrV;s~7X zFN{jp3(0MHRp!VtExA zAVv=ecq*QVA2^cp!^-hP>t-pPb_GJA-=Dy#(O zlJ}~D4kd!VfwVM;>Eb0Mff%swV1*4O2_k9?`VEL~L?Hk9z{?MWfB_jZ78%Fp#UvO} zsktwyy;lShay@MUWy0bdv&o= zUJzR#i*0CeR4ODLpjFOv!Q+r59A|QK6roL-Rm_FGIRbxszldo8n5U~z);EdQAte|K zCOe`PN7NVI-_WqHh}Mv!1>}5xIXFa_d0672pUqWVu4aV#0z@S}bgoNG;-}~T#{X@@ z&5+oU|7}2q<#Kbj?z!B|KuGkZJkvxU?+tf)y^@~;2xP!9{ zt*-tJ27nSe*)u~Z%rFEaW5E;hOga}j@fK(90w<2rnG2iWR@h{qS!CxxUF`_XeK2>* z8kI9A7NldU9g8iJv)!%Lywj)MDL({;fL-$Y*ylsPK~rRcqRayojcHp5SFfVOh%I4A z9$PLxk($q7W;r>NbQ9i7-KGgCs^_AaF3kBHU@gE6j_QH^(F)za^OE zRP~#eYe4Sd&}2PzQ7BE;)16{@yI8IiafAs!3C(_*(P@-fUew5}oG{x!4a8&wTlbFi z&i9uzf9fM z3Tw7g9WHJx(!42%rCLRlLPsoyz7dd!98`hXP+JCkj5W@+byHih9tDH)C9<0S3D#QB zKiQU8F-kPKI&KzpuFuKn1%?XyW1QzfJ^1IVMsSI~b=ziT1I#F-4HFd2oU(7B*V%UX z4bj-Gz&?mN637+i5L&W04)$+Zdu&oSL&%#k={umBBfq?TjWnY>e>Ew9?btCG9Ru(C zfn&UaJBPrlOcS=FPZ%U1{$Q3h$1zxv4}*T3+E`I!RgXQ;7OBVF^6V&TfJPr*of>s; zGHdXIQ*Jtf+!l3izo`8-GcENzT4F9--=Lj4b`}msDgZ(ErS0!Egv>2|r{QGy>)p{Ghxw1_E)2 z;$S;GM6zl+3+gGy{MUaGR5Nk$Y6}1OI*UR5LDI9xH3XT6q(O&V%>ne*F!W0Fh@k{sPMTw)uCsJgsb$ePyOa za7IWNW7hF2ECqE=Cgp0uTgYQ9_R5sVX;i|eL3T+?F#HDGfH?;UU6W&22(g|;4dQU> zG426M8gd;`8$=y;2h4qKgV`UTa74yD=8y`6o;&n}H&hNtd4p z4#E0x8gj~+Wo&AX?@?uZ?>cAA+LkWpSJg)|HtR*6jrKZ*&d~zlHDYb!t!X} z%o@H*E|ehK9RdX+hg>4ey(g^YvfeuQ%C@<)LnZLO;8rJW<5YwnX<^C|qNh8f+VkKs=?h)s0_bKSr;b*zw)@3a!!@OKHplwhkwd5X%J zoopZ&)&Fpw1SVtNQ*nlqj3S+Zmi#beh4&)M@jZ4d>h~t7f6(gsT<}c(({%Kd$90If z&(T6GG*jxKMzxdesA+LbeTV8>Iot8Y1OM|KWk?fo$LdfKoHT2Hm+B^2N`tP`%M$L} zECxWI1^J8$;l@Otu5Es`*qzZBt(;x@d2(WRYq!O}UzfFeRt^_~$3E!xKZLAF?LGN% z!&addwhFa~Rj9u=XJ*(+)WcT7&xThB9FN`Py7t2jKWh{Qj$D&|hPP|!kO4|pNZpyD z=XI)&LbW~1nd;KgoWt?}Ke~jt*`Ln^md0T2f~TbMoq%Sw37S=?&m>p|&eJ&(pq5+T zFC*}2k-;@{j_GiB_%ngK0gP){%`Y6{2kE{KIgv^vAfr+6^Mtq;gJ1}1+m&IfScbn9 ziyLOc@VhdETphru=Dy~{iW{Vk9JH}CNdyx&8dX-|R2P0>)|vq&2lwVyR{1v;E>$5$ zcgGl8ei~}z82ujP#u;R>QjZ=Qn7ZSRi#|j@){^?OWBUxFKF-3cE&LrM9@_h7b6ftH zDF#wc^bWZZ&TywUMxXPaU2@{8ZEenlx`JWM=~vi(ly*c`8v3cJnJpz%wx4AW-tS}o z8JP)i!lX2iFu`XIr+k&F7!>TO{L9#YdoCQX0X}7;umH!73Zdg+aL*wjq&$i`M;?ot zRUDnUo3_EF-_gh{aM_@orGBFk7x!Vg&ox@So)uDB3fxRvMpTk7H`XHJ)VR2Xkk?{y zA7^EPIsErh9%qNYS~MUmtoJ%t2>{#wC(~GsVgZ;gxTT}sCQ@Q6Gp^T>K5A=3LewzS zbR^mYkuI4ac2w!m=R^`^7MQBt*O!Ab6PaRA6h;Dyz}YO9-`87mU#rsUKI)wDvQ{G7 znwbQNnI0ounsLgPbZL{Unu)x9(}ojFG2?V)19M755@m{v-t@UP)4=iv=kHFj)%X;{ zcta`JBY`H63SBBRVaRGEbxF##>3Nc=$6w7ide!T8~ok~(UB%we5%}0;R2PPWyp@+Z1BuSYlD$+uV!2y-NqP3 zTslqEs$xGd6C9WB*0S8p$n4ZqdmdRJiv-xsUepyK9Ee@enE?cHFtFJW!plpEL8O;* z_^mDoLyEJHKDTxf-PA|h%0Mf1C5flgE)QpdEu4nUCniQOI9Qxg33b>(%@DT3k)ltD z$0yp71Q4+@=tTnwdWsIkPTKj;#`w;0YKXzLCJcakWCeHVtX>}!1c;|VEe*<30^AgkT zYM$6Hn%wimep!ap<_S^rgs2}NA!?pm>s==F%X4eJpT`$@B0qDv@=Q&UVkFPhCw}#r{ z)mNd*A4;4e3zAN?9OmAGT<}xK`xD|{D++<>a~HNsjjLwlk|a!{B%6}8$rWuVZUo*O zd(b@}x);A4*@nZe7h2jclSx1Yf-mP9qVXZ^5NB=B43U(MF+?(__C3xpO>kQXCA(*$kZli=ItRL^00B1&kmVgdEcydfzhMB$;eUEDlc)yDHb>~jeLKnir(d( zoq$*91dNdhy~`?WM*yQRS-)U7FZ^64$S{iFxVU{;#JS%K|8a!>1mw=4R1GYhfXA75 zG=}YhvJZwPncmj4!Q4X8uGQ3l)flKF098Rv19=TwqR2f9CrT!7oEf>tm}ftO-u`JD z1u7p_JT5@@E*RgPDxlg(S@=U3ffibNR`~vZcUXOLv9?v|60vPV*uT}9qyHOt{cbjW#jq|&lCQ^FXo@a{l?__Xs_RG z?qADisH}biANLPo-c6V{G~Kv{4~}*l*D&SA_08T*b8vol`0cQAG}xP-yd52!?hV<) zX0v?yHo3WPm3xihdG%!4?+;Ip2Ho%9Ze;NUw&b)WmoIL=*Deo+Ti4~AqnjbuY~3lh z_eb{+_m#oZ!{}o8^zbCH-^7=0?WV#>T%CV>fu();HmD0Hf^vE*o;*B=o5IuR<@8xO zeHbZQg7TuC{?gALs`|FDIo8e&-p(Jtz3n`oO!c$d%EjYDW%v21IzATaUv9JlI=k5)d>>w19*R3Rc#TG|V#?|BUG?Hu zfAey9ad>n0blf@=Pwy%>_xB?A{o!7De)@Jlda4c-R=Oy2k54uJSlsH%mxqJz?6J@s zoeq`DJMoEq9G#3<`Q>t`u&nfQI(pI6%d*~KYvZ%g)dtwEiG9epfUzg(Z3H=ho^eQ8X-fB(*1!e$?fT^Q!{MErGn*1hK>;qmQZ z=bk@#Jt_%mUG5!JC#}o6{=KySQoE4$zR3?aiqt&lUA8Xe@6UVn`Vm{2{MvZ}CFbnQ z$@rOXa5wDb=|t=8i7MZkX!5yGYo5w)XPcYf&Y#P5_1E*;rt)R<@{*rWkzj9XZ zRLjRhzWeKPcs7=+U!Eqd>&x@qoqJf4`>U;2SmGUhcl>&G{MhU5G+s7$v={w$>y0nH zb}RZ9>Ei6R)A^zvS6b?xcyM}s-<eOo5hJv3J_ixoY+5MXqV;wj{mw)%qrXe06-kspvX;!%E-vm*H(|t9SBpA?zG- z^%r&AnMzkv?RtFseA#VC`s0)IsGmRHZgzIIp4t63;p9-PY;JwI8|+QGy42WIH*b%( zFJFb;O>gh=`Rt{J}F1~i>Q2m+*Pl5{#&(jc3XWOS6Zh}jmfiKemHu#n>PC6>SMLL&B?#E zcW?K;--9M_e{m(&zC4sljRrU34{qPar}uJ&<<(ujw$(*I)LH#RtzCB>AN6~^cXT+GANALZv%`~%du`|ZaJqfW z_D0R&{^j-gvoz9PUn&PfZL2Eo>Q_4@5ee|h7p*epx8$vAtpdNlN~Otd?e+RfIFNh7 zY3)_nW_KRGo&KuqKelT8X7d@=XSgTc4NDi5`ddYLeXi97_IT%_bg)}eziGA0X-$*M zaC#3WJJmPk==ospe6v|Q-y6M-gsb}gm($LE=T5(V-GSrb@#aZ=zPmY+wToZh#m)_E z;nT@=c}xHHBHm~xj|Zyut#R{q5A3wFcXjkl{<2p(dU&o%gHdhgW=nl(RnNyDFs@$C z&u*`8Zf+*c%Ij;l`PSUgcMkXNzhAbx$D6k=+QHz8eS5v%t!{0pV|Aw=Q>&j-KjQwXH6DRvm6WmUbGA zJNEmp8asS>sR?qmw6p)TdEDWfuZJ%x|K;RX9cxNmc)i+hj?ZrRo$a?;w?DkUukMJ= zN^N*BJRE+ha3%Hl4QT)E*UsZn8TRV1D#MD5cPsmo{`2_kwZU!1BJt-&njEmy71bNu_kJoQy`}&iMGAI~ps;oLv7tEe+4LR&{cCviH#Z^1ZAa_D{CN{@(7% zgZ_H_RNc8dY;Av+EBmMC!<~cL#nDmkVpC)pXI+K4r$y16nBq~9YZl>XU7`3 z@nj!nv(8}jDh<^^?J2}>0N?y2+0|;nKB*pzieZ^oh*DwjQ$VDF8@XeV9uHQC{s0f; zFUivA*BN`N9gXR-60{1V1V=lv5&L%qzreK2(Q}Lie#Cs@H~JgMqM&K;A%}pJcwPHU zEYGY0!81nCE~AanbwOiroZ4Sf1EV7{2PQfqp0{PQU|MJx5-)B95(5T!?}ompvaZ_h zeQ1%uf{=G|V{&PXjzkD)10$c{i!Z7D)u(pM_mVcZk-z0PxVHKJ3|-i%=K)u3jlVJz z<51XmaV6{m2ty$t>*_mr|GZ9Ux3%#o#f_WTJ%FoHwgGDqmT%6HJcwM3Ln#zzB?^Cy zsk8lPTr5j=2A2xUm<1#{8nG&V^*OVOGQ=v%6!8xX{4|>#gRb6K9?B9(9+g4aNl5%j z=<@)V3^yCbFjK&wejTuk2F^pFCv-t<>sZQ-F;seZPc}=h$6^+4H;#JZWFyA#U9kzk z67qN@-5nd{E~rDh-7giC2m!{$FN&iOc1&qaRoHS$Mg#W#r^@%Rm8~>O0Iij5nRm_P zv@c_@P8Q|^ycfFMB>zaVI#zg1fuB`{M4dN#NzHdR6b;d+W~p=$fjo{yRO@ zXHMS@ArsA4gvELY>;eL7a^>>eO}@IUttvbSrWsB#h3}I2)bx)wQi5G@IGuK|#pBSA z!io^h>Dg)FzG_+sX^{b8WxuUq#BBBxW$(FiPp@1s3QMJ`c`e_$yjsChGcLFF3v-Pl zXF4M;!f%w&c=I094q0Ox9d!w_n^j7!y;yJj?CMykcz1bing!wNF5-$KL+79P#_%e= z4oJS1s5C!K>Vx#l_xHQk-}Z-T)Rr|a)5b7flt(TLWb)A9T57JQ2l=yMfGvNYyi z%|Uw_weJ7-AhthsN#>E@wmK^8W=sF*4amc3`4J_pNS`A)>g`7G`$jvhrPn{E=U~^v&EkQN{n$2)O09 z+o2=e1(U4hA3KkhS@zDV?nn-dlBIZ&5@VoIG*0||TQLSb2+B)2IQ$#nFrr@>FF5Cz zkPvHp^W97M4?D(4r9#jc^yMZQTCYdBp3;Z&+`LUogH4wOX}a7%$wiCZZ6N8ZJH#*y zCPgkYpt60ll&(tiP>qC%kggD*(h3lHM^JC9$viqOP-J?sj?Wk z^L%4e5qEJ7QVaG0rEsVko#4W(?v8ID5nUaJl=Z4fXdy|YahcV7C_tK2=>}_eT6bMx zQR-cAl~=SR3C|yH`j6xZV9>9(yDxp1p52sXJ~s$;n-~tncN{BWbnqL;#ds1=>k|R^ zNvpi{FEzm=tC}p!Inz&C2WSNa%`QX+n5XxkSxu_NB)F0wbs1>)bpOy~*VaaWBb5G7r+C4&%ChLy$Q5?D64O=NckC z{%feQ!E&!6jD23v{TFMbMSA5!a~$dQgKm@!|nCzx-U(JM-w+j0zJ!vK=h>W8`dqcRAOxd;0$u5mND|~shI$kvEooZGDQbC1oSvt#{>v19?$PdbZ-b)B+rJo9Aeu;8Vd4Z8%>~9D< z(L=$naa+^ebB&lDc3n7?#2;)?wC5+~3}4y4hafZoCMJfpT|n3@+Dbhd$PJK8OuL0{ zQd`D;CNUXax#usA#Mipy|>7O)SV96%3aAV<)e?^(_#X8j~_7ADjBJLku zxB{JNImNGEqG+JYLD5H;>Kp(CTH8v2IB2#FG>&E~Y{owm4?i|GFEYj4(4>!D8neaR ze05dHjz1>jW&=dx2HZ;;*IzIM5>9N4V&rtOL_~&cQH!$7CSL!+5vEj}d7Qt3(9{`U zTCXH;4z0#@yljBcNyg24YmaEL*k$rgCjRv}Fq0$&HZ;oCC5w-j2L9m_IU1X#Z6(C6 zxjV?G5)aT4w^%W}!CG?rp+*IAMbnuYxW9f2n<^(krz6~ID^tNuLaRz{y4L%YX*;QU~ZsED`3b#o_TV4QXz^Tra?#ifLw#Yx27O(nWi&X~f)YWt0J*s}KCeMG>S_&q(RqG`X|?Ez6#q65(mmz> z@pcxOa$FPYOz0ah8RM4;>hqr z5E_pXD{m$Z*Ck$u`BZk-;&YEG5)8s`VuBt`dD^$);lG{|0Ny)o$w&`{YYsv+p{>mU z8MFf!^Pzvd=mBCMmxoubl#?VJnqalw-wfR!dhKgpuKB&-RO{WwXgmwY&Yz=qGJV7+ z?H;B2{kL@kL=GH3;1c47?;|rj@UibVLIPS63QKM7jWuy)a#nTjR~I};d<;~|_|3f+ zhvn_eX!>^GC9$t*X@xJeN}7(;HXKoWwesrTVwYN?nh^Ho zms{&d|1oRnVR1lX@}DUi z%;f$^0(V5r%T@_Wy&`yra-}o)!J-ICjmg=2_ryjAXU5N0s)EKnFvrty!ilMNzDb-# zgG_eS910`<7JFCOdh*erG?f&^vC87LYnqTfQx)~|Z=P28kj@rEnE0X((9D`#N?gZ2 z#~wLtTZb0l;lP6b09Vx9Ro9{as!^S9MTDBty-2e~`0%~;%Wtc;l?XrFzssR3LcML$ zgeuisn(_z?u@?p&5{Ui;wrena29bL8Q;|?TL)r6HWMNTDWv0FL9lzB`-X*anUs|9O z%7XN4B2o*pCDYQ;*GnObQ07{eWVQ>R0r#H)xT*jiRcg)nE{)>sGJ>W=#>@i7Sv@=> zI|^U>0v)A_12Q;RW|&pt(+WXWfo4OFA^)U&n-pk){#-y9bS)AKEV^0FGq%vLuwWvI zXv~8sWWCZNS9*S@_Oj%RE1YCBD-3NB1{>l{KEm&@V~Uz#eIbn$$du#+J|`it`kwfU zw-HS>&~wZnEWS(lt(#YYhod}c$);mh)KSZy1fSa}*=?Q8y)~3J)HhHTjFsc9H~b}b zwu0M98#eJfU6Thq=5#Nuc{3+HNwv_%6AI|K9>rIRRAel5$@IewV;?XsN(9}rX1<%P zB?5`QE}n`?|IBWPhH(K#Pz=dX92Rn$R9Iu7u46$=zXg%GTb*|@QiSF+QH#hRk8PFG zQ1jrle1bOS)ZeJF{>HZ6L2d`A8^*aWum(J)QAx*Kq`nC3fqWjYYM6bKBDei;M#4mEd9O zd&{X`gjp;t$Z_3|z~Jn*4@Se*`qLFfL7XInL{XNTd3F=>*`8D~n@*sYOG*Yz3*1sT zzws@~sNVj!Bin7XNnKkac+c?*Tu{`iRgmG+8lrx#YtaagVUNf+UEIwX*wC2px z7PeWkCw-(coFG?~3K5~1UPlX%?~z@#FAE=!ADd}J^(vlv!z3!B&MSgR$T{ZQ1t6?t z^Sk>_?OL|oBCO?)lA0jvVi;x>o)YD^eQsC}9NzgfO!TwU_(%d~!r&D$;bhWzlbHFFO{codKUcirE6R(=O1Amn_C| zHezPCzF)gu<+x)>U*$XS!rPc*T3CnR5=G}9 z_}?{zXP#kz7>Gd0Iax2OwD9a^14`pew#uoYwj^TKFCJ*?*@qMH)A{%H9VH$}{t92i zlv22tt#;+=ZN0cpaT04rFHW-;uDy`CK~ldf-iyr(_2|H`x|VU6sHBqU!>@C`_I2XI z`~= zn)=pekfnVn{b^`>IvjFWnNj(a-8jOC@FOSsWTZYir;a(7pZ&m|>I$WkcBRG3Fb}1C z8PFq8Od8RfaYd+zXI83n+KZAa-}o4qM3hiV0T8C4n~ABm@l0{_CjR^G zEf8@{9dxhD6Og@$(lFWk6y{Ab+uU=Gbj9i+HbW*~r%oa0u>-1Tg5Fh(#3Lf|vv5mB z;=e@&__b$4f*w>=#kwJ!9{qwWanwOf#~4|vdD4FB;wcr%h^GDYub>2(LYeNBrP#ka zpxcDFdu7(!+&>uCNWwx#`?2u*EJtvUS4hlrQs9TE?gpR0#JQ?ZV?{CGbgI*eU@z#u zAO1>M&s;-))M2(Oo|5OVQ-xBtzZc-#Y3+D1J0%nRi^P$caGqYMedC7J8Txdgsgr2x z8oJ_!E(1lQOWI>Q^2EnE+QVwdlLbl3mK|6IV=en7%u1PLD`)=te=$Pe^Q%zSIdiL+ zi%f|El}~bHjpHz?M_F;ez2fSnj+14^V8-P%Z3AGJvM?WCC%lIoGEa+Be3j+_+X$f~ z*-%axHYG-?SzI>DV8AsH=8ZU?oRLW?wclSu;nAhiIHY6eb349s2-}G z7C3{9%EK)e8DZPw*t9y9MPKKzZRc+9F#T1BV}om!rO4$3m}@3H1AX9#LD;xAfu1^J z43y>2lGxjRc#>2%aLt^R9zOPWH^9EM8}Tap7)Lpa+8HCg%O)nzI**81#yqaVHakq- zdo@dVJB!}=3MZq{S(6hH=2{RAT=!^PbJsOWc}x%ANdsBu4#YAncdS-Y$c%WSisb!X zPV$a_J$ihO<@?$>lzB#GC+qjuK&1)A_Z)QS!P!BKA`8HL|I@^ruJhafN=JV#FEQwm zaUQ@E?=xKp_#pPVG&VW}P%D1Se2O{fNOVfK|MEd_BF}DQbka%st5-8F5 zrWX}mM)0sSw(hePo7F##LbC5#4HY)`u>Xqm=sN*|Fb4J|Hans(p43#-)b z2ulTuz1%^Qs$I(;Bx-Eecc-5x3kbqwE21A@9)o~et=YA1*_HGFKk&g?DjhPBu1-vm z{#D6pvOvZLxS0`nLxw*6V(rY?B`}Hde=S?{=G<#)uk7-|x#zL!0Q%_^0#)z1_yQA}7=;QLcALr#?iH+?!uD3!bG^g;o%+*1Rk& z6vA8zD#o)Q3j*w>`KyIf(JBhKZ?HxzeQg4Zc+C@bwUu`)L+-`8DQu}y zI;?K|2VM17-JrY|Ev})lc#2+ZCpf=)uGA$z>{Nr_o!vTFu`L#(Xm+)B=d!4FjC7_g z1&r(OdJBhh-9xr^=U^n~;XF!71*eBl>NN3d3jQ`W$ke*k%l<%5Vkwg~DYIU{4?w1- z8ew-Kv=rAQ^Tt{8)c9}9s9ydZl;{e?svyVWm9>&r^tIK6UeU3Mj(p8g5{-X9iC((* zIS5n~Te&>5g!+}I^o||^8(=-I8Z5KsjFRsOfBRGS_EI2cE6x(tX!+CLFfT|~)4|$s zm~;}o_3`Nau>m{Vg5W=WiTST^rQheUz!2;-s0nw@JS7Q5X$idAu%V=VSpon0&IIv? zwScCm&%c>rlHDWh^Tg1plpDY*xvv`Ow_P!Olj}#OyN39F#A+N#*_Uo;b#rGJCg=A5 zVFCrl{ppgCh#IbJ&|deV;n^VnL{|=pU$)9#FmWp1A+4nRIvx@;3Agw(rkh06bCnhe zxe7J}pb{bbDQBGe+A+LqeM6SC^KPrEPkcJNhyb-(ve9h|F_S6kI141;p!qTo3EvS-XD=rYztz#`5<2(=|3c3%)xx#^HVc_}lXl(bi{p z#Mt{M#sXpXq35HX*1~ueaUUZM9Ba&pez$Fg$`(2pLuYjOI*)`0_{x?UQ;4uX;Q?IdUz+6CkXS`!ElBJuQF54ymdrO@H_I|Wt3M2lc+ z)#C26`xbI#AZH-(Kk*>K*z-O}K8@hCg2!n7LAjx!*s>RqsU?%4Il;%Muh+ zPyOk_?>}A&V;dww=$vu5t}coBNp;>WSY0Em=PZA~pO-=tC%nLN_V00h6UW>UggM=i zL2Y%Qu3HzT%8w?g->NUHQyZ=?VuFfrw;<}IEQr;Y^Qs-O?&BlRf#!T;O4tl+*&$X* zq>VZ0DZD8SA22|R2=$w|A)gTEE>l5b6qo;0C^JPggH1$gKzSL7G>75oQz>pLv2Z(6 zhPFi;>&F*X)P<=PDDkY^2xNtQLkJ;H+{g+m`pHm6qeX1G!iChq9!Vm~M}nC52^J)z zmo3_ObxQQe#HD64eB-B0&SH6pqfdJ{L!%djjV%LLL4034eD5iVnz*Y=uMj9MlF+e_ z?fZFNTrZBcfsS^^G6_d6QtyG+#B>PDYJcj$Gb}wnf*qwJ!z3+p9HfCnFoM-dKL%Dw z;zCrEwZW)ELNx-yC0YGb(78y&cuK@rw|z6jnGLL4(V?-fDNS+1ewC0Dx0A`|+fuKP zmaYEN7J-Sk{)#otXy7X@gj19?#?`tUZpGNL`e+r6QIAboC{EuO9!M)gE0S#QUOSAw zYONVZX}Y^AP0onPxFOgfA>CJuZ%6i`kF|GztsyO8Ml(ae9Jm_7Sbjrlop)faPV80E z1#|q*xTMd|u}MQ%*~nGTYcdGc3CE&l#zngGK@iJR2)9tjG$=DW9@-6e5c^XcHphz+ zAN_F9;Qqz0Q0AOqS8dK-Ecl(()wKPmKtT)!nVjyjXr=*G+dNTH#G(Wt&2amHHGfWB z{dC47Yj=}h7jfY*(KtSNN4aT%dZ9iJ@u2%b-IdFkY1dHzkE@D-A}NE%->jCO^U6YK z9gN|dFu~WJN0bnFrfSbc?EoE1axy9;l`daSw5^#KbYDEPmncpJqR=vIGe<7bc zTGxmxIMSK*tMCz5P`kSMsh!?lpD$S+VEX7{j?d#5+GEFfBC6`##)? zCoAZ^{{sYo9&Uz{ZGIVUaw;;A1Z9ETpQQSEWT?+>>G4Pi5v#X$f1!nPytGz#k|QS9 zDwiLFzF?O4nhQnGQu)R%q*!K0uiTMbN-BIRFv+2x`tnODGbS%C)smp8c(Px&N{J`- zjk|PLjb~xfjAx4VgiIZ~;jRf#nz@`d(`em^D40HnU&kBFlb-h~>=ARwHbNEC8S6^N zmRw_))~-sp5qWuwZ21zGhsD5noSUX@{==({Etn1}sqe%oGI$fy5C?K@OIP7qndz6v zD)llMY~SXAzFk@KD74;y`otWt*|#nM5zNC=7qj_)FY@0VqW`bL)IUx7|1gTGDZwNBCk5u;4*eI$zx?O)e*o~LGBp4I diff --git a/Solutions/Recorded Future Identity/Package/mainTemplate.json b/Solutions/Recorded Future Identity/Package/mainTemplate.json index 187eee6f06..cc56462508 100644 --- a/Solutions/Recorded Future Identity/Package/mainTemplate.json +++ b/Solutions/Recorded Future Identity/Package/mainTemplate.json @@ -38,7 +38,7 @@ "_solutionId": "[variables('solutionId')]", "RFI-add-EntraID-security-group-user": "RFI-add-EntraID-security-group-user", "_RFI-add-EntraID-security-group-user": "[variables('RFI-add-EntraID-security-group-user')]", - "playbookVersion1": "1.0", + "playbookVersion1": "1.1", "playbookContentId1": "RFI-add-EntraID-security-group-user", "_playbookContentId1": "[variables('playbookContentId1')]", "playbookId1": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId1'))]", @@ -47,7 +47,7 @@ "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]", "RFI-confirm-EntraID-risky-user": "RFI-confirm-EntraID-risky-user", "_RFI-confirm-EntraID-risky-user": "[variables('RFI-confirm-EntraID-risky-user')]", - "playbookVersion2": "1.0", + "playbookVersion2": "1.1", "playbookContentId2": "RFI-confirm-EntraID-risky-user", "_playbookContentId2": "[variables('playbookContentId2')]", "playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]", @@ -65,7 +65,7 @@ "_RFI-search-workforce-user": "[variables('RFI-search-workforce-user')]", "TemplateEmptyObject": "[json('{}')]", "blanks": "[replace('b', 'b', '')]", - "playbookVersion4": "1.0", + "playbookVersion4": "1.1", "playbookContentId4": "RFI-search-workforce-user", "_playbookContentId4": "[variables('playbookContentId4')]", "playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]", @@ -73,7 +73,7 @@ "_playbookcontentProductId4": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId4'),'-', variables('playbookVersion4'))))]", "RFI-search-external-user": "RFI-search-external-user", "_RFI-search-external-user": "[variables('RFI-search-external-user')]", - "playbookVersion5": "1.0", + "playbookVersion5": "1.1", "playbookContentId5": "RFI-search-external-user", "_playbookContentId5": "[variables('playbookContentId5')]", "playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]", @@ -123,6 +123,10 @@ "apiVersion": "2019-05-01", "name": "[[parameters('PlaybookName')]", "location": "[[variables('workspace-location-inline')]", + "tags": { + "hidden-SentinelTemplateVersion": "1.1", + "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" + }, "dependsOn": [ "[[resourceId('Microsoft.Web/connections', variables('EntraIDConnectionName'))]" ], @@ -455,9 +459,6 @@ } } } - }, - "tags": { - "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" } }, { @@ -573,6 +574,10 @@ "apiVersion": "2019-05-01", "name": "[[parameters('PlaybookName')]", "location": "[[variables('workspace-location-inline')]", + "tags": { + "hidden-SentinelTemplateVersion": "1.1", + "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" + }, "dependsOn": [ "[[resourceId('Microsoft.Web/connections', variables('EntraIDConnectionName'))]", "[[resourceId('Microsoft.Web/connections', variables('EntraIDIdentityProtectionConnectionName'))]" @@ -923,9 +928,6 @@ } } } - }, - "tags": { - "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" } }, { @@ -1542,6 +1544,10 @@ "apiVersion": "2019-05-01", "name": "[[parameters('PlaybookName')]", "location": "[[variables('workspace-location-inline')]", + "tags": { + "hidden-SentinelTemplateVersion": "1.1", + "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" + }, "dependsOn": [ "[[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", "[[resourceId('Microsoft.Web/connections', variables('AzureMonitorLogsConnectionName'))]", @@ -2117,9 +2123,6 @@ } } } - }, - "tags": { - "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" } }, { @@ -2274,6 +2277,10 @@ "apiVersion": "2019-05-01", "name": "[[parameters('PlaybookName')]", "location": "[[variables('workspace-location-inline')]", + "tags": { + "hidden-SentinelTemplateVersion": "1.1", + "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" + }, "dependsOn": [ "[[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", "[[resourceId('Microsoft.Web/connections', variables('AzureMonitorLogsConnectionName'))]", @@ -2645,9 +2652,6 @@ } } } - }, - "tags": { - "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" } }, { From 2776a385ff5e8192ebd65a45d2142fc5dc13a36f Mon Sep 17 00:00:00 2001 From: Niklas Logren Date: Tue, 11 Jun 2024 13:27:53 +0200 Subject: [PATCH 08/33] update lastUpdateTime in playbooks --- .../RFI-add-EntraID-security-group-user/azuredeploy.json | 4 ++-- .../Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json | 4 ++-- .../Playbooks/RFI-lookup-and-save-user/azuredeploy.json | 2 +- .../Playbooks/RFI-search-external-user/azuredeploy.json | 2 +- .../Playbooks/RFI-search-workforce-user/azuredeploy.json | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json index 8720d7a95c..830bf80222 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json @@ -1,10 +1,10 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", - "metadata": { + "metadata": { "title": "RFI-add-EntraID-security-group-user", "description": "This playbook adds a compromised user to an EntraID security group. Triage and remediation should be handled in follow up playbooks or actions.", - "lastUpdateTime": "2024-04-17T00:00:00.000Z", + "lastUpdateTime": "2024-06-11T14:25:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json index 46f35f0669..89595a2225 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json @@ -1,10 +1,10 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", - "metadata": { + "metadata": { "title": "RFI-confirm-EntraID-risky-user", "description": "This playbook confirms compromise of users deemed 'high risk' by EntraID.", - "lastUpdateTime": "2024-04-16T00:00:00.000Z", + "lastUpdateTime": "2024-06-11T14:25:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-lookup-and-save-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-lookup-and-save-user/azuredeploy.json index 6784ca4167..5742d4c890 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-lookup-and-save-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-lookup-and-save-user/azuredeploy.json @@ -12,7 +12,7 @@ "After deployment, open the playbook to configure all connections and press save." ], "prerequisitesDeployTemplateFile": "../RFI-CustomConnector-0.1.0/azuredeploy.json", - "lastUpdateTime": "2024-05-17T01:00:00.000Z", + "lastUpdateTime": "2024-06-11T14:25:00.000Z", "entities": [], "tags": [ "Identity protection" ], "support": { diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json index d74bf1e17f..6f89a00523 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json @@ -4,7 +4,7 @@ "metadata": { "title": "RFI-search-external-user", "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users.\n\nThis playbook depends on:\n- RFI-add-EntraID-security-group-user\n- RFI-confirm-EntraID-risky-user\n- RFI-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2024-04-16T00:00:00.000Z", + "lastUpdateTime": "2024-06-11T14:25:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json index f40698557d..bdd955f26c 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json @@ -4,7 +4,7 @@ "metadata": { "title": "RFI-search-workforce-user", "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised workforce users.\n\nThis playbook depends on:\n- RFI-add-EntraID-security-group-user\n- RFI-confirm-EntraID-risky-user\n- RFI-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2024-04-16T00:00:00.000Z", + "lastUpdateTime": "2024-06-11T14:25:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { From 2aa65fb060d9cca8f656b0decf7cd59240be5e54 Mon Sep 17 00:00:00 2001 From: Niklas Logren Date: Tue, 11 Jun 2024 13:29:29 +0200 Subject: [PATCH 09/33] update contentVersion in playbooks --- .../Playbooks/RFI-CustomConnector-0.1.0/azuredeploy.json | 2 +- .../RFI-add-EntraID-security-group-user/azuredeploy.json | 2 +- .../Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json | 2 +- .../Playbooks/RFI-search-external-user/azuredeploy.json | 2 +- .../Playbooks/RFI-search-workforce-user/azuredeploy.json | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0.1.0/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0.1.0/azuredeploy.json index 16f058d4cc..9afb22a107 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0.1.0/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0.1.0/azuredeploy.json @@ -1,6 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", + "contentVersion": "0.1.0.0", "parameters": { "ConnectorName": { "defaultValue": "RFI-CustomConnector-0.1.0", diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json index 830bf80222..ad3a58b275 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json @@ -1,6 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", + "contentVersion": "1.1.0.0", "metadata": { "title": "RFI-add-EntraID-security-group-user", "description": "This playbook adds a compromised user to an EntraID security group. Triage and remediation should be handled in follow up playbooks or actions.", diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json index 89595a2225..5ae21765bf 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json @@ -1,6 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", + "contentVersion": "1.1.0.0", "metadata": { "title": "RFI-confirm-EntraID-risky-user", "description": "This playbook confirms compromise of users deemed 'high risk' by EntraID.", diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json index 6f89a00523..49417cf916 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json @@ -1,6 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", + "contentVersion": "1.1.0.0", "metadata": { "title": "RFI-search-external-user", "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users.\n\nThis playbook depends on:\n- RFI-add-EntraID-security-group-user\n- RFI-confirm-EntraID-risky-user\n- RFI-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json index bdd955f26c..4a5177a53e 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json @@ -1,6 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", + "contentVersion": "1.1.0.0", "metadata": { "title": "RFI-search-workforce-user", "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised workforce users.\n\nThis playbook depends on:\n- RFI-add-EntraID-security-group-user\n- RFI-confirm-EntraID-risky-user\n- RFI-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", From e5980455d634ba9f662850ffb0e66b8fcf370ec6 Mon Sep 17 00:00:00 2001 From: Niklas Logren Date: Tue, 11 Jun 2024 13:36:36 +0200 Subject: [PATCH 10/33] repackage --- .../Package/3.0.0.zip | Bin 23520 -> 23519 bytes .../Package/mainTemplate.json | 10 +++++----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Solutions/Recorded Future Identity/Package/3.0.0.zip b/Solutions/Recorded Future Identity/Package/3.0.0.zip index 1b5613d9efeb7728119b2f997a268bac73d19b52..38323e4e6b9f1c4772f95e625cd8937bf340b697 100644 GIT binary patch delta 16944 zcmV)XK&`*vw*lX`0Sr(}0|XQR000O8MQpJQxCjYFY|B_u0IFhKlg$Voe`$ByII`&X z{uMZy`;L>F$Xe~#xij-3Z?U}F@|vWNE=58TEsB)6NLKpxIq$c;pZ0#q1HeUGKoX>= z#R)y#J+_3U08|yK3bp+82LOft(D*(aa)r;J(AV{m_PJCtKiM2|GS`DcDC?WtPeX;9 zyfU=D(@NEHWw%(a7t58Be*j04GR5s~;cz5zI^2BL6!{;8k9d4uk#+RdJybPOk?}N@ z%`*O<`SlR$oWSXL{=d-Q=o8M+`-+Mi-auYa1t@?cLr3$2D-{k!sDdUMv8Qr68czd7 zpc$i)qUv8%t9h5S#?X=}2n<6Eo`wf)DUyME0^I@@bQKl&r)mnQf4!(r3uu7937{iR zGUzbA@1 z&_)~&i#Cw|4JLh&?*mZ-0#wB@nzE}ZL(=@L0h|s63+%ti|Nm{BQgA$$ef95P!hQOV z@Dok;ZsP{_2v#V-#Al${h+-cJ!Zn0!5F-M{8oV$YQ1r0`e|h}d#>W|=yxXw9-+2H2 z&zMEK*BZX2Q0!t^>w`TPkP(Cg@6VJTXvmy2)kR)Irw0-4pNqVzXi8THEldP5l<&Oq-r$cG#6|8!c}2XcXcr?CfzX8j#p zyr<@H9@N18f4(W;ue|V8w#!@FwVmyHb!%sP)Bdh)e%ThSsoI*gL(W`*$<4vt3!8o8 zTHVc2v&acT@le)Pu6a<@AaAH>hGGvhf+8Y1lO-}Vvmsy{(hV9z7Z=QkeNH=yGO+fy zVlwxN|LcA8251VEq${A0;08F@f&!o2&nD!i@NUCFfAUR40wQ0+bl8=YiMH_(#Ec)D zz`pldBgkXythhOgn;$sTzVZI!Mrj5^%i4sdtckt8u9Y@E#`P|aq~gX$Ll$2QXmW#h zF1RUMhX8kh?u>QgY)W8{h7Np}BWT{YoaBJ$a1*>`Az-?w*9ORv2d-2_FnH%kt<~z> z0D6|;f2Ng>TV=fNjgRP5Hpnl)Tz<=3zBNW@chdFB0>d02ZpX}7DEMHbymwPEZX+nV zBD!B~{8mM6F!j)HL<=|RMi1nt+VIxl1Y3765KwMwPcYG$-rWuevT8q#Xj zi&mkuQ(arysm9YzHAp)W`WD>*oGcVIZVWwCe?$GwO)p`c{ggs$7fvHJlSZncG*V*% zklrnlI%-tvsAWbSH5Tfqts!;P7^$PSw$xFJr;b{XIyA_se7{J}S3!sGArJbOZu$uA z?k5mxLl-jIIC3}~>C?;3Gg5rWFj(n-xAE8CuBIJ{lLwlGvZxae-)(fzy3PNDQ(Zmo ze`cz)t()F2lI-eKva4rCc6AoAtFIy1)fvgIzP4mnk0-l&DA~bRw1-IkrBR*tI||VS zI)~7lr(HOCY{iks788K{4o|DmQiAN#Fkrr=@MnBppgi+ia_$ z_lqQ^Z3u1kC(T;FEI_3ae6F7c^xop74QXr%cLiUIex<8j}=XnTJDqEoC{ zOHbeSYesO5fwqA5t+hC7ZH_(HF?plad?yPI*x}D3jYAH8X{C{>j70&>Q?jv=O^FxLY6k^vJ@@6X=Vf5zsC0=LbbOflp{**+`J@OVTiEX6F0T z+nw?n=zM2yhxJb3{g(2&!)_6G4dQzU@_hZb>#x5(UsPn z7e!eTW%JH75lU!`M6E z^tl{(S|q%eXpG84Ti1=XT`X_o8_UMz85EQo%Yh`?p(fBg;-;D{&UG%Ktz4vN8U3iu z{-%5yz#(%qRqXX5;X+$$a1skdH<0Kq)GZ(l2ck?U;20f$UU(}}9vOPn7MQLUeT9s5 zb=kTN9SdWgjWXe*#pAE1Er-r%4BLXJ63u4X78EQ@#deGl82mrf^NIq)7FpUvWNC}S zvLPZ5l5H$1InE^6&L8n@By7$sN(9YB%|QR0oyxcvvMw|Pq3zl}U1>MW<2?vF-mapO zwpyFhN!KWU3RMlc(bb97GlHnl6*NLn!gjHJGlONqX>D22(S(L9v_&}p8TAHo4ci)s zqY+~Hp>6&Q+x1WuVV@@w8)vuGd>o~t2-7$&@#Twx{kt{^X%)WUF7GzJLcM*5H>%j) z??Zmj7Q1b|4=p-)6*XO>?b^os|NVVK6gC2vE5rJKv528)dK|d33niYZ*)rG{w+QCG zk~ZFd->?PrKfk+V?q=i~qNp}%eKQ6>QX;Mta<>w9&O&L7uHX_O4z2X%FDPTb$-A58 zzA{8ujV|kV)?K%Uj}7mBJO|zQ^ZnnYAslwF5b+->?1n8ggh9~3E~G@6`6;~F4e}N9 z_G&wS=iU}gdY27JYIBI>@gERdbYltK;CbTXy5^+*`_N7gCLkSho6sr8r6dp>9ihvb z7e}1bwzSN@vmuPR@iUY@;%;ElsD10=tu!PaspzSvdm#${<7>M+DH23V^5o~-xXkIpd`3Pcpt+`2< z!A255Z@HZ>zLsj(B=T;%23`C6E#-BD^rR? zO>|%`8_N;mx=_Hk85gwv94yz~LnH%#P3s~)GsWP*bO5c&4rH%n8K!3zLs1|KklJdd zF1B$*C}c9&hFhPrWSnf)Wri6kCYAWfDTd_53rJ)nkytqWtH{#Y#{z{<-Zf0rD13=i z!_#Y0D&#a%Ff_Rm4#7oiASe)$T{p!-)Fkk=ecXT?H;HZ~JOXe!>ADHXu7P-eJehen zY(}fa_-WA~?(K)Fs;DW=sgM(*Ucszpmakgz*5W(d2&u>B6LSf_7N(m#`zI zvwaGVm1ZK+C;dB{GenZtCHp6aPlSV)=KXCckfwN-n-4CAR!p!nzuP4kHHObKVRO<= zVFrs?R-X@?m=>|%COVhcS7ZBs>RIYrwR3B{wHNBBdxWfMUlH&~^=dV1g(cym@SNI7 z`bV-zEyR>>awWuWl`A13ldnz*S*7@YGn4NTjRQpEfY3M)<$$!G3+AL%E|}+nc{)gQ z!Q4G&1nkF)U@U7bHyE-mNMa&EGJpF?J!iPvt1 z1PDW#+f1Je>$$M*43P`#AQ#qsW9C-$^->>xc|pEfE+-S@DW3*Eqf8$ktjQLt>G*br z`=py80nxInJ6NC)2oj$=vNvM;c}f<7_%S1g6s;w!b?$*hpxGZ$fBTS-A^6^R*bKq< zJH_%RS}qr-hdkFAXBCWp9~VcC))hvSVlcSA?avIsME`=Q;nX9^kUrxBW=`khKNAXMlIhAx;DA$=NStQJl29_dSZSV1p6pI8z~Zn10ZKAR6+$w|crucEdh&Mi zDSuaLCTi*swwc0SF0IWtU4|R0x5@6q@ZO%kp)im0G``?G!Lzg3&6IkQB(4*$v!6ZWsexY#|0;M}+hwSLGF_>M|t<5ov_j zDK_TKl46*XYz8MOQT8F4b-DiXr2U{*yRcx^rIbmP{9!7$eNh88nPA(71~`D$fjGiY zM4Gc>;^1Up&EhkEZft^Egbh82S_l9k6BIm2>?X_UjB0#It zt>9Bn8(-d)f(j+bY4AePslN3TPC51@ETJ(Q=kTm306T+!7_F@wGO@WDU;jWGzwJ0c zka6%+bMH9to99Af7SV7!wTTQe0QOkrWQ0HNd_?GkU{`#_h=*{TVl4}-?T@f;XWzKi zk8U)QPwq6Fx7$rZlBWfe3;s#z?8rE@oQauLW;n+8>YC5?XIWc zH?d!+OU9Xh>o;EVJE{m)G8_F1Ib+d(%D@P__m`fbx`6-$6Q@Xyct@+Z$QOx3NQH!tT$vN}n zoOyE2#hdWwnjwzi=Ltb+kmLzLDG=oeK_fdReTCMZ>G*{;4%#;VYtI;< z%h6J6OQNP@kw-^ItT~QkQRI+k-(2gId`PHW%cOiAsBess^*Yl3d6W5YPdE(kUac!QsHsMw5CCZ|D z2Z1yNQ^in$4rNZ(aU+}oOA>h~V{daDC?60t9k=ZnVuLQ^h|4{AQVhUz*qOMeaso6* zcl+%S=XJu>fR3Hr?VfpVEs*dTc2VK_^RdE2vBz0PXy;i5W@G2E`|dIG*!}g2-Op2h ze}M!$nrFbxGvH>b>f{Q9Z_<^E?s*bg_X^&Opqxvbv$1oD(>-P`+U25MrlQ?~v$`fU zEzj%C$m%t@Iwz*LDcR*l?6)n0{;o#snb5j#Gopa;+GG$O8+I<-=2qaqGIN>S89SHB z-DBof;Pp}!etDri&)}M8a9wQ%*HE>8#EI`&-bpfr+0T8p@w2?`(>4>5EP}245%qVT zvDXwo06ERURJi!w%n-z{x(b-`(yDe1CE&jh(5!-mK%ZFATRdD`YY zZS$K=+svHQFgjziHH_QW7ARe-*pvWqI%crZM=XfgH8((KYNv6|b1i$@=DC&&^IXfT z$hBOh&yg^bb{aL7ndc}_D5 zNa!FP;poegS02@WCo?N=@Brxft(>oyeito?#rfv-Y7NUslWgU$U`&sk`sU4wPVI-T zdkVyHX-A@x8qXn8WS@iEPgZM=6!TuT>y8`q3lrJr?9LcPez(lpwFPI^reu~PJriUG z4I3i6%-UfyW5L#UpRl_ZHh zbkqZ!N zsq*G5KOm+`q)QrF$$>&Ec`0{XE&ZdfOp3ZvMCV<9bR|IXRo(PwamR+&11ASA?L5fy z44CD~{Rq%iYc9aSF|_|Ap>>Ze6>W`6cqQn7PF>Ro>TE{ClP9&$liIT-wNJV>s+neX zHa4c9TWzF>vTgyJc(LXt3ARrYl*i_9XkjwqjTT6oprxw@PgsM}H94up6_Pw!fjs&D za+Cjm*XVO3O#UBpr>9T*?*}hI+JAr71PaL?ZhU&fY5(ha+W$<_{%c5n;rm7M1fZbR z{U&+;>we`t^SuAmjh!#?zhi>Ia1=Q~a4M2$7XB1__-V8lQn#B5XWTFuLQG|)D=VYm zg)O4S3nPTgMW^E6bYJ@(6pbiC;P&RieqZ~4EL8xaAFWeWBRE%(+^eVv94&U{q1hID zh$Nkhp2<3DMz0EH>eUOZbFkXdvT4)#FS5wNYInqiYgv~xaD820*FB(Nf6PAAqxKyhc{#0&*W~>{x=|#v=SC81L%rJtsmh=S-)6 zV!4~C&KZdx3iGlhYf-jDQIWJE{v;frEhtzQjGD?XJHuBF5q$WgnFqc!MMq3cj5+)% z+hQXjFu7v^jNvGK+!Je&movx>pfHP2(Au-#4+sQ{s`)bHqzR`&yqHxi^W2;sGrdKZ zwV5}D?Tr-dNkTid?XB#I2UiLi!?qxQs^r?7reHd5*`OnF@_?ciP(V$yg#l=7D@&VL zS=wS$?B`Mdr+k{WAkqz9n~L9`qZXyIv_kE=`1KhzBT-fd9Nn$OYKwzY)iEi?R0(Mn z?!FIk$OnE3VuF8}kj;{mIDpN0h_Q8c8iIf$0o$(dK<{nUhOZ++l=DR?t1VNQFWSGv1=X6O!8+D|{W2kIJ0_ngxO6E};GOewL_D5&PJ_{zcM7wmMjeAr&jbkw%RXwq3S$m6J70Q;5bqcWvCwN(PxRM?BcA(!iZ!?nUj;SrnLmmK_l19&>>+dLYEm#_le$D`#R2E;ZedBSiU#oP&&1E<~S| z88cza)|`FRoFsX7V2v07f=imVC1T1m!Dps<8Y$0p-h?$Xq~2RT2`60P`YAfgpyRMr zr={V57L^(O(jd)gH}x5Bm^p=dNSj$Rx}{&efirEtGk5R(8>Z2JtZ!0Q32|qi_KyKMJ4-h7fT&AnInwBsyx)flvk{WI{1CoR}H^ z-IL6>;n(VvCh!d;i-b;TJZ z`ko6BYx6sf-ZYClE{S&MA1uQo#6S7nw$^vsFJw)DHnz@xIBpT$GHp8ye+=94%sotF zqnHEcR?hZ`BaGhG#n_DS&h8w}xK||7+R03;IY?duHv5RjGt2g2KOBzqsp(T2od+{W zFC;NYM^g9!K)=WYZ-62r>c9yc&}Qop)IbMm#C#uWWh)xvXgTSHbkt7rGHpdbc z7_;w8^hH{K`c5;Bce4-?{+XY@Jy^cm+1SSzJOW6&aNkDni*HCfh6{_$Au(pQKo^#Y zsTFVja$TJ4tSIJ5KfaUzTOxJRG<~%hCP3o-14ui|_tK7R9CEV3N%4DbM-eg|5!6N792FM06>)@#3~?!(LgoyJ36zM7b~v!hg}bA| zQk3t1j=ZAms&A2vut`q1G@_i#F#(Xua}ih>Ay80vhW<45tL;i^TAkr#nj>U-52=MBX6P3A9w!c8MNJpw z9++VXATbf(ot0}03g`nIa}GwTsHn4NJb=)D&!6ZzX8uSLNbHS~qrb1u%FsWl)5LnA zzJ+)IJKro5?Nd9|CRQEN#LeX>?;9oyuh_Lfe7^&S-sg1l%^6bx&XSq3QOdedQb4PN@SkQHlNeY83wSnK4fZph>VPS|#HWN;N z!?cmo##7`m^Lf>UAI-bms(>49+a~GvstEaOnzwBmpGQbcM)X zxQdM_mEgY+nhniF_Apd!5oJtuz(L%El$Rz|(VVoF)-13(0WJIdDupk9xvl-lk}7Vz z|NDphKe*ZucFzOED)cWi;4(5d&Po!0dIXYKuV*rk7fc5Sv;vl{*0@o4B|4{>{R~7L zdWg@)%~3SRw|h8+{f>%guZjc%M2rG#-EDmJFa+Ra7mgmp^8iMUHSz^4dNBODq2lsO zg%u>m$>w1rY2K{`a>e!Y*j9+2rw2_#n5r{cN_C=4aTJ?uF2$HglW!k zEBZ2z=o?R1#U7M#Jq#!myCRg#n1H`*Vu~V+wY(g{OX95ORe_ZD628f@Nrso9OGBnC zCL-YXcV;iiwq?PrC5a4~vz6a}imhZIFJ$#vxxQ|U`^pf3!D1m!lr?aUgG$VGvpl5r z)57OGAX?G@`r%MM4Sq&}H@?yjTb-ZS%&3KEo)&$|Zf;ljypq~j6j)}JAk)keIZ3SZ z`x+O4OiV0(3(FF4Ayv&XRuqUE{4Jlnuh?bcv!-PaU&47a7miDR>TFYgywS4{EAp94 z)MLA({)qb9hgp8Sp;Wo_;RQpL%bjBR6Rn86(?iaf@n=;BGp?v1T4~rNF9z#cdaCzQ z51S@W2%?7Tq0f6azELDd&idE?>}#2vef-Y6(IZdG_t*d6>zN!p>;7bX{IrV8&c~wyf+T4wM@o?fc&eF-5|R#A*6Fw9BIY z&b7HCt3^|&lVOnzLz7}+kpuyX&czb2!p5i8@wE!e2D`THzWa8Iup#WkSoU&hZN{^M zpuuOIQ`iiqyck9X_WUhHGD0n|&e_`d3`~RuHb&EXd5VL(cSo~-CZiUMrc)Vb=>1Sl zITXGtB(#fA1x<7cJ(DEpud%b5B_2S{0tKuvYQ|`!s9}bkP#{}oH*gC%dZpeOaMlc8 zydr66iQfW3dX-=or|L5LmD&h#*8y(iRB1LR*$hrnqU=L7>vH|&2@NecoX5Xe2xeWf z-qD*y^EtWb)a){Ub5D4eLCx@H69+IyAP&M1gyAni5J?hyxDX^bR|G>Mo{+@bQB{Vb zhWdC4hpF1;5BZ1eoy)3f4ix$G54i{!^1a#3!b9lo7PPb>7y@wHS2XCrV5YRgzMCBg zL|M~0BxVZWKmXHAR3J_N^FPryIIE!jE%w_qgST~OluiGC7Gn;4Hxeu#0P9Mq<7(WM z%5A0oxw`eaT>j?oW!0wln;;9$w%Z9M{K*@9VZ=ytmLR9W3)Gr6Acd*BcxHuK=zE4| zmTwcVyHMK7ArqUc@%0b1@taTsydw_&N+kT|xzPApG~5jVQ-W8I2Al@CnL`Kh_%+D* zsHMfVF>(!mIi2r=``RYh?_*C9VBcR@qQU<6UGWvSLzqi(`3-EyA7S6lzHx0Dy0Q5I zQqNDr?=HK^J^ku*ZXoM>@6~B{c0@W_&!A{)cZ)qD4yFyMV3v%G1vwYS>** z!zB&B49miK?P0G}#4Y(K!2AvU@QLZWCXkH&a3hp|g-kZx%_BlvAljKpXJi-@p=-r* zohCxhL}$tx?15V&$m8?ba&LiGkD^N4jvnRdXWdknvWGbozLTsb804Foosn*GjNTw$ zz8IJMk6pnc6af3gO;Yk%GCg!OJ5%Sj2ov@F5`qiA@q$&f27=xW7c;{ebZhHv&JF@p ziQP7T?E~^jGKK%p2vK_^EAq*vXlNbV1>l;n{%dBrv?cl0h6Z@_I;X6`W>mBjESVrtYEou*H z(R)x|*F6Y(xr^9`delBpOl*ZvXxz5Y4d>m~PQGU~Mx?kQ{~0-~BOHbZRN-A`GF*$Jdf=l*F-wUg^Zis*ByEU42?v-Z=?$IAFFV6m4iS8~?cM`liy|<`!AFb4 zN&sN7QjZ0zDJR@BcAxhoTS+Iq_8Cb_ICEZha?4;&(B3~=%(f@YT|e(4@9 z1dhaWm8BJG*Hz(*VI>$Y9B}j}XREDx?tJl=bAIjA!(|E)kQpiw4k0%;-d8V99_jP&622zc8^p)B_o8#RV52$$|T=s zto)XJ5MgA@o0YG@33MU1I#j_s+v<%y1OU%zFeY-3Eu|^&Ma)qo&*T*G74VS6p@_Y3w#wzuW@{JrNVQe1XRzacjBvG*d6?Po ziiFh_=BgLX7;qNKN|-8Y+BKP}^`Fg@Sk}eKg_b6WL&WsOnVC!1%#rOqycF{sXH0G> zl0zpoK_tH7=ShKiqoWYk9?X zSNptTJIE`x|Kf!(^NQ_%Ag{nlZ~e9^aK6!s?Rk0OUy-Zk%#8*}&fI>X^1?BEjnU)Z z(=X>}zILn}EyOLw%g$(xSa?}NZyxHTOr3Manii0pv8H9LG&c2{S8QKjYgW`g9e)ql0Jb% z*jCR3dG^DG$gZS+PuL83NuRu=&s#6)6O|x-SrvVpbUp8QD}~SdytdEhyta>PHF<5H zyta?4+p25(Y|-aPSKB9y1*b3V;|DK6X&-;r1QOC8ZhU&frG2*Z(mt7#_A%e~EtO1B zi{(vpP5k<`eYXADLS$_pXM2(q_o41ACF#94(`?}TP)U)0dZJ+xo(T+apaCW{Nfhrw z3#wz0hljE-Qbd_1=Lhz|K5)bXX!3M#V!kXC#V|!`N!!!7YR2q^`!4q2O+>{V#pVr7 zq3CiQH#1O^C*r_|zAbOZ4&kx4M7E|>zX)k>y0rTMv_516a5e-BfM#oU0L=xp@2k{J z#GfbHM{6K|_N_!6mRH>*AlGas;V^}n8D~5835|@0AANlHmWTh*${zjZ6i|cX zX?|mhxg7uVK_a}zY7>I)PQ~vW1uO@A7KcctEIp54@4q^n2Dj@UOS{jddZTgO8hkss z={5F$8rO$=XN^Ox(KskoCwm8t#`%7uNB%u%OwJGSzkAocqrGd?@LD;lS8VdSS zJKdjX7YF_3^}%)h=AfsY9qv6{AKskb9o^jBA2fCzzwSNVecfxKzi-X4uhCeIJ2cJ! zjW@VExYjPvFL(3(ds~_`8aMlmhSE4d|7$gW8;w4i=Jjx|v~%4!Mqf6r@5nmQzm3_? z;eKOseYDr(oBP+w8E&iJppScpXx&Y;ZZve`8hvoI+qgzcZd~8&-8B2>cZXjOD@Xmk z>B;NS!Rg+BJ8U+~r>~Qn`&PNz7@Sv6roG4mS|R0LV5!^ao2wGUtWb@4>5Z(TjTeQ$KsC>Yv0dLpwWoJ%9ZAy7PQ8)z5A#7mp8>-REyr z<5;YJxRthyuCfi)*PZcIdAHlCeYlc;x6S=Qdonq+_s3jv=>8ny{nEyUo`cytarGYaW>qZXjg}? zeCK$2E}xe5tGkNOd8}T@T-~@DY{8DaeJQ_q_GcHP)cIbc(Y!(HYg|nZcJH>iPwLmv zx9a|jGJSZeH%67G$LHtC<7oVUy1#R}-LDJiL?6r557#H>&2I-^KQty!Pfx-nI_zVK zM_^7*q@Sl}{JkKHkFO6q_wZzVR1(#?(mkk7T9aPnFlRt*x(r=g;N3`t$j9 zYxH6G;cH10cJ80fFd?&K;J#%e#*MOUpcFHs^#MWEQJGzB%2$MCUmz?U(x1pF7PD z$HGPV_Er))$G7!Ey?)c&5_IvoF-5q{N!`x>mFG@{QKgsgAr`EUN@zwGD)=1a6 z8%}=GUk10W?e59Tg}8Gl)L&GiGnKEV+O=`}e91Rt{qdXpsGmQ7-fnevwx7BESMlUf zs%&k4xa;ptcwKI6savH1lD5HEjT)`S6nSm~CJ>yNde`gs0T6wN~K0a7{Y_wSL5_vsc=x;g|+SO z&Vg|LLF^v!$NitL7xnI-{QS^)DR*ymUc5kC&5P%?Q|)rlY4ip=JDu)>`c?Y5eNY$5 z)8pGutxwt~u2Qbn9vaQcWORPsdb-{dZ{r@FKehU&%Kot58glog^J(en!;^YE)#~5Q8&4DNn^O9Ox^CapIsHVfU3VTI^?SX0 zbZ97#`uO7P@Z{oN+c`g+emds5!{%WB^7{N)9%|#4%E3U}u1dT5)lNym47~C|s~B)w z*{;?q=CejkW2*+Yn$Ku|27A)opmb5Gzg9-$ z=UQFlj(09f2fHQpt5&<5)-s%`V!S#_}WSlVec?zpF)HE!_oQWKSGX=nf2)^P_m$A>Q}{BUxs8rrBX zj<5Ec#@P+r`Se=jdxQJ?>W)Ih4*r}}8;?!!g%;-pf#ADs+`M#nh57mke4v7pqSrlrAu zxz?&q4o~(TnjfCZqr=|Gw$$6(J$cZ_$KR?ucZaP{PfBI~^n9>$P`fxf>RxO~+(qkD zR8K2Ex3A7R)6tZdg_{21rnEcw7xm?Q!r?41p`x_&b)gzoe@>LUN`wO7Jar~{SEoIB zvc7Ewg<|_Hl1Q%2+aIVkHzY!`0P&N5+)Rd@J%(x@iOAbg^gh7yy)uPZyha1qPoo+V zoRuH4ppf*c9|O>F25N@QHd+ypd_~N8kLA-SV{PUQ`!B1vsSm zYC0fsYFPBPv{@{`tBTR<6F`2*jwt^TxGSS*fahd1DuQyP;OLx?sc;y_57~x)UI0$= z9Pkcq_BOHAK-18N0#3vOb?v=rKz3y@LOX6?JwXG+E9{5dAi0*nft@^$tlLqofnB+i zraTZ_AQ`-)!%1R155glf3{y>v_Y4Rhg2i`%+BYob#`V@iwc&>LwWFj8bYm=?fUyd7 zWd{$%n`=oQV!@9HzA^Wc1~;{T_6|N_%^0TFtxdZIqNDkSK)VnT1LG<5BH8BIP?Q|S zMXZJS40zf&d@{6AL^UIXk;5UUPQ5l%U|Kjqk^BPCZ?lB~tY8z?r^txOr~qd+F`Yo7 zT-$xz+8&ogX(3{yjn4sX1bMM5@`yp}gr6BCYAkXhm(4cl+?dcd?itvBg@KXh!Je%x z>RepNx{TS}hP*j)RhW5ENoZ?S5U7hCv$S>I4r6oH{f7#>#B^4gRnpZ;u8O91;m;QX zY9WO)?VogM*`jvYOo^h!$J7_vNL+zcr$ZdABWW|;h|W)cnNZ9TZgZDyH9@MEg&#CuM+eJ=ZKzGm1@#|c`HfB*Wyqsjzvu* zuL$Hq7Kd0^lixvt4@c)KTkk?)h^(!`$35eXZ=7mzY7 zqC8flF%-hYcePF|$|X+j99c`N!{f%sgxs z49NY%%#1uxc#(Ns_W5wE$WyE!BRaxc0tKA1%;BuRu#*Hr|p4R^|G9liVsyIfs4SDp{bjV5QE*iSBjuV$n&B{PNfmp@p;1b8!0AM`@ z``$r+{4j8^jfP*FN2&-B^Pf8J$H`Zb9e=VWMhj&kOA05X($fQ2fnUKVeJDE!VebEI zj#c7EwOp;>lqJ>L95><$k1D19;y)x3WxFmk``Bu2BC0*WsDjVuEuBZo>oVYpgN9j~ z^VnC09R*;U=t@r_L2LH5tS#A}1?)FA^C6{eJ|NEboI{2Pd&4;t(Wff;s?TYCz<)_S zMMa+tv15Vxbknte!*4jLUJmAZ#356!?>kNxzm~Oe@r1cf$$QVuo^J4EN2W0AGg!yB z^h22QqFeHr;PfDiJrX=aej@BAVy98=azjyKsgddG>-Y}XReh{M5-irw63GCVCE6mp zp_wmph{LHIubcj$30(?oaI-kw8-FOAVKY|CR4vx`V6A%!-yI3x^}=3FN#1Q>4j6W8 z?Q;@un9r%5X~3;lG&`A%3As|;5%NdyKwszfPa}jnbUGU)vB2lUiDR!wVkBd&WPnUg(acW2%ERM6?QBiZA zWO~GE$RuEBsK~RBm|2*Q`P}Gyfm0_UB^ROK(#5@7WmGAb2m1unD+{1RQs4kX9g&a$TX-3QB+<(g3D(t;{nM@{|Jw@qB(NRd0u`)R}rgki?;@iZvn4`{m z)UFlk$O7bka9P`4zL;+ikcRG;&X>QAczlDRZ-^%afsQGTH+nKGV=rq zv(1nd9dOn@nHn&Xu?bsjTs7kqqzv|`Ht!yVeiv1-%Z@fJ%oS?W7=MYUaEh_4z!cAx zY8g?{EQEP*BeBTI=o~qQci4hse~C?c=Ie-)L|SfHl~jA4hSMc0gXW3-)9lP=Z!q@H z%)_ zIKgA-O!9P*8R?%U_J6Deu>#?yo+Lw&)SSeeJq4Gp;D7Lrgz+mXPt4JP=QJ2y$Z)I8l@0`T+voRQkh#&{oEGcAlx0IgUM$ad%Gw4?Zo0liW>x0-k zz&%MwyplNvmI5_en$a*A79UCJT_r1W`t<>8fk2ta=EK2MF@ID~0uI)ZQz?&bluWEG z&aEjjDfdf2@UAGum6Ub0PVo?u<^jZtEK6t43{h@OU(=aslTDpxw84<@(M-X`{!)tq zmZYNB+cT%Vb}x{iJaPcX4F)HdghgDzn%T-S;~qz90^^LIdpw~ZTqyqF0K7BMt&c8! zMc}5aH)VQ@lN8TE{1bWfuiRF4Ki8_Ct2-ac)z6axMJNI1lPg6xe`$70b5f>@f@b=Q zD+$J#Q}l(?lb^!F$;-Egi*oaMWC#zh+S&ez)~O1kj@aC8KHpW(53VQY&(~Y$&v&m) zaUwoF-j}(ryHoCQ)EB-=(t-3q@R(+Muh8N>b>tr{z=$znC z7iV@(rKv9^j|>MSe=L|&GMxBx30URD1O`hGnQ(nnc@kZnT!|;W($L|Bi&5fTo+oom zIv!YE6FGdg>~@k=Bvea^Ilw%sryIGcR>-wcMd#K0uq6D&q|>FUf0-bS?Z!#Wzey41 zoXvLZ>Y4yq5*n!8@cmMWpi*RdNNHX%r}HNj>|v@+JWM8!fARPgJ~3gDL6+>DjyEag z36Tw+`+#t26Jq*b_7P#`M=72f+5OGANHFkG87FE>sfApizKK)_9}1XSjN|dHnr<{W zA21K0fRp2xS!olp&tFkNNg{GBPD9BZWBlLcjxppXcZ>-EUxG*ks zV+xM!7;(`uT3cA{D+L%cVUkIcOibEp2vrOg15i?{v`Ys=o4N>^&P2{~1mPtfIIjqC z&Iw6&+q2WPRP?w~6h!im#`Rd-HImu_+;)Hqq;FyNe~j52DQg;Y&&1t%iRmT<%w1el zXl+S{>M{{QMu92-*iQ@Bt#HZeF1!gPGd6oVgALsekxQlnL!8uElzGVzqO6!Kp0O+e znAW>tbeq<6*ioeDHg_YmfBT#kZF)uO(uAeix%di&_+}0L404*jv)|`%a*JrqZPvb0 zP1<2Qe_@Ae-PIwLSj9}el!)6fDhox~#4ZeBr0FrhMVHF6XT^e;86?X2h}B65X=}_Y|h_N%ENT*drW@ zr0U3kolG_+VXFFU=48mUz8X4X$WXo-z!;+MR>G;-l%32aDlRslA^9<75rL3IzxAaT ztQO1YpPk!E1xFgxK5g!9RX&s}IND%YoRt;YeNit*GOkbzTfDHpZ>LVR^ST_6`jAUS zliNrg0b7&#NL32jSCm1N&CqFhCzDu7Ljl~AoJouq`-%Y1xzPwM?i~FZ^@foBr7Vs5 zTy;N_KS~w>7qeDM=>Y-`hm%1}h7&QT;SGoBX}<3oVI4^y2OqYM8`8HLQ!u4N0YKqa}g?| zO1V7PCo^3+Dj>s#qMqlIHc})3Q< zNY*?Eo(*!{vXih<_T+ah4wEuruL zI~uyIV<~=mZ>ju+zOIk7&y!A57(!HW%<)rjrAQ(lfrSZyEse}^iz6~_X)(a>o4hbe z2MPk-X#Uqh=nEDV?E;_qTY3NXt;)X|hw#ruUR5-ut8ZQ+lc-Z87x$=zC5f7uSu6OT zkqXBmoCJH=9OL_Ulj2h)2K$DlE5m)04OBS+zLQ5(C|Wlb`GO-tzrZnK(=P@xGiA3l zYqF+5;`Tj zN3R<=1J0V^3x(&?Z#lgU&gNNG44+D-21RNx?!^}Ux0?9TQ*K<#-!I2Wy3 zEbh9xSj?ft_t9~=fURwoH_McUDY%H;^^~27_*@_hH%HB)pXHV}D^v)tRFgDSE&&~r zV^t@AgXq2?e9mnfJJyGU&;4`s?|&i%PLX^6zEE`d`JW~0FK{J6PJ;lc^oXtN3VHD9 zDw3p3u>G|Iy9$~~l(AQ9@=%b4-a7OpSp!~} zwmB4j6#i{}0?0@IEOGz#0D6nI7H3wRqUBK_5fYFOX8Y5ybfaheK&P`E&5vic*Lq0p zs^lIq&&T1jz^0MSAF_$U96@7w3MSlC14>}s2>B%OCk&hg6+8aReCxHY0}X9|i5H2< zY|rSh(aygZB0s>JHaje|f0{Cc=DWUva2><6iDm$ZOY0(!H}IpKh0`^OnP^YLCRI+d zHp<#|yo3(M6$HE}b@QWX!ZDWKQi<(Y;$8E?VY24Umj_x^d1Aw(g zygeL1;swC5&8}h5J<=7`A?}RRoB^EXEDRgoH5v!+1AuXYfO~VniSe8=K%Hg;-%}N1 zWOpu^n>70O5!!*F$%@R}yo4?_2+4w$!o#m@lt2vaK;exc`rORr?*ZNcA^yDPf7l~o z1~=oBw;rVJb7Mlx=3xqO1Z6Y>kKGz3gk+|QVKzdWV=-PEWegi-Y(PyYZ4irSql{Ay2TB|v1M=UZbw`xYa$It75lLlYPe$mCxj+Nod59}o!ilrzf63>>o5mN> zrJ}ihMRK#qqve{ji9Eh^JX1O6WJ`sn3S)5|vk%sTfTPrCE}60N5!n44x^;cM6(Po0 z!WDttmas6Cc$Fp(;yQ|FBqb_0*)*9nrcP^|aDHvEYIN+%j7^(lzp0H879q(+(EDhD zPm?8DO#+JplXO~R3ru_Aff)*Jy+H03lj2%%0!3_-R9iy{MQqDhQUI!AT$7+%ItE2s H00000g`htz delta 16872 zcmV)SK(fEzw*la{0Sr(}0|XQR000O8BWbY=xCjX&Y0Fq0eMtvhlg$Voe`j~&II`&X z`4u?Y`;NPBx2)(icXwaQsV!$)PMwY}MM4rSij)~7tLM%+@3*|4_I}9&z#s;Y1Su-G zo8FmOTS6!RRfVcTg}?p)pzt3W--ko4@Fytrb$z7$St^;IYz{e@>%k$E^-b=lp~6jG z8Cu_IrE0mdS1i|yUf)!x zDTd0!&#GdK-o4+nr}*I-$-iaRNE)w-BMY3urJ@5vgThD9F?1k9h!>|TV8m$};M8GJ z*9T||G#&i+xiv+xf7MqENhqSO#eG;j;Z%WFP`Cfy1mF<@QPy=-oO75 zvuO8P!`BpwT`X&TwC4gcf{@_-xzYm-nUkiv$ZP2IAj16%kyjN>>FS_`i9m)DK2Qzn z#>lq@hd9QZDsmkOx@ZG&2~i@T#*$~-Y5UC?=-meSaO3?Cr3twfsytQ51-L6-+cDFa}@7m^&ZTpfPlD!Hn4Fw4*2kYkw;y zbFcWnJ}_^9rcg<`0{RGUfP*b4@Y(%rLT(E0HXJ11e?%l8@+C}%T}hc}8y`W;_`wP6 zd#^QuJjTw7o3pt2fkW*Z?>}yoW-zp@O=!xR*z4rnsHx=VHf}$&; z`_;y8Rn!Jk5B)~8aFcHIKz^zXZyips)i{E!CIFe&T`>HQ+fu1+PpdS+x-XCb@#8j@X|k?iVgOLp~mva5%Z9ehQ5h~!@y)p@_85M7{i z2+eugg_Flt9C>Up0Z8u_NgZ2M>e$MRI<{D-V`~kmV~deGw$_$9w&JN{D@Yv&hNde+ zG>D9@0YxpAH!GWE8~f;Ay6GddyPrU)e+|PfrG~0E~=?}xWL z;Qk9BjikmHY2^?>F6lHU)Ie&3MU-E*@d0WD_nPF~fC?LCP+Q zvLwppooOPJ&=`qYiC`2b_|F+L`XKnO8Qfn|I)?(_d3p?c^u;=|{3DZ*4>AfCj?w-- z^xq}l*ptlRq-b*w_WumR?#@a5HxABc-WAY3N%8lhf675hEXdZD>%@*f6m(W%&QnZYI)MkHE zJ`LcIIhrc=dXaFUtu;7_1)^I>bQkItkcIYG0#Ss@X_M&*VC3mXEcUwK~#xmGi?hB7N%l5#t01lAL@BUfnkd*Z6dO?MPbb0sY4}m(1OaTtgJqMy+qg;73Ztl|t@T;?7wpjnNfcBE+GUKK%t{>^FIT+dNQ) z2&>U${m#1U_VKad-H+#>8$aIvT^hn+2MZDZp~7z1LPHn?9qd9%l$oExo82H^F>kN7 zbARq_(WH0Tkfb(;NFM(Iu|+qQ&<&m^KCWv{>c0=|^k4$gA-4&ga$HIR!O;=Ata)+7 zNo`BZ{5u=Mm>WMs=_Bq2CXHH%E(7yZ7L4!bnV7Sokw3^6AKHyWHhIuNY&7YEwY?E% z#fI9XosEtZz#}IhrYXxD_USLnE~1SjF@MN8{gU3skB?yE6GHQ{`O8NT%WKU|!VET& z03vt9XC_4~6?`McQ0rWPeJ!egIAjen$pzwvKpeZ>EqML%9?qx5j!X zCy76?M8<-bD`C)3(r6Y|R|^)}OF?~z?%33f#H7YfY;%#Dhv4E#Y(C{Ij8+hpkbm*B zAcV*ZD>-7lj#Q{=aaVAGBSwWN#E)Z`N}M=g!t-KqQqWdPZ5uewQ2rN-BX~4?*F_(H zIOUo@sdeYKzIO}UwgpJJ%@7SERA5SRMa0_iW`o9ZOD1{S{opkZnWmR(*sV+{4mHt% zxoj-Qi0eWD-)3CU`g6Ekdk>KeG=Hs&_{k0I&XRGmS(h1Rq?lCVC#M*a7cU@@kwjwQ^sgdIYaa^~K6%$LQKRrFP7P15 zNvV+2Ou^9PN;m`;v4NmKNOs*63sIB6*Y7?r>AiDGx)jRQjCK$HX0elD1kR=HrF3+Cw{%>{G! zm=U}$7lSFY=3+2?46hhmu4gR*et!;`eI{PJ84@52 zX>K!pF0ALmx-&#Btb<%w_l=ob(br3T_~ixpYPpzNjwPXFc(Kwvmps{>T!6)41p<_0kSc^^knvmQR&SHthvB_Ff6JTvKICj;^7T_^rhn{?H+?=6Sve&|sH+Hr zk5+Dk4lA{OLE9-{zyzaJCLt-1EwdZAgWNC%xY$ArzK#g#Nv_IkPSs^f4kFSBu~Tf! znhEP`oblUU3pOnRv^w1iKJ~Qm zyjspZ42R}9U zjsw4WE;MEl4YyO9$RGn?k5x`a_~Xt;giZ){#aE1Y2*)YbvcTH@2>W*SjcfhrMkD#; z&cb=S-6SM=S}?ib4@zf8#-a5L%6fLU*bBkc#kyfz#5xyJ1jgMk#Z_!~Jqy2y{X$(b z&SX#E&3`XR12Iro!w0FDzH0&*;tw}!S!iVw(_6|NSalr#z?E1EtFh4G6}<6;waBg$(*0k^>uB{moAQC7GH~6d@WDTnJ4GWlXEWK zgg@5|aST6C2ugz_PY6nZC{G9)*)i#3Y@7#ao_~HbZTd~eFRXFcw)tOs#sFQ8mReg9 zH64pQIyz#_aU_c(hdle{TBqbgLhV{6!ULVWfm+hKP8-DOB_86zwvSyAO!%+1u;6Bc@JO^zV(Pfs;Dt;$OJHUr%QtV^^FK_izT z2x^9eRDPUUV0P^n{>;>p6h|WK9Fm_$#ec6uB3p}5m@=Ui;SNO2?MJ=|5LR{&NK-IX z3>D~5=42f=!Wpn6k%uz&HphYT0a4R&+nymd=t7RT+=DNQ0eB8O6Zce3fad6Kza8Sd zPPiJ-v9r6~GtaFB5^yegJ!T%ezh1HXdFn5aV1GyR z47hm)+)P!ST!HXSx^mGyPeSWn!J843bBS{{b}n(c$IL~$T(rwnv|Dgi*Mz3!dA%7~ zy(U-Z#Pl{LyWEKVwq?-Y)rdV4S`TbS6fj&V}3D3LIEwE|WWB=Q6o_%-jmR zUaG<`FSO?wT=NXBtIgmVs+KtMJ%7tPNv1ISxz9F!mbZP{WY1{ zdslM6X$X7$kGz)Uk+W=3#z^qHrERV*IBhc}T^8w?AXjAA5ZR?|4x1rQ+nlFuezR$t znUfkuXKc2Har@c=rE3+N5+F{;3^w|R1rfXE2Ix%fG|owKEpO+!mh)W8vktZW5%z7K zYuVc{#r>HwlXV(L0v{NYz8X9W2g-10$kwCnCb&eC1slK!b29g>HTA)Hlg%4U0ilx` z96JuQjLYvhK{!NY_s-DyOOs<9CIh^>TR>LzCDYY!cI7S?VBvM|n;& z3P|W69pUKHlU5$pe~y`zH+TT_{8rA_OTUYj#NvGOdbNgSq)E2&S1_hWPJQ!cMW^;d z*8>IOxU?ftNsZ?aDYDPO?I)`>M~Znb+jYl{`Gtw>b9QHpBEMT^?b?DfYf~~yk)8=M zgN6-}U1sgD8S>29d1mbeX4akvz_hZs z5_yIu-voW^f9I|%po8Ecxm9pi|d0f;yYg@Ps9`-zrvi?#h)ssePW* zKIPh|W}4aA*qDNDwUHvqx&>_F#hRNW*gj2A9-G6Vg~^CFS|DwLmaZB+VGT;xQ? zF_o3Btc-#ewul-pj1V#xor;6geeHWtG@=NBf7_c2`+Xg-Q~`*7v`$rx;6g!iuc9Jw zwAh)4W?Sqbl5{S5ChMpfy(*ZgS1+*6!D>s(rcLL+$RY=;-4PeAWnI$1^>uw+_kf1| zG5b)D+K0gP3G&hop=>)rX@?XZ8iCivJ#2u9eqBuDHL@xfkcU`f#}fQD7U4I+cvold ze>o9)IcGW*%iT+^#oI`E^g;|7x)}H--NFZ2L&6go3O*j?e#jIkP z7v}Vs=`Fgf&Ac&eZ=_&P656S4Z)HzBf4EY}7`6pbCD-OO1=DfM1|5l$2Nbn{0&1Eq z3_xpJS=z+P(iWp)KbHbH<8VTug|C%iLyH6=x!}mTO6FK zj!7}5N=U14_kD;%KJZfz6a34BY?h?N0c_4gjIFcN5Cj|v*mi{ndT*;Xd>ttof8t0a zkWlYKq&FhiaM+)Ku&m9gDi@XIgfWot#(;=gypZ6Sxlm|AeOIgj7n((;1rd>&q&Z(y zp{=G3WMv|^eS!k{o9;4Yb+?0;?8GREcX0zp`n!knt z!&H0kdIkx*>wlStnGMf4MjYUXBdp>A>4a?=PLNV2v`ub!;Mc!9_}&@fe?9F;k+Lho zPKbteF~|A26XBSClR!icsaP3~G-`~n?Xs<_oUCD*LNw;NYvXQKGRTZM;=%5e2JRGl zKas8sjFPmoG1?8N+HG?qF|qVR#)}Kzb{fvoZizY^A~Ko>XQG*AOqP*wVoNMWu!%#K zd!qOgr|BSP+E%(ARKaUse@{vK*rLF+?0`7;m9B+0u2Ys3f;T+*~H5mTNCJ~PeJNO`XFCajqu_1^MHIN=J{ zPtjQh9fz$tEe!{>sLbe>25C;asn2-B%qi4E+RU2KE&b{ZoN4==f4O__-!P44eUq|E zh;tKVvm1V&iW**59LcdvLmJxj?~HFzd*t3R$?jzM^rTO^Gm<}PYqNkzc_((tNQMw| zRmbHsjLv45J`W%Q0mn=+>F*qgK8Uu^ghyMt29lLHyMogcI~FjRhMXR5s!J!m`UlMT zDDh8tS$6v;HhpE}fA>-2vn7UXc4JI-UWfeeg-ba3UI0Zfgox7tQ8z;-(NTjAgfbu@ z6N;hX#LW2b&Xj~95&si_NIWX-@=~v}UsZdYTc*s^WaM_OnA=>0?mVgty2SgA{w(ws z?z$weE6yO%_gsiro8NKtrdix^NwhovU>P1E{>ksQwZ7Yae<5oMw6S%@af|4dY1?7= zW7v*o?qM1m#T+oVa&|x*Vf3~x#%6?fcIRluy&{p;PG(}wLGl`~*+)E{S+)=R(Qu?s zO`qE6JeWaxA&EgclEM!F`b8#q0~8ri2TtICHd}|F20BP1=KD}H1JY4LbfN$s1P)D) zB$*8c*MKMqM@udXV5~-7>>8s5!0TS;YK-yWpmv&_1kdqBgir;fP z0)b7eU3uDOU$~P$Z*!su=%`H2_Rk#Ba%$Gf7zXX>f0y%9UprQQ8d_H@u9zJQLrYv! zEN$V0oV%t4BX2u6rHcKwnff^f$tuU%s$5$1Opf1|xsIb7Th$Bp7h)dxVGG{ z!+~8cf7~4vmZE%j)AO5#?Nt34m0di@?eVfr7d-^rxv`ZC6s$>I{Fg ziCuE1x{BJw#d)RKD>GjoQ*rmu?aY8RP+ij5o}=0LLnbj-tGhhb93j(tNG%jGL$}EH zIC1nUYPu-*zzj+&X@{tzH}^K zX&=F)FYW`WfSXxZmiDSZ0N zZS7B%RB_||-{0l`!PSPadmbQGp?{eHf0vQDaaNMhBap;;J(GF7U^+OY6|i)*#*M-& z(K*fRXCUIxLwq)FkE1!h-NPyDcU(k!RU{Z7ViaKOZsV(mApj@4aP%Oa2QYH1kuPA; zgW=Z=6_;NstROK?HV+#~^KLDWE3Ti<_QE+Ld+t>qHzbkM|04fwBbClHY5mJee_55Y zN076}oINJ_Jd8bN{0ciK_q?+e2bSn_6Bw?2+Pb=ID`wvCUyhk7hK`%R+n9H2FfK)L zO(ypuOmmJ~(WiMt-+00*_MnXGVL+kS6`^Ft1pH+aQxsvW<>e4w5@$WH3Z%4`@J*IY zGQ1338Zu=u5dpuyGkZz4EemEXe@SG>oUQy;Y$XGEA*t%BP=*K$77KBrtbubJ zRAR21iooJMlD41wCGcIbGyQyE2)h|fn`<+ zGR-WJlf*i|uW=E`#Khvauq*)=Qq?SDMS-}%-}1@(id`l?Yg+d3C7d^Nf8n_Fr_MIT z8$J85BA>}bJ+@2gkEp+WnB~VCN|j3=UNBU-+%1-OXhr0m9&*NvKdU;JaYYT$O2aOB zF<95qQ@xjZ*fe=U5H(y6ecrqAjUqvE*1!H|U(4j|<9Ftb9(h{6zy1eb&*b1)_b21y zr&U~bHdb@plt}sE1lqe2x8sfA=RYOT&eq0fU?McIF`C}Xe^VUXy*rvU8MRn6 zoys^v?}uv2q3~TJps|33^RhQAP)JBNA4sauFzb@_j@~Sqf6vK9r)HO#d&0X6YKAwPIDk0d}DH05@~! zARfO486UN@f4DYAt|6!Meeh7*1P6WWDFW>K3rjTE|Gq1};&upgDK5W(4f!MN+u1j+ zO+z;}KS1jFS@_*$H+i66oz4wpeebsh#@;g?}qIIlhIwTieU9|f4dp&vdmeb)q%f6*UqgtCyyrn`AWXbVI;GwF;B zgCcYd^Gk{dJrkWNYp@4yjUbQDXUn|>UOkE`aXWgHr=N9GUCAEiQ20i&nqZJ`XLd%q z$uW9^eEDKr@;`P3i%diqe^4cM+q4hJC&?84LnB1(k*vrko2GGbh?coY?8-#6GQZPGNEhET@uY+fNm8am z7j|vpJV*cVaC(~#LpYs}6t?_ILev{r!OheuQf;7!df2`ObuydaG)nz+-}P8Xl$??k z%(!7PgqSfeB^69+-wa_(l;DjDVZ;c@;B?>me;y2VM{)TOl+mc_eOZWp#VdxSx(azE zDMZ`$C^NfWk&@2EVovhTNPD|TI;-0hzOHXH@h`K!MYV&ga!u^F{)g{KZLN32_hK2b z2eqg@s73EVeO>n;?By#2KryiuLZNZnLN}auTRZul)fkcDhWsOPSVuSv5vanu zf6ipM;M?&qQjmLe3v$%0mu+Sd%C_y2W@kl_IX2~Ar_Xo`Bc2xoeWd!evQ zAQTP1FCzV0F19dI%22XJyoXrD-`CMOt7h;;gMtdQ=Y{~(boIdbdIc^>OLTQvu$P5z zzCgyj*!K!eH?@tz5sA*G1@mA@O_aq5f3Mu6>PdK#P?zGeT`X^7#l@!E859)7#epQK zz*MlFMYY;RD=f3cvAFHI7>`*>B$@B0q9SQS{7E>#EJ<(ZRDRhRzH*4*!)^B-_*xW! zISxKrBvt|di9x;ETEdz0vXff|bAtB4`C_&`Vea~Qe;0X= zpCZo5oVV7L3tm}jgsN?CWsgze>9U!3)_q}iBu*YsWMvAdX||B5M9fM7r+i9XjGYHN zf(hS3D<^Oyo~taaP`j=QUkoe3aN&@nKRH`%MRcL4V-7!=h9wvd_tJ#en;SoPFu}h} z$m|1j0XF9$#?=MOCO_AlVGc=Ce;uqY;-LlgY!Vlx&*$hWerc9OO|*NY`Y9P9JgzEP zC{rf+K4ay#?1Km+W8SQM4Njm7xz(Wx-q}`f>>&VnPJ=O#du%C9fiGf?B6&s^zl_Mr zjro@-F%{|{&s#d0a3V_zhe)X1(^rxrAg+LiBo0OFg|k&Ihc;Wgut%z`e`-C09cP5A zmCVD;hF2u4t}s`OOYHpsR<(S6+cg!q{wm;tCLppitQnd@`~+w#r6nb^NQ`!gXI<5eeLp!?f&7` z^Ippe}tJ=YzKJ-PI~LNRe|%3R&3A93;&8-HD_)#Kyv2x3zZj+ z;cJW@|DJw1NAtB~0|a-VM(8@ z1();*B*M0OCdjiNe>OyRC4ItX$V>X*Fp zxK@+b_Q`AexVo*nw$B!Qj&!ws!dP(n(msCh5|sAwcTFH6{o%%^H(c6hJ1^~%NogPR zZQoMK6t!61MAyWxU)yKfuPsE@_Hni+NpTxvGAM681Jb)%o_a^4cLQxD;q?WWjjq7I2UbydK58gyn z+)-@a&=iU;*KsogHF+WqeCXTqcI*%ydrM?%O7)A7_NGg_4?ycfMgV6+umEVbW(Uw* zQ2U`u-9-F(f1-V~24dez)M0tmO#*Vwb`lO#n3-|5W1rB-c=*xBcW-(4AFb@sZ(f1L zyLk-eW~=x^l$kkV|5s;Fo>_>mV|_=^qT2%)9yK?saE65+NUL*Z{;)Z-VE0NS%UPFH z7*Lw|^}Q+ucX@WdUE}+W+3v-2Bd#M#qP1<|DV>O;e|U(Q5~pMm4it$P`3nCyCO@=> z%s0Ms)k9MH1nILpLT?Rgqs+#jO>l>r^3G6wq!yz-I3gMKwBn2aSf(e>g<{Yc(5Ot2Hg4|8 zI?=z4+0W5IV{&u6-{YGHH_AC~tKXuJdq-&9O|)(_bmInnaJ<*JK}&Aj-0t5t`xo~| zpN}fX{r&0b>+#{){(w7bHp^$PliP<@x!V|AR8Ob9-r(%G&wu%Rt4OElNX}YH`SR{d zf9>jUuzgd$J-!_X&DQe)~I{IRO+9n0~DOX4RFWiaP9G(qESNGCa?rC^B|vC;*l#qNw`hHh>&fBX z{WiCweja_T9=s^i$1nB9sPg6MfBAXxG#bAi?4E7+>jFB_r*ief&FMw+>*41QjmeiU zUxX`k*e4Q?z?_~+KhMtj2SFB}ULSWK;OY3dB&v0#dsv;cuIl=i(!opZQr`cpJl>Av z=3)1$b)|fH-mlk>xzgn4?pGuQoPRhqo?%0{<*v>qT6bSkVQZo(7hf2O>iZ*6_P zcrMq~pUUMVYlZ9p<2CuQEHmHBg^BSTHk^v z*C!8KBVFfiIr)qJGPrAPcTZm~#oZ&J{-PS4seC=vZj8IvCgD-MTy3xf+Yz+wT6=^Z6zJ^Pp4epPUb0ho48>%i+Ev zRj2jc>h<}~&9m|-Uj4kP2?PG9(k-9VpK3$(>Eg4-eH|U^FVg7C)1G<_;pb}Q{I2?J zR9a_W8)k>5`LXj-?%wIVc!{=}7cXjO+SQ=b=nZyvJKab1 zv-ETOur8FRCwDuo9c_oJl&iJJMzb;*U0k%j-0X{Ya--Rpf5N@)bye@~-@Wehx7$j& z+v~QTo-5C{)$)g*T79Q-FzmO6+(YSNTKe+gi+VEE>R&G!UnbmFrL=>(Zr|29{Zy^p zbe^8{2fcfIWGGMi`11Vd^zuR5y*QfgoN(P?b8v8VbMY(>wed^kaG-5hr9J(6w56By@o0zJef)g(vvTm%s==-1GuofQzH~n* zT~_L^mC^XQRu{RG-OJM9UP=9|)vl&BO(~ zzdrt~eAq7?KR#FG{;;-tyRE*osuu=g7}qZs=XW=^x3`mKWjyAaugzV3_h|p&%TK>-b@>y1lI$>UQlzckAgwe&!!`t{z_Qwp2l`3i^4sQqf?wt2fWe^5k^4 zbM_()f3JqqFOAQ4RaLBiu3Xn|;o0^6uA#}d!ddz0{`CCiY5v{79gUmrA$^IN#P^IGG3gNKLeuGFm5e+Gwxqrr!YP*P7`5$?bK+UdlWA&e=A+n@+cd>hsf<#vk#*+1c6N2es9o{(O0SD9fE&q4MEj z{Q9+id8S^r`gg|8<;w?kr>l0Kwhl`Tq^j-IN4xhQE}NI9mD0oLbT~9R#>sZ9> zf2ICqS{htvt?K0HbpNsW;Y)dR)H~gldi#5)kNWuJYjyYjsI~J&sT`bL40aD|m&eE5 z%Pon!Y@LbfS>@;U^?7GHn)0$x(?8sn_6Gl=zMM}uoCPLSly<%@RKx1eiE>woPyn2# z&Lr>Zv?ov2x6PnXY`;Yk$+da+9ku3$e?&+YAbygY$*{A>Q0*fTc{_^U2UxyWrVxwQ zXaM_ZR6~NZ@?91bl3w*=06NY<&9IrAh~kzDHCoL_Kzyq;+y{?0GA;h-oA0t)o)+DU z>LREBhZJ8;2P94ni{6$tiv@U9F?xLh$amQhvKFof9$@e-7jL zF5A!xz)7A1-oee@Cbk-A8v0PciFlx{y*CZWt}I4q#|^9}Xn=TyeU}>~*Ah6iljo6j zJE}FXD|gbA2Z9SEgLiZ|NsQ+~c!Y*ws)_NQ0pUZi_%2ZUhQ-{t-g>Au+|a&ulvIIk zjHMGWR-vx#;GuYPE$Krn_z}T3f98JD;HK8z!6&R4!}PkfY1cq>G~W7b+KcXw$9sOY|gs>P+^yt&PuaNx?0Iq z(bO*d`C>pVq;RJFlP)b=)GnJTQMCAY`)auyyV{@)5HWEXTjq3<$O>Sw3kRv=w_5C{ zf@F*!wZ$e6Vc&b(l50hFe@2fRZ)Og(w}5ZEfoCl6;mDXri8sI+!Oy-#jWDF-8)`%3 z$;rahg`}-yTygT_uzDpt6ss36K~8P!@Kta3>5sw@oqbz-EUIX4^@#!`sAG#bQcXH?e$BHzDLYNp&oi;h8SRIqmi*L3>RAco`MLSmC4#`=WqG!y(*yAEqOd`sf z_3(oaEYa%7Oli-;H|n0|M0_)+I2UV#IZnqK!P?8HiqkP8q-HCgQCuu$_KFrt(3iiE&e*bRZU>gm;Hjh*hBIZAJ z-j9>7B0GO%O^g=GM3xjzNTsI-umZn=Px?@H5W?L5*&M6Hk7~JE!6{3swK;CY6&_Ve z{l$MsB+7POX!fbq+C)@)h*1Tf&s#c=l-Fgz69)~mHs^7m3_A+IHqn)yM1t1rZCP8g zKMUAzZ018s+k8Nr?>UDI5%z|2B%)7M@>QSH`hb6vdWwoZ8)C--^XaB*|AyaiQoS6^ z^@u~JUf*||E`BX*VGr{RW7JDRkhWtd> zPsC26+~tO%#8M;E)z|SIu&er5gCtn2pCyt3FiW&Wc0)5?<`9QdIbJvYK@++Z*x+Vy zy0?E&ILBtJmZ@5-@4;I46uvtWzUzg(nv%TRz#K5_);i!M-Y}n2JJWz$uV{8M8xwM+ zx+CO|;DNr*?Vm;nb?9_9N@9V}hZ84Wk;F*GXl=N%lVw{cjW?xFU@DsHD9HesoT8bX zewByE?d)z>VZ9>MYg~B`maBU^-OAn$y3z8SIN2rZo(;k!;3lh)DpZc-giMcE4VeTC4HbD75;F_)F`pZq zFL3Haq~szLT)Mb-r;IA)^5B4gdTjxeNa|ej`Pj-(N=bg!KfMrdxsYS2FwJP0oLhf+ zTZO%sPm{@Hv!^IMDLM*?GFB$X#?+3bReYPc7IV~DkJ`0DyPkio>2L$nvsw(OnAr3J+QcJue*JhqTVYV5vq65y_CsPAPGB#n0jq7Hd zf|S7?)#lx!(C?xucG=OUg}Fj)8Y6%43{EkY6`11LQY|AYnuRbAZX^~t8J#1?@D5vW z>@TrN&wL$ml1R%ftCDKZ({Q?EWzamaf0~{7>`xNwfl)X>lnbW^mCqp^B6#|_A!8qjzhBw6DN2qok^Z9G9&%d#GZe(AXXsU z)RSZ=lA4p4v!~$775oq0kuZKm<%u~O@SFytD|tGDLfII`pp2_^X7i%44y;TI;GL70 zel`Zf5E10ynk9v-?v~QC+vxekbq4*aVDs{%czqaq2e>B*iB~emz*3+_OEVe1#SOZL+EJj5Zh&KAI`G*k5W-w-dVA)y*X{)plt&KWxWVA$ zlCX#?STkE$X58agO<rI*7;^Y)_5Z@t>{*}AR z-k-JVpVi$DrWAd3q>wpZBKR)2J_emc|`v z@8{R2(<=9PDK(!J@oRN&{I&WjoewX^o!04IYSB5tp)StsoJvz)N*);wNPk!`r(`(s z=Mu2WiwO*tATr_lsPZJbI=K>0dZnSmOBbWWyF5?km~=d_x+Ze?Y}xH3sYs}n6mx)i zR8Kc@Q>~C|ql(U}`C&=;lS!vbRsS+U8rzMNn17QZ%mth6*wr-wvLrN6yW#t#5<#WN z^pMiLVov8zD%itRn|PQ^9)IKUD|}+YB7-d1I~{LQ$`c|RJof?N)F#CAzw9Hz%#Tt$ zHM0AgbCF=+qcTp^mQoA3M12#f5Iz(zwHU|aT{Ycka6VujLIEeoF|*PpWS_sHf|5k! zTAYTGJI46G%N=9LPwp5K0>Bb{O~%z9C_n(QWQWX#Wm4 zE!y;o)TIeavkUPR3h~Vv`Z?q@efOZx;p7(4n%k^>rJA(Ec7MVS)w-)gDzS>0dMOdN zVN@21vWZ<7!bsC&fQv4b?OA13HyqO=k$-Pf-CW%lVJY*VmFo(x#1^DU@Y=`t%Et_T zS_Mdld|y^1r5BerX8~)YD};A5h%#TTS?ezwe97b*HQjhGpw3}K)iSA+vD!sq=h#dL zjy?BlHq$MQV}CKE#LS3eu_d}^3+^dQrmGvne~7OH^EJKtu9l$|3?GiGJ%#FIX*>(LcL)l?skDsO@a-ZB;&$ zD>&L+5=H9M>4KZ3|qXge_*Fhwez|hlKPNKMU&b{9RWL&_()X>I#85Bl+Dm- zcrTMzNkaj`lbcD57YB*}FSyYNE$#yS8uf;d{iQ68`dsxOlRioo0hhB?O6dUtj)s#! zOokH)r{N8U>1n?28ettt9|s?{P8yThOwa)kld4T80SL3wO$q@4Q~ryK~Zl3$CI&9a}g<{O1V5ZATwP%Dj>s#qMjF%HBux2 zGm~0UG6hRGhUyWMky0H2v6HV-AORVZ&{7y>RJ=XDQwA`Eij%K6loN$6%(MK$w=t)R zTt|Z1yNx?I9N}awN5hdmZQ#3Z=nEDV?E;_qTY3NXt;)X|hwv{%UR5-ut8ZQ*lc!T77Z0d~ zC5f7uSu6OTkqXBmoCJH=9OK(Jli^b(1_y?wE5iem3{*J*fs;m5C?mHP`GR9YzrZnK z(=P@xGiA3lYqF+5wAr|f+N3R<=1J0V^6NTr~Z#=@DDk74qQIRU}E7VEbzab`>;}C}Xcy34emW zw@DTaGy3;;84dpb{?Gpfx8$fi4ZuG+&__f6>$}4Yd!pVqI)wQ(exg;F|1GxgHpoya z=_-V!Are@BpjxswUMty4|6kRzxp?%8y>;kIvIe{`ZF4AmFZ|p31dxyZS>pcf0rU=S zEzYbsMa!c=$PKv7p;po?i0rj!18idyHO+t;nu7cV%s=rA0HYU&G*rAtifMne;r|Fm z!Cf8(H+RzkGYD0Puum52K??$my*K2dMq~G&%tHWwWkU48Rxkl43!r%ibc8?}21`K1 z#OuJ0PXV)nn%YNVR_!QyA7BknnL;!W?#~nEhbUkZ+@TT7rGEr|WJU6ZGQ`y*`Cp1qn&>-M1FubZFX2_|1@O? z&3AnT;W~zC6U_h+m)1odZ{SBe3#V%mGtr)gO{$z^ZIrd`cnKYhD+qW|#s~8e*9bQ7 zhHDTre+2z>6VtPkvd?BoiiH0wiT~D!lZf>y;65^P#tK3iJSKeAaU`zfU^B__hX@;g zjbM%=;TJzd+r|hr7B!vxj@yt!(zvnB9Nlx^1^{b~czZa2#0!99n_a`Ad!#F>L);ms zIRiM&Sr|6FYcvku2LR&)0r%#D6XQ8$fI7_xzNae2$nIP+H)-_mW3&T9lNFh{c?n%= z5RwHgg@<3;D1jK-p~4$O^tqYK-+9e{u}8uTZpJC^JV@K;#)O#7!xZ2M%4h~2yERM* z$xIc)Y=kz)V!SrW7&gk-fSOR+AQsU^7mpCibIrq|y`e?20hy9X) z<+$YFB9h9)o{Z2NbAblF^AK0GgcE1af0NINH;pf%OGR`2isWXIN6R&56M1~;c&2jB z$(9OD6~^K`W*@8v0Y|CPTry+jBe459bnE(hD?*I1gewBOEn#6O@hVLo#B~%yr`&o( zuKAyEdCfDVBeV$$PaEFhN;BawLM@C?0K!!|8w7vDc#V#=CvU18{}hKkpsBoTBui9o zvS~7DOr6#^;r!ZS)#%uj8JjlAep4GGEJBitp!d-PJCh_@O#;h9lXF^Q3r&0Bp&1Hp ny+H02li^x$0wZaYQ(Hp`BWcT69eqg$U6Y?%ItE5t00000pUmKo diff --git a/Solutions/Recorded Future Identity/Package/mainTemplate.json b/Solutions/Recorded Future Identity/Package/mainTemplate.json index cc56462508..da930e7766 100644 --- a/Solutions/Recorded Future Identity/Package/mainTemplate.json +++ b/Solutions/Recorded Future Identity/Package/mainTemplate.json @@ -503,7 +503,7 @@ "metadata": { "title": "RFI-add-EntraID-security-group-user", "description": "This playbook adds a compromised user to an EntraID security group. Triage and remediation should be handled in follow up playbooks or actions.", - "lastUpdateTime": "2024-04-17T00:00:00Z", + "lastUpdateTime": "2024-06-11T14:25:00Z", "tags": [ "Identity protection" ], @@ -984,7 +984,7 @@ "metadata": { "title": "RFI-confirm-EntraID-risky-user", "description": "This playbook confirms compromise of users deemed 'high risk' by EntraID.", - "lastUpdateTime": "2024-04-16T00:00:00Z", + "lastUpdateTime": "2024-06-11T14:25:00Z", "tags": [ "Identity protection" ], @@ -1451,7 +1451,7 @@ "postDeployment": [ "After deployment, open the playbook to configure all connections and press save." ], - "lastUpdateTime": "2024-05-17T01:00:00Z", + "lastUpdateTime": "2024-06-11T14:25:00Z", "tags": [ "Identity protection" ], @@ -2191,7 +2191,7 @@ "metadata": { "title": "RFI-search-workforce-user", "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised workforce users.\n\nThis playbook depends on:\n- RFI-add-EntraID-security-group-user\n- RFI-confirm-EntraID-risky-user\n- RFI-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2024-04-16T00:00:00Z", + "lastUpdateTime": "2024-06-11T14:25:00Z", "tags": [ "Identity protection" ], @@ -2720,7 +2720,7 @@ "metadata": { "title": "RFI-search-external-user", "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users.\n\nThis playbook depends on:\n- RFI-add-EntraID-security-group-user\n- RFI-confirm-EntraID-risky-user\n- RFI-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2024-04-16T00:00:00Z", + "lastUpdateTime": "2024-06-11T14:25:00Z", "tags": [ "Identity protection" ], From 521c18108a944a02fa5e5bc4b8e44f43c4e96178 Mon Sep 17 00:00:00 2001 From: Niklas Logren Date: Tue, 11 Jun 2024 15:00:08 +0200 Subject: [PATCH 11/33] WIP: rename connector to RFI-CustomConnector-0-1-0 --- .../Data/Solution_RecordedFutureIdentity.json | 2 +- .../azuredeploy.json | 2 +- .../Playbooks/RFI-lookup-and-save-user/azuredeploy.json | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) rename Solutions/Recorded Future Identity/Playbooks/{RFI-CustomConnector-0.1.0 => RFI-CustomConnector-0-1-0}/azuredeploy.json (99%) diff --git a/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json b/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json index 32b8ddb918..01f2ba0455 100644 --- a/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json +++ b/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json @@ -10,7 +10,7 @@ "/Playbooks/RFI-lookup-and-save-user/azuredeploy.json", "/Playbooks/RFI-search-workforce-user/azuredeploy.json", "/Playbooks/RFI-search-external-user/azuredeploy.json", - "/Playbooks/RFI-CustomConnector-0.1.0/azuredeploy.json" + "/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json" ], "BasePath": "D:\\Azure-Sentinel\\Solutions\\Recorded Future Identity\\", "Version": "3.0.0", diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0.1.0/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json similarity index 99% rename from Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0.1.0/azuredeploy.json rename to Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json index 9afb22a107..91b274d4de 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0.1.0/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json @@ -3,7 +3,7 @@ "contentVersion": "0.1.0.0", "parameters": { "ConnectorName": { - "defaultValue": "RFI-CustomConnector-0.1.0", + "defaultValue": "RFI-CustomConnector-0-1-0", "type": "String", "metadata": { "description": "Recorded Future Identity Custom Connector 0.1.0" diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-lookup-and-save-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-lookup-and-save-user/azuredeploy.json index 5742d4c890..570c4a29f7 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-lookup-and-save-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-lookup-and-save-user/azuredeploy.json @@ -5,13 +5,13 @@ "title": "RFI-lookup-and-save-user", "description": "This playbook gets compromise identity details from Recorded Future Identity Intelligence and saves the data for further review and analysis.", "prerequisites": [ - "The custom connector RFI-CustomConnector-0.1.0 have to be deployed under the same subscription.", + "The custom connector RFI-CustomConnector-0-1-0 have to be deployed under the same subscription.", "To use the Recorded Future for Azure connector, you will need a valid API token from Recorded Future as described in the [documentation](https://learn.microsoft.com/en-us/connectors/recordedfuturev2/#how-to-get-credentials)" ], "postDeployment": [ "After deployment, open the playbook to configure all connections and press save." ], - "prerequisitesDeployTemplateFile": "../RFI-CustomConnector-0.1.0/azuredeploy.json", + "prerequisitesDeployTemplateFile": "../RFI-CustomConnector-0-1-0/azuredeploy.json", "lastUpdateTime": "2024-06-11T14:25:00.000Z", "entities": [], "tags": [ "Identity protection" ], @@ -45,10 +45,10 @@ "type": "string" }, "IdentityCustomConnectorName": { - "defaultValue": "RFI-CustomConnector-0.1.0", + "defaultValue": "RFI-CustomConnector-0-1-0", "type": "string", "metadata": { - "description": "Name of the logic app connector which performs Recorded Future Communication. Normaly this dont change from RFI-CustomConnector-0.1.0" + "description": "Name of the logic app connector which performs Recorded Future Communication. Normaly this dont change from RFI-CustomConnector-0-1-0" } } }, From 72c47ce6c57a38765e78a33684bca142013f05f2 Mon Sep 17 00:00:00 2001 From: Niklas Logren Date: Tue, 11 Jun 2024 15:05:00 +0200 Subject: [PATCH 12/33] repackage --- .../Package/3.0.0.zip | Bin 23519 -> 23522 bytes .../Package/mainTemplate.json | 22 +++++++++--------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Solutions/Recorded Future Identity/Package/3.0.0.zip b/Solutions/Recorded Future Identity/Package/3.0.0.zip index 38323e4e6b9f1c4772f95e625cd8937bf340b697..1a4a0490fac45787e32981be7468ca79b5460ee8 100644 GIT binary patch delta 20064 zcmV)aK&rprw*lg}0Sr(}0|XQR000O8R(P=txCjYWc*|IyBDk^*` z*S8sQeLDrNOMGfvC!D4+8fm_RV!-|Fc-;3d+MeIP=oD+#($ly7nh{)Mpe>+%Yc0-N zn`6&)Ox|cU-^qdlcKGv1ftfg!je`$mjFvHF0%llYU_)evT;>=v{>LBP z0;4x5!g_{ef=ZP~_zP(%z~ zF!oP?T!I&lPo)SFhyOakykQIRhG0u)|GtM~w0{r%cgc4)jDMpHqjS9=C6aIYq98!I zXg|Q(oXq1z5nN8NqjOgFG1Fk3p~8mu%mU{|rl4Pl&ez{V6hTa6WKkAvtP2f6XuGygSK1Bpcn`vkx2ve6t=8sr(lv@gRYPucbz=35AS!ePjS!TuU2NaX zV3}}QTUK;5p&<)xQ4T;xy@6cAwg%#8gjjxPn?J*LJ(NY*=ZVC|*=;o+N9icSG>%Jr z`J!O|u76EJT7@sT%e#%QP;cMijViYH`;Z^B#co^gLyHbxMNQXeySDNEe}CT)g^j@F z%CLScVknv(2kz`biDzoI4EDt>g1N7xjrZR-Yythx?=G3U8M%fis*PITjKPnTh%1HM zt;C(PP#U8vxI~CUD}DJ3%Ghu6?xwk~3=vkN%YXWvb=U3TW5c^2&p|i-eE)Z82!|ak zMEr*eyI~6rVGwk%3n@`%ehP1PgM7ujz1q&Xw?&iQWkZtM93pxA2gDZLSVA{=p7^+~ zIjR3Xw9|tLNQc}ebjool2?R$+=(6U;5ht}RE%Wbe2xD&i45g2_8<;d|A-W9APgyX& zpMPg!&W1+*AYXiFHxAh3K?kwXr1#eLMw}HJYLj+0I#K|SoPe07EOXeGzbw0mHj>03 z=k!Z@8-IQT8($Ebm(5>3f>>T_ZW3m&kpvLABR(@JVyWOeF@{>_0_<}EAAotTz&Tf7 z0`Mo`wBUDS5NGR%r}kzFsWFsGF>-6HhktUC_!CQHEO@yR1`Q>RW?^-;V4=Mf)Q9Mf zP0dJ5YV5=|7rA)|E}q2ZQ_jL@1yKnZKMO*Lys(lZ*6T=xnih8j7dT>6h(i20hN;Af z113B#1}6n=rPQ{8;|%40u{eT9!*^Zu@rP5c`IB0Ae(QU;z-?QAl-mr^FhT{U6n|Gl ztQ~JQXe_s6lDFLtUh|M?dbx((%9P?z6CIe##&U$XE)?)>#s#fE2g|kh5XnH(x`@wA zF*q6yh)6o>+(wwkGnZ5$B_nGCk!*5@o4C!2MdVMdBcC4O>>A$jov z5*bM(7Eb>vvb6TGK;e^j4HGpAUw`7%@bsFL3OUUb3{9?tLvRrr2nvK`*G;hyH3@ue zA2%S!O`=-~j{uxbx^4opYakv^X5I~((P}Y%S~Q4z`=P2TYD#k|aqF6T*9w~=_b$qiHeE;BpcIgpMqnhnTYgB|IX$Nk>qvB{)yoe;eX(zd4F39 zq$%Fz=7Wo&6%*{t?{*1Bjp6f5*qn4zn89L})#n2zrbR5ciOwbV)!4pzmikuh+!}A~ zg*xgUA#2)K1Uyo`TFqKvN%$x{r*@M5kt|XRG3A?F39(z{N=V4$t5ZT&DgNKgc} z<7_-eSLe@_OUt>moSW?DklAPAwVNRU!jR@R)91o^F04C4~PUxfOlA)Q4YQ zkgt}@$pm@Ir@_xC)5iyEvW03ozMbJd>1IekwCw5*7AORQ#OIFejeppFo|1(ie$2=r zMQaIboqJ#rX!b|c-##Q{2)_3nHbe0JPOY6f0)W`U(|q2CfK&20S=&bAdWB;k>>1}I5-(tv-pe~o8T5moMFmy_lmEf9fZ5vJ2<-yA6;0GYe724=ic~7M zmHOxE*5`8hn}5HTm2t*zdo9?s2+-Yb%FLY_7)FKhVZ+I}Q+J9Q@SWI}ZHjxzLzJG~7;YB7+QoJytmx;g35X z5jr8*6<;ypAsnYz%K~frBkbGRH?H-g8;#_XI}PXUc7KzQc|uScBzZzm3PgEA(8!KS zA7kS@Nb~fYY13~yeqoJ+w$1m{qn@Mze3_#OV2dV%Ze(;Vs56! zo`0~=duwt8iGO;k$!S$q(zhAt9$;OfZ3r5<3_(ycB&71=%mTA(zwkLzOHv$(taC_y z9u>b1iEJ%KVakM7ggX#5w;%Z?Kv>y9AWgwkF;t*KnUi(g2xq{OL>|i6+Z+eV2SiQB zZF`2;pbI(Tau1#q1MnPnChn=60L{_eet$c}d7W@IpkrruyJwzT3nYAoT~xUKe5^20 z>~WS6+Ig0N+1PpPzI)6(c7MHM_w&?WAi<928F2FqxS6UtxdP#vbmgLZo`lxDf;S^5 z=Mv{^>|Ek>kC}^hxoDTEXt&_3t_e-c^LjI~dQGm*iRo=hcDWJzZOfp)s}Xx9w14i~ zj3{8dHW`G+hMfzyxfM9D%v>gS#?EDO_n5gAc)e7GUtVa>Gq~m%TvwaHHB>Ee;(L~N zl1yRtbDwSeEN}a?&4eV2U@Lz_{hep*b%x0^_O9fB(-8LhA9*dyBWKy7jFI4XOWRys zaN1@{x-8N&L9WQKA+k%`95zFqwtqQK+x%wJHZvzRjLz6>4deE;1xnW{HYGruju~w9 z5ep)A%?;3*+G(8gT+80Jd9LL=*YYZIEm!GtB+RwU#7@$uS@r{&AkDJBYl1uf4>wl5 z;WW#hyqtNOWx_R_WhF?nETO$MMnz5*iW)bDze$4SKvvhx6D-sAHDPLH-+yIp-~RiC zrYl2BEmYJbK>4~B%SEK6#X=SMK2#jDCiWm1xek%|r1v3^aNbJ5jYfdCVE~i9$oBz4 z*RFzPF2B6HuMCHVY(3g;f(z7$lcr|ak${dI@aFB?MS>a#Un8^N$(+R6J`QIkrZ^Cl zXgZ`z(zMeJOe|EchHjBf|r zGR!>7lY=LQR^LJ*D2KMLWhKUr-xL;0G(A^y&=d{4w&-Y7$TMcIU&icM%M?Zye7PZ> z-Lf+k&m8P%CWt(r@lx{{hd6YaqJraxgNU;2P-WZXYUD%W$z@&ZQGc)mZhq@ZHE&eM z8<1q(J0o-7SX1wxg?m9dX?-Fd@MBhp|F452+P1(=wG=BUR_d|fHRU{;^zySw(+)U^ zSBQvBt}r6f1^>i3qa>lDB*5i)uA^pHe4c9+5|+hDZIfHI@2l-1`Mr();AdZB5r()i zDl%-N{~Ic*=~m0cx__6P;I=DDaZdJDJ5|%$f-;dMg+pAt-P5h4fmmVU^aIPd{EicZ z14MT344uDFChw5MCwAYNsh|QW1!?q((+c9$SMR;Ta}@8!VkO(q#NIJQKgIL&q9AO{ zlZX(>$rx2xas$uj@%@I9{W>a+t=yQ_?KMsPJFb>yWUG}-lz+)4sVOz(QxEDk?}%}= zW{rNyh9~7A&!i1oU`&v)Sd8#Z^TD`i4zEyCa7FlJfPzVbrV1M+d_H#1uCG2aJYn!>Y znQNQ5w(0%JR@=m^+g3NNbpy<~ftz#ZIw)zC>!6|VH{vM$AR+^^=^ta0O(p)di_0n7~ z_5P&4)n@vm`|cpBsX*eJt(@jkjG78`>_VQWa|F5m$p}fVf9CpUu75_tmFu5mtY2Oe zOq^vhM1K>UOB2iPeKN}Nc2%#C*?adFzWkM?4)S-D=QN{$gbvaXj=uc$D=HyTyM#|0 zslLS?lyR^o6pCFDN@m{kzid4?BJN=Aocg)Q7~OVdO}+cMkyt`dYYRznNeNM1TISr4 zAd6^jkxBklrep(iW?yBTW4_$0>zxQ7@$C{vp?^z2jU?G1=ERU>Q!N@%R+=1P5vEKHUI$uAWE8*-78ZWZi>K$`n^0WXfo5;IUff~jJFi6}`x#`PvSq)bSn z02)_K1jYc$^!?;;c6SU#2a>Aoc((6?!W%e)9bsC3zO#u_f}ARE&hi6dszkb^p_Lpc zw33%{$JNq5`pTrJD@AnPMOOk8Uw_q2e-?Lacs+1(;L^^6JkNkxp4^WBUA5){92`UY zPZC=9$WqbPxP(`N4(QZ1jiAnEG(34y`#h;VTT=U^YonTJW@lq#3cA%siYV(Au!$FI zZjxa8G(mZ64u=*dBi?9%v{Ncu@H=Opro~QlKB<;V33SQVEYP>K)$Xs+P4o>&A z??KUsA_Q)4F6{TU&r$^-`hU?nRW*Wh1~x#*d!qh|D~V5VNZ zz&Z!3EiIcio&O?>9ISRnT)38XNdwo{^>y6?8urKRLp^FA0@o+VOFM+J?F6MAQg~VKS(_@OW_Te22q zOB5AJ8{$vG0osCsb-}2q{IWBAqOH*{j)Wn#>pRz4B5(1Mu7Qh&e(#Jiq z7I`^?+yDx*2nDS@`~84Gu&A0ZLr$7-D#VLf#WK&$=`qt=bXl8uW7ytE!JZ_vQ`_Fk zo_KJjkTGlvqDrpKX@3f)=iIt@-M#X+E1#rrzX$vCV z;I*mv{W)q;DoZQWu8UuvQ8N-{b->ZxTCBD>I8_~!Voa5gR^jgZ5Qlu=rywTymkHS{ zNr?m4oQD`&XQv?uI1;e!3J>(&R&Dq?QZ&SoNFbr!he&Tkuz%sOKLKG`n^RRTD$5CD zAmOzE5w&81@brDWyTnWrsx6-OC<Y0$;2tMSI(LACA`)J>4@l zYc(_SNSv~qnHzkXa<`FXkugaeirCj`D>O8J4FiU$_TKdj5_Z@BG7mEwo^gaYz#&Ii z#W~Um+cKOWrA%m>+;HEoe|PY`GsJt^ks@VRgq;u#>wjX7^K&P{G5scih#XR}G8}2t z7-8FGTUR+*!!(6x%yZYq-K=Dg8FR#g-6{>-DfWIMT^Sf9X=h`!8&I{|=0;*->4%IL z7ryN@oTc3obvQ(1G!M>1GtHPRBjLoBSd3s3hb;F*@h48xLC&8TXk9*4ro!C(Ju|soOV;6 z@rIdGsE4$fHKSYl)f+g|_B(U;-oIfQ&H5%~m46WDCdy_v{5};myskKsW0{6DwCUd& z-=g-&y`f?39rVA?B)%%V!v!%`kl)Km-DgnPSr4ITC#k zZJ`N|wsZ|7D{*!Orzv(UU@{FkJ=|26PI~nZnDJ5KpYXEm_D^j3%E<4d#%D_m+3d!c z?0>ut`9BI5aPp%7ieLy4rvsvHhD@TP1|0}xKtd)IL&J%g@!y>(2}2_OCjgOnRNCdG zUT43m_BgjpnW@Rh?OHLnxd`2PR2g)M_Z|IN=q=oJNnTf+L89-u5V1DDx}R&UXY+6&B#_pNM}T&x2%HWFK5 zRI!e)DjY#ww9Qdrfm;zrn8*;9!YO3VfS5puxM+t1yIi-q73$l?1ih?m{JM;3!&N2Ok@v3 z)fQ34R0kZyO-OlZQWecfYiZ2_s}s<&&#zMW@|WA%pDd~3#{0j2$p3?@4Po~@K&(Rl zG6OCnbK|Tep+_Kz^?!OM^LW8@a6l_y>1vG|g;%0;n%U1l#G!}yY}_10b9}ppQ`qmQ zi1w;TFhIm8z}DTyR}Vt~PIlqwK|Bv&BB%dF{@X?>ooUkgmzAc z(dQ;GT>GSTdC^wPyy3qbGgS;7H-EP=@77>kisG6~?nRj99Jit`^N7CjgjMW88P~&r zLa{4C$&3m3%O<8M!dT18A-p8cdR`SsX)ocMESqF_8M-uN%3>k{et&27l5ATR%vzGj zkU3lVt=LKi@_#~Bua)cT#<;Hx5g05M;zU^k=QyauTsO-@T0bp(&I6()4WJ(m<Y>qxa@4K=DI17^1}(Vce4P3RI3;} zm=MIe!GA-lNu$ek258I5F5*DB@zK8joe)zb%t)N3zeBq$>hD~eJF;3dg*q7)$uKl2 zCKgE$py*sI0V`~LY8_vzuxzkv+wQw>w+I`;PK;$Qm)2%HI|v$l);WdEV9JYOWMI$V zQY0hP0_&WujnBYDXkcSBy_csrxO;arYcguFXn#7DafaRx)s#cwyFx;{2vyKTr_eJ= zg8mvit6Aa!)GScI3ZrI>Mv59{*a-!)Wp)F%kfT@XodIXf@Wm^VhL-p(Af#6bc5$jM zqhG0w5O*EmMoyJxbCS*ABqho|M6)i}U!Ks=g2Q?In}uN3CF>o%Su~%Mi%!ihGxvmd z8GqCaZ#HoNa|Gfb3_%$F5(JSXv4;ymf^$VMB;pB4yd70#C~ByWr*N36ZT^sd$lkfE zs^&nEKmU-6fFa+T-7GwW-flrl8-gJKw|zx}4h&{WJM6pJfk2csokL=#0RHno%|r## z^gsU-eS@YuAypUdTM{$5sX zdcO&>;B32{P{N=npqSS;%D5-G4kHv<0G_nRG^mK@qxEEZ1ow^h|W7tic|*HG(`o zpDp(mc=af%#O>%&o_^L%bt!w8L*YBgYJx$&nb{fXCdcRv^5u(h$^Y0DEJ6XWPuwIW zpC!{nN3%0^Zi_Hc-!CD!@Eb2!MQb4F?Qk(OtU@@dB!5%*4~-DD zN3tTHY?{W!AzJ1pu`3hN%KT0%Azgge#FG*_BuSYLUD&mW^Bn!d!|8204B>P>QrPk< z2~lrg1vgWtNVS0?>S6mD)X8ju(lvFUOeKUkDQGz!r zgb^bogVTNMdoa`;#pOd#Mt`HK_hlja6|WeQ>MG=wq!4Y}qs;7jMM^psi#f?VBkk=X z>8x&3_`1H)#J|k?7S#@}$~Cdy`X9a{wYA<6--~6$9@L`tpccIc^>y8Yu$Q}teW*w6 z1I5Hv2!+ON3*B(uZSCZHR%1kp8}gr#!#cuYh(HzIbtc0F-;Rfof`8nDTacq}y=*g! zP_}K)7Sul(EZDyMgA5NCNNCzZLQ~YkML5%2+zW+e0-V{zMaF&?v& zNHX6~MMctv_>*veS(4t+sr<4teB}_qhuiKw@U|yrz8F@5 z;lcq&e{#0kis(X7#~gk#4NEW_?xhK_H#dIpV1j>{kl6?50&LDhjH?TlO@6L9!yJ;P zI#^xALksHJB!4bSpU=@%{L(CmnrQb(^;0rJcwAMoP^L`sea6af*#{9u#=Kei8k|5E za;rlXytA#|*h2vDoCaee_t;XJ0$;=&Me>X;ei@OK8}lzwVk*=@p0{)~;Y5}c4v|p1 zr>`VMKwJS2NgRsU3umib4sEt}VUJW>)p`ay&Ing4nSY0w4X;R8U16?z(To9Sp{#_d zqNZJwnOgtZOo?S(oLp#Wf;dD>U!0k_bj=*u-or~V&vC}&mLfTHQWHetD}J6dNs;9y zRwu3G7287^=e?F!Y^|fY2?L%IzodS9KYVCPVa_We0q)OYb zT9Z64$m|~UjUeNjF0Hu+1)1}*v%e~3@};sl$Z1&gXSfD0uAz#KEFh9kG!N$UeYHo>64fA$xHg= zC4KUeKJ&Bw^*{T(q>tSrFX4bi`h?Ap zmw)uhOZvR^l0H!h;+Iv?$4S@oj<-_yyw7X;iYU|M z{J=ig2ab3EO`h&e%$J3t7^X-qX?q%1&6vG#-^CuhiKw`v*u0@B6kV?4W(I2VL>&0g zx8?2FAw2e$$kvqV7a{FUmv$e3)`yG$&W2zC&}_{Ppt+#-eU-Y2`13^jXbr@^m4B$i z@~WEzi5l8V5GbK*RB!BEH5;5`>{&7TpXbqWfeCMi%r1S~WXL*F)8rDXc zjX|5>7B%Iaq54QIMtyKZGU{o?M-x+#sU{IU*|g9Ar3>t99pDHv&2LOGm*amvNQC!T zZ9>r9sra3vfaQSC;t-kM??ebN^a7 z!)^5&^l|SHt-FcVjfQSqqYsXD8`o&bjq97en`Zy~?(pkj<*2_mJ$XGkINcj?hs|dB z^mTG`-zs+-gY)XiwAUM)9`*UBuQ!Txf{x_0rIasjpK6x}gYE0`&41C&Kxnq^Mz{Az z_Ye1#{^(_87};X&FGzYSkbpGT(; z!_l@ldQne*>SqsC{gb$5XlDnn=Z{}scb-qC`q^#e;_;!f`~0nH9E}_2RE)H+*z8$v?rPI60&HcS3JU!fxp1*y)AAYO$N1S|77JnYU)!?zT-BT_P`%m1l z*c_e?MwfTeH|}wGGUSw(%fX1_6+d^$u4v&W76)?dtHA?;KCh<$0vtmG)n17xLa$<>6)|HxIg(txM(Ud9PkS;!2aBJKvBL zaQ5NEc!mw(hPynSXx%+Yg{_IEoQt*Qsq%WZwe|J&i&Jw ze7p6jcGEeVoONEi-z1s47&R-Wr!OBmy}|Jo9A91Ua^bUvuZm6p0E9h_d@H>dlT=sc&T{ZhaBbEo;?Shy(P-bzB}__lti z*Ke9zf-XKcrU;igse9Veg=+QcMX71(Cs`i%)cO`YzB<0&8tFQB!^uzj%iy-P-934^ z5O)rR`ip9Grt;NPyEbm0FZqV7KYo)R_4CKut$)tW_A|HtDxMrlm96a$cm2Hyugi@s zb?f%{)8$y~-gNgapU*D%pZlFs|M+b9I{Z4~UJmvYsXDFiRIkoHT|X-i;^oiFnlRuG zE8X&O{joMwAJ4yP+_%w@{vwT@9(UC%2)|Y zL+-wGJ}o_ccv6q2TK(I3<7vWuQ%avu*X^4+r=O^`>(1k&ey?|r4h`i|A77juo?P5( zJLiYfPsdz$*c|L%UY|e9Lv8$0IT&c$RcTkh+9^qxfmc3g6$5T7+tpeH{XLdTlYiUV z`1(pbP`cu2Z9MwK?L2%v{aM+6Y}Mda^BL{WU{AUmlrAdu*UD)8T&s)R@yS|-QAz;R9{C&&j)+wTg}?}-f%n=uj>0BPCNUZJNX3UmG{C_lTT!_O6b;Dj)VrM-R_cxj(G!+-$2a zt?Idf7{=Ah`PuFD&CSiESs9P{=4*3D-#Og7f4Xe($6L2A+Cl${dmZ2JR=2lRL*1@@ z=x#lp%g_A%r_1}7+bva)tAc*ktyDBv?dr|bvOGE2>72eu!^`3Hsqyu;s(*_0ua&F% z4LrTt+c7lxMmQ}$-kqGiobC*EF1H_c#|O;=N8jpKwQZg| zs}8mvOFNCm9ryIJ#tmLxYNApt?d*TsI_|*c`0z!AA5LynLmSn_@zs9QIJ<#6pI&Qx zZ*YHK-I1D=+TdVtIQUQzN`LC{E5iNPpF597Wpq}DRR!&cv0K@n^q!5glMDHi{^@iZ z-cG06LiPD^OXClD;q>%$_k-H%Pk+8V+?VCfjZpb;KYsmIzc^JdTK!w&)5XgN^;1{v zK5iY98c0?9R3Gi!eYj{|oK#Bpqm$v#=orWM!jUmL7L@wav@|%^T7T8a;mO`Z^TShl zbl5xDmU?@;ClC7g_*-@7?y&XgNvZ6go)2~oY8OXG-HR=WyJ($?>S^WY_SIQuI-2sb zP}4u$ly(RIqQ0C@IGhD0RFrnUE>y$n&xvwZiBJHXr_Lnr>a-_M*0;@|P;9?N63MlB z`vbM+hD1mfAbygY$$zl3$58Df5qUd`-UnE|SEdk)*JuFyX;edkv+_e06p~)`V*onN zK+Uk3oQUF<3pHBJM?ie5HQWb}H!>~$=$jw1Tb>r(i|Qh%0EZM`O$Q`S4U68EHj4## zRWW*f0>}^95#>JucV!d}@SKcBMNp0u9Gw#~6%OP0A=}Ukz<)`e1Kz>S-X^vhXd3!Z zz=?REuDv%6$gV6#XvYn#Cuo3ph5e8lB-au+u#@MJbvvpxuq$`clm~(fB!hQ!I7y7> zL3o6QVXBGoo&n)Qu=p-e`-a8bxZZlGHr&v@c9c|sZj7Z9Fjk?i?BJnzb1msZEcg+@ zH|BoQ;HK8z!G9;L8N>9twQ1KtbTr=(Xcr=4U_6ChB-=b2ijt$ah_x`E0Z$u;Plh&% zsAhyPayaDFsn>=IObaI{l3xJ&ZMHCg6>P%#6d5rY72wP!rV~h%YrBtI+vAcbEkum8 z@j0N4ATM@B9x-U0@H2x%jYUr6ve^cm8xz{bJp;QiFn{tq*t4}oor?=umob~$kT*xJ z3NtS%32luE0(G%tmbT8@VQkL2|4?C8L(9J|_}4G=ML8C&LblE?~Ru?q*O+n@?_vw$q5uJTodnBr8Z}o`+B&cJKg!kEvyhvDAp}q+&aX|xajF263cgy~a zztWthq6`RV0E5Q31q3GNRf7KD9MRLNQcXHRZJqvn)UF54=mB@$V_R^!s?#pM0_)+ zIDZ#wggH*f8o}DjsEX4uBcx_4o>5#ZX7-AFTP}Yl|M>lmnTO4S0l9yenUMzyFEX#o zJ|B)1d5RTeL`Qf_pny}B8Qm^aab7cc+-E&zd7Jmv& zSEB60F})YG!8^rT<+fV;ytRw|dE*;wZPB`H@LqIbf|!9a-_pc=lJ-c}KH(A1sVVri z=7ZUvw!vvW9XTb|xbcO=)B0aVCdB(v702kdA&AFuu}b`?ma7$+l(sOYmHb}TTTZo2kw_zfr3%fVcaIArSeeaGqI*RnP)o-o%bdGEQ|(+$4t z$P{LM2J85ieh713bW1)HoE~JcM}lX_PlWwM>@><{vdjo|tY{qJts>S*qtaVS}yCdPdUf8QC z$-52A0mE*seNN&H^EtIM4Y>7+W+$^TAy=w9LjDLI=Q z^7ZXcHBPAVWmrbv@wu83`(v~Hl)T1|AXm;XHp8FKX>7SnIt6OF(ejKq*(K|q4ZRj^q*ve2!Nq*Kpy?+pIxsYS2FwJP0oLhNYg}s+AlgVVWrzkxsItqz0Rwl>B)Q+W9 ze4DrybJSUn+Onl))a==G~*v?|-5ycG=OUg}Fj)8YA%( zPBE4hnBv(|Eh8$Lg)k3pBo;Xtog>Ha4qI^SFR@9_d>wI;NXsp&l4{S>aJpn=&^)n! znw|OV4aWYNdDuYF{v|H-&n{}t9{d+Fu**#13M#-ZR`#2<`-wa27{IXfbDn|o7(lT0 zF@TGXL$eAKCx3V>ok^Z9G9&%d#GbVvRv_HelVm88nvSC55c+meRA^==sET2K}mF z^YWy4eGq#GxF-pTS2D-IQlLglGa3fN;v*@&t7Jt^zkfbpEf6RZ*?c&dDu(Jwz`;6l zD&^6Ql8Lp&xiv*5<$ehW-W8>|lCrMWDIP-7Jb+k{W$EmhABce~C5`ngQc`$QdWev1?9sb`6u zGqEi(j%H)`V&H6&I22i3wcJU!a7<#li~F2=6^)@W1W5ktAR!Fh;cBwsY+-b(TuyY? zn-eCL#42o)P*9W;#+=MYRS36#SWZgmb~Tv%sDCcaZfQ=+bWzYue{m(jICF}=aC-7n zcsP0a_Ha>dK93CH;Z-}^KhZi>Vbl?u+s)^@>iNO--_odwJA=-r^ov;_jPy5 zJ&yXqS83dlc7J|*JgIUI7gFg~r92_B!E+xFPHjR= z|I0oi%={?DQzN^-ITr~AJ}ToxZ7H>o3)DA}3gJTmQ;Tst-c{3$2Im9jArx?O95X9z zLiYJ9Dkw=ruEl96xnqp~yWBB`{N#=?Apk7F*JND%)lyC0SAVl?)70{Tp0RUh6MwMw z&L+Qc!s(VlO35vHFYOI9SCU^z>93^a`)XEG?RkdxC*@OmSqvA(g>Fp2ksTv0T1ION zt9_*aV8X_ARaTMeO#!D0YPYL#~BU}#epLDQMYS&ksQ!~^FQAdgx|WI_ zSBip2{?WJ|i@QcrTY%dRaDntK%zvISn1&>ZUH;iu6nhraP z6y4@-g!XTr)1pnUNL`w+G&>hxp%CA!p`Src(|7j!98PW#t+~zGSE@-nY=0;0P_4T< zq!O!`sh1LQ8%AZJD4W=YA&fLV2Ds=_*`8Hqb;B_|68ZNw)y>s?5tcF!TDh+9N^C)z z1h0LJuYAnlr&WM-$oFMMQhIS|a~7~RxMnbucBXABw2R|6PB^xaB0HJh@NxkSaq1~eo;rYs^5lIXX-^n%r58U3?!TdCkk zgW9Lf-L1-pas@{lEQ_rVQ^X{@=XveHx73~v!BvfyhUA*Gf3(4E1E4gBo1 z1IDmp)(lrHMi$bJ!O%k5u^C%T5Sa`vq$!)xg)~iQcyafsl+$!#wb*z%v0821ojjJC z*iQS3GKjJnIt}k+_5MyJ zS3bn0`^v=5fu{FKjx#6US(%I)iVtmVd@r=uuH35oFJTL+6J z@x)@DDSk;AVYeac>U3Wb;5j!Mp~an}U!&d-vcHt2QJ<^sC-54X=M>0nwPnr5&$f3d zW`0o{N!;{eNq-ofDdl8?&aPnOWumZKi)w4JFVabXNCF6H%N)X(Kqig%7-D#-&U{YR zS8LD2Y;mdyVpJ0?DK?TRPFrSu&GtZ+{hH@_*~UNf?Lz!3H))m#*A}9Y#j3a-IJ4#i zNmVq`DNU}ZmG87^?OGH64ohRme3>kHCYH8HobSx>>VL?5sopYvacibS*dl%H*P>Kl zn8oRs3$m_8Q3_;-TT3VtRWMr^M-*9V>SijVFqVj2F$c9G1=m)X_XeRYQL<-Bx4AHM z_39Og#9e>Z0$G~c4&R;xFcVSl<5y4(0?%wHj`{Z#9&MV z!(M(p`TT2)y2+ClCqrDbZbgo@Io4*0wE=4cV;1Xl7KyCVPbUs=T-*lwwb6Y4ygzaK zmo|-hzJb=r9vyyhlI_r4r#zQu*~U(Ge?}gQBY(FlUB}xkGjSmMBT7)cCrPnbR(D#` zmeHk_v}JdzH9=-}ttHLb-D^qn6fU;zeu>;{Jsp#{+Il)Bakq7MOyqJ)ILGc;A?^w|K~SNlK~mRDGV>5FJ5nZ4mfVD`Xu)RE zE2YpwoEv>2(K5|I7G24!WmUbbTp!d4w2$5u1-4aP*}kN0oMb~cwnm_NUJMqb92 z=MU)4qVlIm%KQsOzWfP1$GedE7m9Z)eZ=;ltQ!)|Oih3X1&Tc3SgH?Y8~wAwr+;bs z+trFUWTkJ-Yq=x&E0SgZF@hg15 zjXvAV4Rw+@6q$pML|KQu@ci>JkG(8KL$k@zGuN|n_>>{vBs2FPK%74r*9looBCa(` z9+l00x?T~N{$dihcRr@cSmSxcjt)$3*S>$19U`s|RdgYY41LD;71enxWGdXe4hv^` z_I!W0W-2@fXsYq#%z$8&l{f^GWnF5bIYaIby@4AAEMkj{5S zA7-BPBQB4mXZF?Ljim5QsW=yQ$C}=A%cf~-+Bi{nQS(-pJuh!c$;+M7%t4uC+C@EB zGpG6tK$PX{Gjj^ig+jre8g!vxu%`@NC>U?oBVeRxIw!RmsveW(SyDEx(!2CYf4+t5 zbZME<%`w)=vgpdG>sK&~Ja$b2+o~&TF>OSNcoWY%32n0 zYmygPeY%30ZOoC9zc6#Kx8J$~j^g4W7MvKJxytmC;vd%a>?0UT>Ntlb#yGseZA}`> zu=F^F#Z?PN;n#tz=$vO^Tg)#ei1?9Yga$Z3>Ejvl>tG^6C{S~s4b;;?Gjg3g= zMSLDN5Ib(JMFBlFx8^K_4PKFTocpAW7>PKB?Sz%2=BhjD%)OFH`(m%(Rz+=)$cU5) z3|5{W9DdMKVjUAQ@{=-C3$cGz&&y;|l9#HjsEm2oGMLd8)0R0GTZXcwzJYpK+6vwt z64#l}pvLS{Fgj`2P9{!-qc)p&TK4MaQZ_X&QJ)1jV)nwx#_xm82Rf6v;{Bdi%3fFC zUSeqyZ6TJkd#0aDXvsrVGnrCT43&p%o97|PXuWY;8!7T~Lu1Kxz7&5%(2D;E1M0s0)uhT;3}w`L@=xi*?AJkr6amb4&};nq`<}75*&X1zw{?N$ANfV zPT#ZZYjFCjyLyrKWJs%slcgU_3-Lh-2DSx(xXNR)Qz`t)k`bAytwJeLCaSqyd)7`C z^Pcl>D3gV3z=H0j7UWg93J<*%zy9(P+UB;7k)SWelD7r1$EE%VN5}zvq5$5BgTRqG zdLIHZIv(7K+gX2Zn5AoVV@@)dEDV%7uQu?2)669SJmhkhGFN$mSzZ=9VhReNGbLw~ z{ABXdDS7FXymX2K+izPsMdjo{3TD&*xFdp&l=)UBfLDe?oYn(}_&TgsWQcfUW*dcD zWmGAb2m55ED@O%n*ih8-T$CgPyT5Zx-`LYyb#Q;T3rT;hku+_SON~_onag{Xlyy%U zwRb8j6WOc?uYsI5luxOU z77!CRRN{Z`;^0~+$c4s8JcUy%aIqi;M_Pv?28o0$^dTois0j8Z79NW?N4LrVhEQ?x z6^C-7(1m%HU-&-eRFUgQPi+MT3s z!A+V*9Ic{-8#w{%d_T%bY-~jkk!UVAR*28oi>t0&rH~n2TAIKrm#(>*?5nB zf}|REJtDC|g|glh%oT-AK;r=<#DCV;)wO?Z_uaQ!gbjhzMAAEK{j@&g*>Ta}wN5i^ zMl&ufw>{c3!uvLV? zccsFi2vyL;k2hA*H9D*$qd)*q@+mWnnlZw$RY`$tnccuGMlN1_>OKKbPCwk>%KSbChqlzU1IKC3E))(D`!VeKf1&-{KClSNTSw<>Opkh5I*O& zjUDSl!sq@u`u9JP0;kBme_tp%{QS?7^%uC3Ag4iqRC>hLb%i|mbQMWbCfI-e+JRjK z%_Pd$t5w3E;O}jcMZ=8#{X<5B|G)q9f58noDo+FOPY(3a(Es}3FvFgx_l*u=evO}K z73P17ExZjfluEh^VQGj27O0l&jn_){(*IYrY%U)CVs9P#lB@wQOxqj^KMMc0J^|#T zf0np^djP#fTZ=O*PSNrx5ORM5ZgZ%WGz%hoE!qIv7)4DppoXR(e*yDPJOjY!#UTw9 z?~!8KA8q(Qf>Cgnhr!L=bifQk6(a1D#d^?!0AueBxv0_DJt*@KK$#FduoXG9Ng!}V^`5_9}1h;=^1as*hfgf3s zyrB$nwovog7hxE-E#tl65Z{<;xDOs~Wb!YJJW6*4iRfMjNiocUF~So3QqY6AsVN*G zC@x*80yMyLGEV2FsEAb1^dTdnKNJT<0bpj*MI>P5kW^vMkT_MEf}tXdh{Kb;m~D>W zNfd`yp>qQ?=x_)H5l?^0nF}H*>Lqa{M8}MkAQxNchDM(Y7%{jYUl-zvDLKkTh;=Ge`FvxBJWFvY0iHDPIDH94euI_gZBZzI6=U@x!}ZjP8pz1GlK7_iZQY~m&{EX{rd>* zz|dqxW^P_Wml}j*K}+G`S2ju@hIXLv#t?mO=JI!5bL^2YgPU>6TMyFqxiKMT^DqTC zf-;(c$8HT1LNZguFdL!Gu^6w7GKP&ZHlQYyHi$*E(Zzp5gz{YTplEMsk!)xYZ@246 zLI$wT+8G3&^^~!%L>^Fz2-k`T*Py3Y$*|6Gk6b9M>oF;#=+FTpBvv<@Vo0ye04TTQ z{mo__=0PA9g?JJ=5X4C_%FZ~OJFnj+I%u1ZU}oVtL}(Tcx9)DlqOME<5s*L_Ovytm ze*)7{6gPjs0Ogn?pzN#RLFlv;!rMkOBE` z(Yhl_XgMx9xQL`Ou_q(+#$2F*?>xj6E#bu3^W<~lP2-E`Qqf$$BDq=Q(Q?h%L>^x{ zo~fL3vZX>(g|Rq~*$3-Ez)@;6m&{oC2<(0i-MW9i-ii=oEa8g4ZcA7gO1w&w2XP(6 z&?&bbk!$`ZTwe1G=?HCt!qbL#xYA5Gj8F?B6o7D*&IZBXFkYi$?a7-e$3Mkk4`?dy z+7gwUY?@3OQ>QgfIKQ@7H9B@>#->fO-_*tki;(0Z=zTQ7r>)T|`m+x)l{tU^n@t-J z)%1To7DT2VR2y8h?Jb$jEwQc5ZG)lO*3#S5m~Clp80faMSEjx2zzhYqULbdi%6pD&!kj~ar`4I2onJ86T=`g zlWiy<>2hS4A!>jB@%JD9A5cpH0u%!j0000809JUDQ(Hp`R(Q);pCY@UUz49(ItEBv H00000=fiuT delta 20061 zcmV)YK&-#ww*lX`0Sr(}0|XQR000O8MQpJQxCjYFY|B_u0IFhKv&{$v1%G+7vRSsV zkN%~bK0>?u3541(>{4o|DmQiAN#Fkrr=@MnBppgi+ia_$_lqQ^Z3u1kC( zT;FEI_3ae6F7c^xop74QXr%cLiUIex<8j}=XnTJDqEoC{OHbeSYesO5fwqA5t+hC7 zZH_(HF?plad?yPI*x}D3jekQ9erctVs*FVe%~P_r%0_W*X1?Y|qRU8IEmv#i+fs3) z!m$V^vzD@D{G}0AzzjE|FYjYb;X9QUiZgS)tDgWzP!_aH+1U&7@ppWu${6IC1??UE z3XI;M2wkGOU@+GL`;q|@ zQSZ;*)yC$D0=LbbOflp{**+`J@OVTiEX6F0T+nw?n=zM2yhxJb3{g(2& z!)_6G4dQzU@_hZb>#x5(UsPn7e!eTW%JH75lU!`M6ELJ=`| z!Pq|matU5IK9wR!9RBMB^M)nSy>HI$wVeQ3Nra&d9}wJ5=uDMsJ8G6(fn64Img^YD|*}4rK3uB&*GU21eMW<2?vF-mapOwpyFhN!KU}RSmh()rr+Jf~e3HG(u3qcCmdk zgJr^LZCTOLgoZ4%ML7T&^#*bc+Zu?Y5n}nFZT<|~^-vaJpC=LN~i z<%@#-yMHzbX%)WUF7GzJLcM*5H>%j)??Zmj7Q1b|4=p-)6*XO>?b^os|NVVK6gC2v zE5rJ+h@ohD9JsR!C7!9-GT0Zl28s5WYSGX_6WBCZs2 zw-R^GLTQYy;1VGYt@PzDC}Y3LyPM{|GDKL7E`RHH)?K%Uj}7mBJO|zQ^ZnnYAslwF z5b+->?1n8ggh9~3E~G@6`6;~F4e}N9_G&xl-WE-Imkmj3bBN^e9}rt~V+q~hdE(=` z=A{1n&`u8~ARTg>&?(2IBoG`Oq05>VN1W8Qw9LP=A&j~4Gn78!ZeY@=h3GOcKV`xA zet({cIU5@JgM9I!-8f*A2OY#llipj~8*x@_s7>10=tu!PaspzSvdm#${<7>M+DH#29Lw3$V`xd;sRT0_R+T z3BaF#(}LfTL7c54p4yu!q{dJ##mKF(9)HS7;!iA*vEb!O7&MeLnuXQXf`#@{P#>Z@ zHZ>zLsj(B=T;%2E#-BD^rR?O>|%`8_N;mx=_Hk85gwv94yz~LnH%D>moig z#o)kn0IkXnWUpiyre_vIQ6LJC+G?gQwsAx#WHQ)>Tc5LJoNU%*h8Za)mH5dihUCQy zNMt0DSUCNw$kN)!0)ADHXu7P+wnRz#CMytj6Y0)6=?T4zWs42~|%COVhcS7ZC?S?XK0b8Eb{ z7wV{cgsf>_5%5U$YBg(xCE=s+oZ3nHN3uvQ#FTGxCB$x(D0Fn1APjc{)gQ!Q4G&1n zkF)U@U7bHyE-mNMa&EGpLuQ|e*KURc2t%6NOrHzuxv=gGkqhe}7uJ1a=2rCeQXhVK zLB3ipClll;p9VjpOdlVt$rh^V_;!Z-q?;iD(Xy*MSfCIH5}!M=H-BRLc}f<7_%S1g z6s;w!b?$*hpxGZ$fBTS-A^6^R*bKqB>pqfK!!7oMy+8P%^w&X`V}- z>`pGg;;;e%N-{_lLVq&IcrucEdh&MiDSuaLCTi*swwc0SF0IWtU4|R0x5@6q@ZO%k z;^1Up&Ehj|Y=T>a4Lyij2mm1y6hy09 z2r0AzIuP{HSJ>xKltEXKBxM4Oku#|V6ctzzO#TPY0%mJ>BeVm2>?X_UjB0#Itt>9Bn8(-d)f(j+bY4AePslN3TPC51@ETJ(Q z=kTm306T*it*sm~vAG&w|3DkR?KnV?aqv@f?>O+A=R#u^(QrGpi3~CT_E_a)gg@?l zMCgQISA4~Yhj5%?EeovekFalN-?-L~ZZwil?lhdY+kZ_$lBWfe3;s#z?8rE@oQauLW;n+8>YC5?XIWcH?d!+OU9Y(3B36wX&?p)Yxp1)(|1iEL;T@J zEeow|VtPxtBddAt$V_rahF1>x_0vWMG6H6vHZry@i>v<|${1;NvxSl?M_FXiW34P~@YZ-Uy*SjUx^N!3D*OEqg z;@UiMZJxL`;ac*w5CCZ|fR3Hr?VfpVEs*dTc2VK_^RdE2 zvBz0PXy;i5W@G2E`|dIG*!}g2-Op2hfdo66XTZ%f;AX1oNUAKC#JV4+2uy;w=IMIu14&c(0{sb zGopa;+GG$O8+I<-=2qaqGIN>S89SHB-DBof;Pp}!etDri&)}M8a9wQ%*HE>@iSJq7 zNiv1m&waM>v%KxoHWQL8g01`!^>?1J*BK_y*t?PgPD9x1f8@0+kDO(TGDd>mEp2mk z!D*W*>9R=A1i2!^hR7~$bJz@d+JELeZS$K=+svHQFgjziHH_QW7ARe-*pvWqI%crZ zM=XfgH8((KYNv6|b1i$@=DC*hT+6G-wOpmokucXX6FW(tX4wy9f;7wit_kk^KipXL zhSMy2@^a>BmI>EzmX#pQvV`{57!^5LC~Djo{w4{Q16f@&Pq0ke*MzB+eSep^ef#el znyw5jwNO!$0OjjiEN{{-c|TNv??c5gYhn+Qk?RnNPkJ8$3FoZ@+-L-N8wN1xi+mp- zbnPlw=JLzC`^s==$kwCnCb&S2IB9Bz9SP{j0dL;ET_mW1@HH|Ep3F(C?c;D(Vu}M% ziKaukBuzWrz{G;K5|NKI)qh1^!)L)Ol0?Rg0wB8Q0@GiEXqzk8D0z}4lP>=B$@q4_ zEyK*SJUMt`X!R{5f^ulS`en?HwM=1T!IvB2 z*)2O$@yx-FW`fA`880=Tafm~wDJnRAIEX0Q4pp{Iu0}p2o?O$*{`GG*vgG*-ConwzvF6YMz&hXM1PrVlA2OeKJ}n(^Ntu- zYu4zOY>Pl&laQY`QOxQoHFktbtF zJ?r9)RIG7b3&^uIQ#bL0zb%xiBmT7T*AIqxwe^W zo4K}`Yn$GmY_(0yx@~pSS~tL)8@M@lu7i?Rxegi%Pk*k1GQ*kcpg!Po9W)BATn8m% z?`e&|x=K5zOT)F;9#`@(o z!Ngf6Lw_{Exiqot-Y26RZ&&pSnZ0*^;mcoH>L7ndc}_D5Na!FP;pod>zoHTnwM+Q4 zk?LFQK^X^YLZR3dp=9Pg|I5~cBjOI$&Z(b^jL~gZ*3`S78;K7mVKd~Jwe!r{ z3(Txd*#}ejgEAlfYE(cf6=DryxMeof7=L18EYT$zqmkxQs>5xpZgRzz#n6T`g2T<2 zRjZ(pc)@wc88nsXjN?71d$Nt&Y6B1u0HUN>*)2n;o{*I!i9K}G5FjYX>%B%YZer*` zS5ZONP|@EiFs}{Lirl=K81OJhoEoa|#Sk@-o(3C14}ocAaV7E$O}+{G*w0;8Kz|3p zLvp#|(vS!7{vU34Wt@qbm_^k;F$hSvip2QKYA$ny-C<;ndB&{bR^0h@TS z<|YZYPZN~K=5T0XGUAOENSmOgs|HV4gVHrQsl^qNJX(P~`Tug0|JUeqB!5i)A9JUt zPy6o&FG1RWf7b*G$scZfdc$e|>v`J$Ow#^qNPgk_Me+oopw;~*dH?Hv>!;^1^& z`yLdHC_>=&=E8no`z%!eqJJN)Q&l54SCHJRs0bV_cIKhk7JG;!or|8yI%-C*3TEon z3#@an+S0OV)A=v5$iZrN#D!~Fmo#vFU0>HdpkaT^KGdW3A#i{3aOh>g+uyLNDh`r((IAsejHHi608{vL$O# zwnR~pv?2Z^9H1>ISQm_%$}c;^R}K+;_@kKzzBENgOiheA{3+XFBOx%kV*!leD1F=$ zYmt{T$PJ({i%`(ov)>O01dFQqGUTKQr$W4#RV?$|oE|g1MVGaiH-_zv6zoYtJGJet z?1=|g3K_$;AgbiroPVZZI&RsZBXRP8q83mZY zl9V`r&3TBib#@wpfFl9huJAzbZPkXaBSk|Ti3AereTei%1b-V2`x6kBwK-MgqOzPY z1`=Ky5K)U45*#xZ3Qef*iZ$Ruv&gg{B2tqy=Zh+|)wF@EOysstP#}NPU8bz=cJPv& z7$xy8Zs2G(DS+Z!zr+RA znxerv*8MUeYkxZ?pDDO>DN^8_^KwKyo_J1!(V2G&v!zBMFYv{hQna^?_u+U=(bGL+ zvsN=BkHjg zn3f$7=YJk^firp_#L&j>F0m_TVht`e-H;ebk&Jd3Ruq z7y*Jynzkik$}_=drg<7E&vo8}H8Z5%TRsUVT;cjDI?JHruvMp};eZyE8U4~A&1pCF z8E=?5g?dPvSu?t&U%i1dZND>j@BJI5(X4M$R(}a`ZlY{5Mr+CxO|4u*$mU?0Yo6+m?i) z(H5HUXiL{XvJz)kaGGMr0w&Xt)5A@5>7-ZxfEgbp{s}M3ZvVuluZ;XYYJ9fDkj-w4 z$$!r4kpH7_0Vh8Spa_N#aXKLCX2>KuYS4jD1|(!cF*KZ*8UNjxk}xFVe*zGRN2Og} z>UH+3YL9cvl$n~0+^!XKn~Tt$N0mXBc;C^Vh2Fwlm*jQD86^6i3lVGcJC5Eoi#slf zcIO`~!z08$`Q5hGciS&yO@TJH&Nyxn-G4G|I}Cpe+wsgjOk<;%1LjuF_K72m-qyv~ zjPTCx9L~5`B+}Z+OsqLbUIRA!h{rR__F+F9j`XSNQyZNJGe|EaF-S*J_yIt_$OLbI zA|vX+2^`R7>k!mH2WiB7A8KYmI%Nv z5E1^FpT9j=zT4T@#~3^UNV{;~M(>MnNIQlLi_IZ1X0|{VmWinqZ~k&!ob0S9=1D)k zlmJ^Ib<#9_wHYQr;{5|iJInXdj%*xqvcXC5du~S{u!*%RPuuJZck<_LP80zhmC4!u znL}Dm%~~15pgsL^e(Gz-%1=Y zH+XvIjMdj}jRe)4qtO7#Ia*qd7S1JB#@7~PxXRGmZS@wdsJ+0LbOu*-$Jqry^@?~c5p?0>3nk&UoP zPPjCpoXar*kjirrSQ#NuPMyjZ&vu8Yj(9fUfI)7&VND@fwjgh0jug}WRKdIBidZE6BcmO-!EEDZhJJlvu z9n!?jz7Hl4saYGk>C2(a+&c&% z;5_PP{&Y+pT&QzLa>`iHb&yF4gDkay-i=&fO4h)FgRPQ$d3(tqVC8C4_+>dc%< zQf7|HDTVs8XLjVYDjzYv-Y%|!Mv zRBaJuOm)CP+=P^uCRNd#w3gN^usQ)P`}`_}FMqkM{mGIlZoL2dhx|Xd+7Ncn1H>xy zFEijWGB?gj5_$xZSbwi)GLIKb2M4qQmaf*gQFtXfrL>zjE&&JJBG{?7lIEDR= zifFHj1Or5j0&LxFeDyE{;A9t$9>ntiMvgV|1uS|n{JNpy@=JvkB*w|+VIyhYtp#$$ z_4CRC7lBMnEPe~i5^y0^ z%`#RLh#UMZpS-WwW#Y4@We;D%c{3M|OMmKYQ@qi$4}UB2nM~AUyQKbz`rC(De!QVn zx%A-$LzT;&V)+xTh`iH7&Y1CMRR=S!s3BTu*d;Fp>sorM_fij=CQk^WhU=lvdpEvO zBuLKs*Z=HmnVfz6&b-khPs{h$|KRJH96am(WPJRzip$Q%YOb3SDL>>>`78z1fa-w82A!i>ae`a87CqW;dcxg)DZQ>c?+kqkqV zVq%d50gBGW60pL?r`GYc3d;t&w(Y+Ac8jnf?8I31a%pYGvxA_)XPr~n45qvoMh5o$ zEk!ayEwIkn+V~7iga$T7(|dV}gS&S}vnHb!i+`q58E5GIP)#`$zAGfOi%B$A zGWwO;2yxc|Zsb&HHYeE(PEw-mLp1Ah{pAS_EjXOVzgY-oU9#TMn?>_Ex#-mFGILLO zmw!Rc@MaSSFh?K`!VrYvFF_DV5_`B1Bsf_M*aNAcj=)hp6w8Ore9SB5O(>Ww&3gAEg(@az# zP5<*h(Kk4&p#3fO+cbl>b!U`K{}y8oe1A6*EFS>tN~q&%+?C30rT)3P^|@UB=I>?I zruUm53(mIN2_^i=8+>8JNOP7Tr@;%PXsk?Y)g<9x)hG&*<6R^8b+R7mlo2&8l z547={Py@Up4*p6c{N}mP_*yjF4FOYvSC0mq2Dq6+2l4nd$oQzG#kDbV4LP0fgMa(l zCfM&|PZ40>Us$5S{`Xz+6}Ll}OL6%PY{(yB-_E{qZ5q0<`2kYTPs8snyU9KM>U3@( z>wE9jX?J!+I$F=5Xlr+iz3^OJED54TO5D4Et@+B+&mn5qT~EU$4ZjS_!g=jsuT;b> z`6$5r4gK(m>ANP7jQ(&Vl!Z(--G9v^LR%o(nMr447!;vv#d4h{LeE5J${Or}TO-Kh z^VxE5fme^BO5Bbf<>_bLRF|@cITXH=tR@)bo0*-FZgPy?AYZ;1m;8@i!6Fm@`@~IB z@>w!HbTm6t=e7tF_5Bip3%~J#RkQ|z-VPTt!y0sJ>ut^s0#u3JHthrQNq;hh|Ii3g zdn7CJ$);&s9HM1z61y@Ht<3MV64J$YO*|=~Lz0x~(1l%_IM2~PJe=O9!w^pABZV!$ zk`VO_IJR4{FhSP+!+Q2z$AU*oS)5 zK2S_-g-~eRw$Kgd-PTUNXEjEoxFP=;Ijkcbh6q&QU1u^}@a=dQDSya4xCJ@t*2^}t z2xZ&$Y(f2#!Gi6}KgjTafrO?lBs4`mT!b^d#l28iCJ>5--xrboEf-rDDP<_xBHn$h z;_vI|oK-XUqCr6g+H*qyYPx#he7yn}q$Rq#EZED!H(wxQUhI2?rkmPE;gCdU(}H=h zq$bK@gja4-^&~t=sDDdw*~SJzq`260JA;CvxHymm6_^Uvv#3_PXoY3AI2N}(7vnKY zi6ry=R8%Bwh(8Gjm?h~Aoyspe!&eRwe7No217C|GFvr11i^NI*V6jq<1*<71+%tBc z_as|MC%yI=NlQ3$UUqWJU{289KU>VUC(K zJY6>P&blwmj>O3WimXflHO&?>m55m>;FM3Pi?Q=yM=;?VXypWs#B-IU6>8U2;frA< z7%m)e^e1Plt%xoZb)35}?;a-{$dvoIl4<`7R37LI>F2LqI#JIX(+2rS%Gt41r zs)N-Pb5<l)fMKd7tI)O7RpMP zDr(v_nW^=k&6HTy#mR-1CWu4C^u?K(OV`Yi?LE8{^BiYPZYh#OCpAGNzT)RelN4EQ zVs+9=Ua>u-QC_h|Y+kWFda%4=yRThdvE4u1dfsb!#dcTwyka}ZE4KgQg)sAq z?I5qfNq=wswkmMG(TeSPdEsA?tLDs&21w4_exdThF?@~DZDAabHC&2OP>?wGMkz_sC27|BC`n7$w{n|og zZ69ZQk`(u$?kpwgy*JZr;QLTXk$R$G5`Ufv3~-Yo;`v9~)WCUYjyz51-0+1)J?>nC)!7AAoi_99e?BwE`Rp3;dpiiemfaY`m(Uw@H^k+1NNBl1IQ$b92FS3M-9Pmn&#BlOm=Hp*-a z+61?#Denx`M`|(ZgCmkrPb)r}n2Jm_iRj6ug$5{HU|;J1N0@1TV~V*P|MNj2yvJ%2 zg6>Ym?;Hgz2YeQXNTw`3k6`b=I-CZ#>mN(I&!u{!aorkxJGtpK_8QlRdw*w*L#@#` zC{-tW2aU%0expbJJ!nkM5AnZy*S({?Yt-;sIo_K*H4hpJ`cgaHpJ*2c{pR(-b^Yd` zr=1<{JzXE(oZlVY+}$5Eb{@a(J>7lXYofnz&9Sf1SdBY0&H#-!xI4JkF3>M`^Zk2U znlu_W`;CUuI6(hvH5-jSnt$f?aIds;-8e>HHm>i;I?=z4+0WsAV{(18*W;V}*UA}g ztKXoHdxvP(RmK-hex7Hp{24 zlbicix!V|=S5KzB-r)48&p&;=QKS=eB&RK!&oN+%Bw(w6vb_;UI@I(-<9 zw#Ctldiqm8d#LK4#4STRJ9s^R{QA1{d@|L~ZYvj$50%~LZ&l-1tbe$bwv4W_4b|73 z@l|=Z+o^rHlDEzML4SKPIkfl3Typ6C9OC`iM~x2l8oaqb*C#d7_Vw^^uXXsk*FV|2 zyB7NV&AE8495#;*Pj8gY@!o#x{O8@casMQr-R$?D1{ary(#{RpqaoU{(dqMD_2Or5 z>vC{$cyssdxOFI<-c@ey?m8Zw& z=gH$}{JOt$x_{lT3+O~2%heCpC+E#?2VXxlCQnaK!X-NFV~Iy#PEVwtr)T`VAd8Q$ z4?FkpWPDT-)ws7_j!b^WQd|5Ce<_r59*HzT=u(7kM3Do@XQ_4*N4n*7}PhNOVA z4=2VmYzQ~p<>^H0?nx?aO*G|PtTj)S*R!pyujkL@x_|of`E_gbVff)|NfdVOpU&jl ztxvU^&e`Ow^VUx(eU+s!1Ly1rjI zt9Pp9;{oJWVIW6s%`qiI1%@4=IMfvtt5<17X^+UaW z)7%nt@wqWYxXel2)0Qq&t5+{dO;bO~^0=qgx8U*B@%`3F*SQ-`e$rnCx2^5&$;*Yf zb12kbRHHMMucq3yar=D9H)Q?soBXJsKi+P2c7L{?x&2r1@9b@u7{S$PmIe_qyv0e@KO zmXGU?wW0cW{#E0?jgIseY4r5Ct6o9)wOTp5tv(x-*6Fv#-GAe6wv}?X*KIvMSDtUGFL9hdOX$Y-_9FP6YiT*`h>b}-_$w%M6F$S9v}64y?b@Jv`ogQ=ji{juh?U z=abaAK}Y!QIc&^I*VQuGTTYYI& z&ke*du3pa1Zm(}{ZYIsjc+59nn>+f>;okkzWs5)Fx_!|O`d8fR_+xKE=I=jU-oM;#se)V;^s{cIqQPocZ=ROr$;nRV^hFw84yR9zueViItbc#4T-9&j z>DAtjp~*MGY5DQ)2dS%$C9Sv)p-LcWS+&wz_R==uk^W0f= zu=QBlX*BM*r=K-$@bXdDCg)K-7`^X1{bEO%~%%7^>$>$m#Fsd~}s-x{ATUOuRwx@z}v z>!8#?s@kXeXy@+3Mf2jMQo0|V42MR?IKCH-jM1^6)SsrM!MWC|PJa$h_8yuap30-c z-pRJq+uJ>P(8tH$sylawtxr!%W&iYiuyatmI6CTHY)RZj>r_-vD?hid&N|c4l$V8? z{^6#yJNOs%<$S{7EHI&>wDWbL8diT!l)FlV0^mG#CV5w!rhuk2!mcW6XJddo~QLTYpxs#?m5L_S`yraWOVmuGR zBQy+CO^o*p2p@vQcY)eBEat}b)g#oN!6V|85h{>n`XErgNK%!jRecaj}mqckHVx*1F z0c`|%u`BY3LF0qRbJqQb3cJK~R+?4P)k?04rgq`a7XxY`g){A+bZOb5cG*mc zqQ%GCSIgzt)dp>Vh>6SCGN+S7Rsf4#I7l78)nY#tBx3}rEjD=w``+7@Tr09Odfa$3 zbD+Hie1F>wJY#_mN5(u%yaCn-e)c75gdrv0P#YpoP8OyvByA<*ijyCQ)hpqlSiN`& za%x+LuX?*re-w`B?AzKSQAK;JPZS_Q9djhS&u-*J!nz9eO>l_|8gOHT?3lY-_GkQ+ z<}?*$KtKZ+G{!9;FgdRh^atmNo>rA=(s?UM$A8!2P%Dl_O(d@fX?jPe6uB@8mn(A+Ohg}NY2U>J!1~W9v7)%5>eKyhaY@kiB?BuN_!So_cSNsn>od~ zSbrnTaXQur)?P+coQ@eGHCyqF;$ktgSLEAr`7`;)?{~~RY!(d2{lmcyyRC-XWgP|x%SYpEp6@IK$3|Xf>ntw7aVNK37uEKmw|ICjQ+Q<2}_f@7lA~N<~ z43WI;9UZBV7nuqbh7OVWwhk3p56@;DGtPQ!tA=j=_PTR+(X_))UJ|uPV?!=DY3?lFC?DU|1vTm-j}L4Mz;-l^wo68N$4&by0VTFmrc#eKt6$3#pvJ? z$JhX1Jq7#TL4W)(aIlSrUzBa;)!H04;tG!{rT*eSBobx2E;RetYHcE_J;11f&*v?jN6PCm z;E98VS)23NSB4!0V4LVlPa;8U_O`4o*`EdMH#YMjrENYS&i9-{h6sDZIe!$?dNUQSNd>QDUi)>FVqF4%k(FtU(ei*3S~j z0GK7(BDBqwBg#A?VSU}&hwvyhlsn2-6~=zM`wCn6;mq2SWRy<25eDVGQP1k@`FphQyV zlF!FhhEhuMv;OIYcz?@<97~01M$6>f%G)aJy?mKWCYwD)=}FO1NR+WMIX0$tEUn_( z#I=~C&U)0Y73$?mEUE>FpCs$GLhF!nH^2_C8W@V27JuS%hddyN4^>rB=Lm6#*^ye} z9l0{|1PZgwkQE(p);^gUFp{weTWnl4;}oO}_NX@R9)*4vRe!O|jy5gK6>8HMiKlRi zv8=!p&z5Q#QPC`fd2l1K$jRs&Ifi%Gf@6P)O?u|*h?7KGZdsL7d!B~VB`bsGiT%^; z%x7;f_Rq}228#ACaiM>9QFHd-zmS1lW)fFW0d}#n->ltF+*!u}hNYkL44lURg0+tU zTyz|oRhT%zV}I#P@^q0I>7OR{tOcLy^>+#GE|^m#*M{@Q#G>D=JUS(SYYP z7+uNJ85GLKFa~8@tuvb!jkRxOS^)2y#PqW<7>0--2iGhqWOcWcp4~>zC$2N-R|T7w zC&lZ7*gL>INl3hsIR=&jHCmd{Fc=meN$FiBD{}hv0e@?OK$*zq!@*QBR8Im9){#>w zk8YGqtS!#1DKaVdOF;0hD8-eOb+u0M5R&Er#EL9SXU_~#ZcJa(nQ4z$}-~~M`{A&jGucvp&wi*{@?(- zGtjM%E`NPR;HIoMWqON~&q4eXdGxQ`R(3zvs-LSnAIjCwWqRHx>S*&@oLEmiOYEG9 zZHaL-8@m?+XOqOC$m*))PP&C-64PDW=iIAk42>Z`@?QrDVdxH5lMQDJqg&;2qPyOl zFsUR~VVi`4qMR`1WIn1wxc$R&QcAb0!Q@AEX@7Q0b5f>@f@b=QD+$J#Q}l(?lb^!F z$;-Egi*oaMWC#zh+S&ez)~O1kj@aC8KHpW(53VQY&(~Y$&v&m)aUwoF-j}(ryHoCQ z)EB-=(t-3q@R(+Muh8N>b>tr{z=$znC7iV@(rKv9^j|>MS zEPt3&GMxBx30URD1O`hGnQ(nnc@kZnT!|;W($L|Bi&5fTo+oomIv!YE6FGdg>~@k= zBvea^Ilw%sryIGcR>-wcMd#K0uq6D&q|>FUf0-bS?Z!#Wzey41oXvLZ>Y4yq5*n!8 z@cmMWpi*RdNNHX%r}HNj>|v@+JWM8!@qhRgJ~3gDL6+>DjyEag36Tw+`+#t26Jq*b z_7P#`M=72f+5OGANHFkG87FE>sfApizKK)_9}1XSjN|dHnr<{WA21K0fRp2xS!olp z&tFkNNg{GBPD9BZWBlLcjxppXcZ>-EUxG*ksV+xM!7;(`uT3cA{ zD+L%cVUkIcOibEp2vrOg15i?{v`Ys=o4N>^&P2{~1mPtfIIjqC&Iw6&+q2WPRP?w~ z6h!im#`Rd-HImu_+;)Hqq;FyNjDOi2DQg;Y&&1t%iRmT<%w1elXl+S{>M{{QMu92- z*iQ@Bt#HZeF1!gPGd6oVgALsekxQlnL!8uElzGVzqO6!Kp0O+enAW>tbeq<6*ioeD zHg_YmfBT#kZF)uO(uAeix%di&_+}0L404*jv)|`%a*JrqZPvb0P1<2QVSk5e-PIwL zSj9}el!)6fDhox~#4ZeBr0FrhMVHF6XT^7=Kb?X2h}B65X=}_Y|h_N%ENT*drW@r0U3kolG_+VXFFU z=48mUz8X4X$WXo-z!;+MR>G;-l%32aDlRslA^9<75rL3IzxAaTtQO1YpPk!E1xFgx zK5g!9RX&s}IND%YoRt;YeNit*GOkbzTfDHpZ>LVR^ST_6`jAUS&wpg)0mBOd@{YRZ zNz{Y~cJk;fp7pp^V`ddgwwzmc(jQJ^%{7&kp2B8$i%5|LU;79tt=xz13`T6=XQv%7 zh8?qJxMDG~kai4)7SfK**kXdnWN;x(*^DlvX+pz`yHBN@rW32h#?y(_YUA$YvE0OV z+EWjHo}Nk#;WLP69*{KuBBW5XJ;DX}re}!%KDMbF#i# zdnRU!Q%w+~nrKO}kxX&gGV5!$2eRzfJkQHE{+VwV;$OK*vqZSI5REKW#r43MH77`_ zqLEH%az(9tr%h|un)r8E8bjvGWXUtJv_;~4XO34#=6_4|mhp>QGabSf>1)3hr2@k& zPRCr3bv24oAUoVzLYb(7*}^!Y$Wl``QyGP^MC^(=s1+%=w!*wO2yKayJyW{Pg`ulg zuSg{B`m+|u($seN_9TFrhR7D^fU9H zmS@8Jz<=V$PL;Bj`J70eLdyXamr3Gu+wH(QJ%&gSXVQh|gJ;tWNZYiTWD_C=V;UIt z^6SaxUt`owp1e32;+l0Ua;(jm?XRe$L^-fo$R1KA%@g6cgCTv9uHj`c{ zg&yME=o5+7sgX81-|FIUq|K5kn_7^7>?bxbv*aQVLmxZ--Yy$Qa$c?wi9+7732_Gnv@39PVU5Q0i0tvQ9fJ_I>IgZunyGIvCMtite@nKrxfH_u`Q0<}GPXQ_ zKzA0EKSfgJUnuhBPvAM;h0MQDyj$rbwg+Y1kZ5LV0z4>Cjr{=%4)yU_;R9~; z*=BC2lfdZ$Z8UCtx@u* zZ1&Ujin#O_leoR}F-^uA&ntFxV0ydut?Yjgaeb(w3t?pFGrq5=&SN1{;pTN%IMcK5 zn_Yc2Be2F_%jgaaz5)xG-_5H}W5JrW(F4TW*5;FBb4(0eVjJhe>{bi0 zFU4ni%zW0$|Tb+>cN^h z)n@>rEMK3QQ-CfM3ii~X3k8EcW#~e|c)K0}BSq6Wsm)OJm^9ClvT>E(rBC|vEnKHd z%ZzT0u}+p^8;SFwU(pZM2 z$1yCfTEJVe@4t;iy2;`amK&3hVylr8lQ)XUOV@b-|n z&U^+nW|xA|NyBzBaUvYG*}T)TS3j4ssdQA8bC*namaM_q!AR2$qr0aR+TXZm6 zxH6i#RU;wuSc{;x6}f}2ET}9?0GP$d%x6v{QZ8=xJT7jrQ?JkwJP*l>^1+0!dV6_7 zm9Cgrkm)U+k!-^ljhDT^9v3pOWGU|qasw#X-jTUlX^+z~D4(JmF@J<{Aj?~fn z5RlRF;7;7ma>IWtU8@^&lEGwQpwxM_fd`ysE(zcvm%Eg?$`j1;ve*$*Pyn4NIiut! zlb24(OQ+s#qMqlXBq7-Son!jOp4O^^`@3C8VvT>KX`5VXtRl!<-m9dnd(x=A zQ(2kFW<_`nbQRS^6^)2&%MQ(3m=Yi5$+33H{UUVZCCbi-T`QWQ!Zv;=iH~t%Vi$!A zIELyW9vQ~TMCisac~@LJlXXNPMkKdbYDm^R2%Zgc-LeG7WpCbCVie#nZ}z8rN`<_T+ah4wEuruLI~uyIV<~=mZ>fL$g}$zjw9lo|WHQ-QA&=M?6uJiX zJtW1ak}xM`D6dp;%<)rjrAQ(lfrSZyEse}^iz6~_X)(a>o4hbe2MPk-X#Uqh=nEDV z?E;_qTY3NXt;)X|hw#ruUR5-ut8ZQ+2#H?CNljT3dwpFip<8UAjW`}^XfKtqh^SvH zIoN;cUoPe%_o#&>iJF;NEBK$03dbUx1bf&VC1C~N{648Oiw3WCnqf1V zabY3%ivv$fkqn}pP+6ai0XG);f+Iq|z%gReF9tF*Ww$hIvZg@g>J(zP(pZG8A`HGO z6%IwHf+l{vv68OQVI>&_0)UcFnPJq75ss}&3S`Ud25uoouNyc6&YIy1h3C_6JduAS zr7c`>sxF5J1qDeYRu6|yTa(auHDw>78Jz2{8FO^)9im2l!1ds1I2zhb?&(zEAd~gI zmkR98_B}xDc|kZAty?Vay1H1*p~d&nak+r4ZI(C7l!hs|h~4#+or(BdAPYA~&7z;> zmNzR@2(MH{F!(4y{SE!_is`#1V0wRlxRK35E}H`9xkGIbOp?+{ol#7D(v$|0%3o*{9nGzCLN77>RhdokM_!ILNs zuR`YrXwcyh3L>7AGZ%kEQpj;5B#84Cbeh5U@tZLr0?;7Vc5oo7$R=}4Q+`RiOFow=&;ewzZfDvz?(KZ zEVO@`GKA*4zJhQa!?cNJ0EkQLB9Axlqn(A*HHn#MPs1ivPO^VC%G!3kgbv0P1iUEY zgZYSS1RHq6HHeu%f_}P*>DfuyXR{96;g)z_HD)VbML( z71bf`jMJO}oaTQl3>)4x8VBzKfN_F=dvn2w@tiV1on{2zQx#)mcP^QmH2U`u+JT|T zip<=+gf2A*$%2-`!>??VKn(3b;f*2s+|1?gyyn;=VFowjl(!zF?Q>&7%;sSVa0F#E z1CQMrCWK_BieWZFn`1Fv8)Xa|Wo$rAC~XjnXrqgV2<3md=0VZk&?4E;BHnJ-k%SCj zowYLvKII6;Y0+Yk_SG;yr!?l{bfu;EM?W%4i2l93cbp-=cL# zl+bcqa&QqzWnxc8=#9BR1K)XwD_X*dv**d@#GA$!(WRofenoP#$fM<&vxz*ubUafz z=VVKTrV3+m9XUT15iEU+(HnMcKvA;da?d&@6 zFV5uYWakTwiv#b>NF_!{E(V{M0Z^ZRfk$qfV*y*K7r^{d6tf_z)pw2+Z3kBr zYwah+XRb_p;ei Date: Wed, 12 Jun 2024 13:59:40 +0200 Subject: [PATCH 13/33] fix prerequisites installation link of custom connector --- .../Data/Solution_RecordedFutureIdentity.json | 4 ++-- .../Playbooks/RFI-lookup-and-save-user/azuredeploy.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json b/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json index 01f2ba0455..c34c39cbed 100644 --- a/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json +++ b/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json @@ -5,12 +5,12 @@ "Description": "[Recorded Future](https://www.recordedfuture.com/) Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:\n1. searches for compromised workforce or external customer users\n2. looking up existing users and saving the compromised user data to a Log file\n3. confirming high risk Azure Active Directory (AAD) users\n4. adding a compromised user to an AAD security group\n\nFor more information, see the [Documentation for this Solution](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/Playbooks).\n\nThe playbooks have internal dependencies where you have to install: \n- RecordedFutureIdentity-add-EntraID-security-group-user \n- RecordedFutureIdentity-confirm-EntraID-risky-user \n- RecordedFutureIdentity-lookup-and-save-user \n\nBefore: \n- RecordedFutureIdentity-search-workforce-user \n- RecordedFutureIdentity-search-external-user.\n\nThis solution depends on underlying Microsoft technologies. Some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:\n* [Log Analytics](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/workspace-design)\n* [Logic apps](https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-pricing)\n", "PlaybooksBladeDescription": "This solution will install playbooks that import users with leaked credentials from Recorded Future and set them as RiskyUsers in Azure Active Directory.", "Playbooks": [ + "/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json", "/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json", "/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json", "/Playbooks/RFI-lookup-and-save-user/azuredeploy.json", "/Playbooks/RFI-search-workforce-user/azuredeploy.json", - "/Playbooks/RFI-search-external-user/azuredeploy.json", - "/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json" + "/Playbooks/RFI-search-external-user/azuredeploy.json" ], "BasePath": "D:\\Azure-Sentinel\\Solutions\\Recorded Future Identity\\", "Version": "3.0.0", diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-lookup-and-save-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-lookup-and-save-user/azuredeploy.json index 570c4a29f7..6cd0b4bf84 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-lookup-and-save-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-lookup-and-save-user/azuredeploy.json @@ -53,7 +53,7 @@ } }, "variables": { - "IdentityconnectorupdateConnectionName": "[concat('Identityconnectorupdate-', parameters('PlaybookName'))]", + "IdentityconnectorupdateConnectionName": "RFI-CustomConnector-0-1-0", "AzureloganalyticsdatacollectorConnectionName": "[concat('Azureloganalyticsdatacollector-', parameters('PlaybookName'))]" }, "resources": [ From 25dabe981f39dcdd9c820044fba865974b179c6f Mon Sep 17 00:00:00 2001 From: Niklas Logren Date: Wed, 12 Jun 2024 14:06:17 +0200 Subject: [PATCH 14/33] repackage --- .../Package/3.0.0.zip | Bin 23522 -> 23575 bytes .../Package/mainTemplate.json | 5422 ++++++++--------- 2 files changed, 2711 insertions(+), 2711 deletions(-) diff --git a/Solutions/Recorded Future Identity/Package/3.0.0.zip b/Solutions/Recorded Future Identity/Package/3.0.0.zip index 1a4a0490fac45787e32981be7468ca79b5460ee8..2aff1591b2c9cea6c9ee28af6e1fc870ce0e904f 100644 GIT binary patch delta 21391 zcmV)7K*zu0w*i;90S!<~0|XQR000O8j&RJe4Yvplj&RIaq)Dnilu`fyNR!bB8h`0_ z+c?tb|9%P{&3BKTNo1{d?0hqQBX6<1+wzvA`)DWRjB2!-x#L!Um7QW3?zMv z{b8tJi<8IJcUq-ht?iYo&2qI?;eUZ5$}`mN4vZC%)xp-YCQJV)eL&-LvZTYW9)PL| zvV^9oZB^0#%&*5lXL(jf^Zy0^hM%y8K9p6|@D^~g$^)J`Hgq^YbFG50092+8M;xfE z4#(4&GNT!aBCGmm)oR|ytr4_%3Jk*-fv2HCJF;k?o{Vk*%k*WH2~O4KVSjr;pOxSM ze`7!uR%Icua2YPBqRe3^oKN6q`b+_69!*yTX<$Ks7Ai>RKpN;n_+`!clm~s*5cLOE zG;pu)D$ry@<-iwJHk8eGTlN%xdPWLvnKhEese)pGQ@WIO#?S!&f$14KBLRRGr^}4O zY8u0;tVQhF#11pnSrrJSW3$|Jh=gN5BY@rURBoqcZvs zF#nm#>PS;q4wP*m|HDj&0yks?jp2bROyHD#RUYH!=PkzRP_n@O8~^{`)+vR@quJNs z4yN3v?+`!XWSbkeV1ThgW=wo$G#gRuBZ0UEkqsb3Kv;toW&;X87JmVUe%tuqBFg55 z{r$$fcYh`<+Pl{1HAP|<%~~JrxflsTi1Geh9xyG56=%A@Y4G#_#Qh6_Q)Nx=>r4j` zfdoW!pc>E(C9npEI3}zrussoYXajNyLByaYl4sXx``sC6a|3_4@$OHjm3<(W5O@-M zaA-Ez!NYqR4(EXl?0@guJo?HHUu~zlz0=s;Y1X%Qced>By5^T%!J4Y8Sv%y+6`I@} z+`BOM8_())kK5$~L(}E)fhuUY&Pr3^2plZn#JCOUmuuvK%1}8t%lssyMK&u3j$R3IywsA5Yp7V z1n(tNhX^;`eb}ft_`lTwoT0*FZcCal80uPO<3m#KvdEP;J{XelVgQp!H$7kzRt8za zI~R0ktXqreSm>iVe{OD!9r&&kU|xf)=z!=Dxwi3vi2&0>R5n1?HGQqhyump;Zmm{l zN5HoXFA9Iyu79F+Z+zGgxefdaV=ljAF5em>vODey`H;Z16h#XlhB;u;4w|zP(8I<{ z|0W{@WO=@PBKTYk5i=9n zwFL$RQPq=)svagP2t{9jvZal0s-TT#K6;92;U%T`fr3;N-8!0p8c77yNC7grb1dyN zh_utljdmI|w9{Ba+G$YIPGfCpr;$uMjWF$q@LR}}S&1)e>;(9zhWMSAUZOe&DTUN7 znns!?jepc5X{1R7Ah}yCbu@|8(aeoHnl#kWTtn(;Qc_2AZK6Ck||G^x(S9|3p*W zcGAtXO}B1xzgV){CX(HDZe+JjLw4J1NOs$lWPi84wq&=ROm^FmWCvd19zrFPM0Nh} z2t*g^96@uwcG2XqlSCdnQ~;8@#Zt!(kvevAqmCUK>eyLB>e!*Aj-9ooj-6!c2rkl| zFSy7IYt*u@(SFScuQAk?A$@Bt&RUye&vi`Ra5dlYfz@?xffK6GExCV%ERGG0qN9(c?Ol6^wHDHs0;>C6*;j3nWa zYc>4S-<|LV=zQmFkM%s^|C;cqlVk?>bhT-&Y&)NRSJopT9$&{T&1xnPi}-1Z6qvl8ORKGk?FnSH%ylLJZ4z%;5{jWDiw-@)vxAzZ+t$*F8FZ*BbzwEc+ z-*@KNH*l=hJsf8Q#~a-r-e{Nbm;3qty{k-Ht=ofEOKu&)|8?4})(}qfdbD5Jy=k4m zFIzYFc%AUymiu#b(3;*H?+>{4!Hs;5+UmFPJjB=(E=!ZmJdyu>%b(+k|% z$1lUCa4INgcjD>eqqr@68^4@AD`$^mWk*n6)UzM@`D0!GD1U4l+WFz@#nYG9-RIMp zetuWGe0r?yJ%6hkCqnc6ow#lE5;uZ=8_}#=Lqf3 z0c>=*-{Q>uxjAj%wy#G=`<*(_8NPpbD#d|b{JEojH-`6jH47RUEmq)kv-%dJ5;@N%e_TfR~zdk-F&)>d0 zjK9@~3M*Y!`KNCUa3byuPA}Tu4!^u_ zO}~Eq%3s05J`p(x=Im7badyr<@RIQK`ndZ5PAA6|L2b(Y!}_#y)zrUM4qh6U(*76u z@m7)AhkyO6&XxT2dB52_W-HSlyWgM`aQ^<(cm^&0mc2TgYW;mt1)ZrTUkHu%nf!Xb zz5V6lx!P2JJil%$@5k@IR0Mwa;p@3{xBank+dH40_g?$oM2Wpr+O@N@m-oHF=wusA zu5b3(>h=C)*yvQgT)&R=y>s@5r0WN@^JcGJJ%1Si?#I>W+>q<&u$*tvx6&m zp0mn9Wmx~Q+kSt-Usmt#M80=&*F4gjx9x3S7oJ-)h|8?lKkMjxy?*^7H#GI5Buxft zbAKD0T%SB_E4t3!veH-mWpvls>7Tw_3cE*q^F=j!GwFJ!-57VzS6oZdpT0>?`o+`T zc5ip*nLT(FPLIUe_RjnJ;r^7+_E{&+?;i_2a6+kGP{+zkhntd}@r!{xQuc>h?bv|9Wa9NxVe zXAg3X1?nDX?DTgJ`HS~L|Cl=&{&>A?_D9v{$KFe|f2VW8CERLGxM-YdSEF8QFn`+J z?e!nkFXE4#!zN#yo!ouweAGU&wQ9Zb*lO3N%Ed+J>&?D!C$-wG8QAMz*Y*DX-RnMg zyCYZogMR1fx%PZpufG4GH9yu4#>38-eW+Z_Dqr7!RZnJG^V>!1>y-T_S3bh7JGV_% zKUEtyy{9MrLGK?Q8S;}pxja8Qy?=brb}x=*A5Yl+xIH?!y196k#@ghib~w^@>f)Y$ zy;~6x1FyZ;Y6jSmcj}EA{Cgr*rgx3W&9!hS_l2{@MES_>K7Kj-Q9F3*G{AQI8Sc+$ zU%VexE^E!#nlgEAGzIo#_p)-hS5d!cjjLHhldJIV9!_`bugdZB;r_*TyMJ-9Kc0+* z>*m4xv))1PUcZ^_!t3Gb_M7^Ae|s!zmp{IWy<2#M-%f9;JNlOw@m4#1I#jhUt=rcJ zNKU)^*T-Mv_xqLO$LG2<95;4vchr|o{lb6@|{O;!V_IBE?O(tCXwY{tF9_>GT zz3Ol$+jlS8;qaP$ojmN-cYk(NL)~e-?{7a{NYC8E$E$~zyKR-1>b!p5uhleA@9XWe zsx&>_?VY`dCZ*O9BuJ(?PzcsHLI~;pnA8kKXc3Z7`_Un%ZJ9>F(2!C?DvU~7t`=kfj zlcN_Eyg$8D4NYkZlk0=FaefPSKfX4&!RXc_s?f7(8*wA%d6$ELD-|NgRld0MMHD5vAG(KAjS z_+vvk;pOJnS!Hygb?Vcj)BVTx`>$2yXmGkC4)*s>AN9$}xBBk=QRm}Vxpr`NG1@(B zTpl0yFSkYZvU4V=XSE+Y*XO;NGUFt^p})Va?2Z0SlB~2TJAWA9XC1OA?R;ITZ-ot8 zrf??p{v5h#dX-!m0>w~4ArBtpaJaz z7I}NJK4g%5FV6rHui*fu5(s5iC^*Z1NIVj?1=u_Y9c#d5$V`q!aZVO35AzRj6jq#R zs1F)XF<&0wH-CRfUU^#ZE(&|AvrzHXbOve>1As(tOPfUkyeb=mAqM0R$r0s0FtR#e zCEPA+_N0CV)8%-+H6m-WJV7`<0?<=OVBj&fD_k{K(ygT_AL!%4LdZDjj?0`Mk>@bivwFq z6y{po2V3w7h7=bNw4Wrn|0IqFPgpa?*>!8vt^w(2z9HZ)MAn&5^5FEHqS<) zq+*^$)PMJgIkJQ3EwtKrBbmrQ#2vMI!%ZEt>dbFLWlRevQ^vnA@Hcm13{tQ$>ystO zWK?D>Ln=Z~?_rylXPyAJw#Nmpa1$UglE!BlO#z(H7dRA~g87+&9dcqP^4M%ccCdI0 zaMY<=1A8zq_B=d%u7X~uvYm?uS(h=J*N_)CUw<^N;&B9gxILMVy0x8_Han(i>%1Mt z&yJoMRnW(#vkDLTf+XO}rsAHoW}fsdz>W{mdxd_&7Dt-z;&vHchYExz!mjFRSg%$S zR~xngLMARD%bX4`8%R<}>{7>O^csqLgEB^#+TutF&qBZVwk20Ko#x`lO*S)!+FQVP zy??;dbo9!YN2xc!8X?HO1PwE!^c!kJWNj9UgRiK%2s#+kt~mX1SiMpniq(q~0jqX( z@Tzx*y%+QVK&r(=7AJs@661-}rl%CEV>)^X z%$AC3tiG9O$LiZt0Sh^8`kn~~V~-0}F%c_k*251vuvDwVGi5yst9zCc3Cx_~Tz{+) z<~SW|1Zyw(jQ!_fE51=YEXI9BzN=P0;eWnm9X1aJ}cqh$;XNR8;2J|Js|A?gqy)Wo^b5Ql`+Dnpf? zX*8L!Ac{z0Lkbmotd$K(Cq9}|Eq`H6&QwOOfopV}z&_5my{{745s|X@Vu<8z@2H{z zPSDni_l#vp54zk@kFy@zs==GTyY8G_FzxVD&_m!No{Ya^&d(1%SaK~7CP0*-q}x;F zDQ3`+$B$*Wx1fxSq&!r#ky{lrfRy>xxwfXWYC2WU*S(N+5~0v^InF+u(0_YD8@yX? z)b8qyPuqL&pEth2))uYH2Jd4Lac#CVb)U37(zQ={#B*v2L9O}F{nIu$&8H)0#2PQY z+zsKK6nq((vVq)dC~2Dr@1ij)PFbi-i1Glx_yW!R9o}e2#pvl!21f<}>nS+!4*JI* z1`4*(&}*}z3IH}et#ADA!};1kf)L;vwS8!J%knL6?{4bl7kTD{=0Lm5uz0W_Nmj^f>e8mPz9aOTRM-7*Ja2P2M)6~=W!s9 zdoqJ;qANX#6s_so(zc|37O>yg%!ib&`G7dza}FLN>J8^efS;=PtA8P@4H;G($SVA7 zj2sKhr<=b08+yaZ^l~uQBMzQ=ecy5V=(P+U7f2@q#ou%8(+#@p@DvQ1!alyGAHtj$ z-IC8lWEXuTXoliM=ugBFjk|qzEQry;XvDsb@4$s6Ut5EuSZt6b;sFp#v_*E5#~HoM zK@O*~oNoGqrgSN=!GF!;bZ-HFj?7pcQ?*#%gSGA{ba$kD*Nb{J9Z68OXUqYkZmk1W z4kNMo_d?9Ek+Xj+BmM-qy$x5wS9UWj$uPuO5Nu5hRA6ps9D9OA1 zvkUQ-3ptVsvww`1%ehr|R4{n?Je^Lr2C_U5$;t!Amy+}jd}Md^1GPbE7{SerGL3XZCZ+O24)D$N>uS|nU)b3 z&4QT+s|aOQg69}4=S1w{*k2Npo&`FhB$1X|RxQ(>XW?|@ZHWrW^u_*ZcILA;82e}D zVPnenFG-<)rgvwW;J=80J!TS5PyuqWvfr$|PuzLO07j*s^9@|Y05WSI1GwloG!x&u zDIQB*$$!&BX1ITr*s~6q(#o4K42}7k*AXRaDOn94b_)`gLdRh%A*%0Q)`QJYl>9L z{SpwoFNk_%Hk(lE3=bh$9zd+fvTXLu2<67~HFZs!bm}~%4F-pg<_a$Ims%9CI2FC# zb)ELQgHVF<*Z~|j7?fNRlyzZDZ|iZn$FZ8iI1}U^U*S*r;-Y+b$ZQ($)`yqA%(FAv zn}0I9#VOz*{t-X=*Y0Y2pBnW~_1*W?`ll*6?-Oyf`7KVgr=BNvx?)>u9L>k>MZwub zVJy(PYI&1xp_s&M7xxAGDi~v9%s~0C2Zb17`lGrsyJa~k(?vlu{eQ*f6ywY(`hwZ%5B~A=<=f+Bwf(FZ{Nt;3 zesHSw>b%ku+B@y%`})P<&Gh2=X8Yp#{b1+t_xPyd`%|xpDoq&L;V-aHcc!a=o`CmHeuG@+2j{aINdRDDSx>|@1?zg z=1PhyDf^YQd|%CarajN`{v>=#E{oy8xX6tuIkIESMN4UIp|!7+K*EG+CQUOjZmU65 zF=z}xX|2*89Sm;jB4|1nIm;1*mw4cu%qKY~q}grXPB${q<4REw%0C)ApmEnoYYXt& z0WP7wh1fGB^{#6L<|{)ssJEAEmXI{BddGxCX&qP z?CBIX^dLkYnT{Ewq|SoGi3T5M#ia3!r3t{a-VNj1bY|n8EXKFFSK$5~uv)z76{<^9 znr0WmE8vrxwe)kqYWnWMkVVNY;x#w7eXX9h!%oT$^`@soCb5c|dVdKKw^39UiL$9( z7@|niXMl?@mF-()UN;=oBT;Z~Gu>SM7k(-8z?JJVCnpx9N%7i8`N~HPepUrY2i#DS zMR|~vHfI5ABP)b=E=0Mn)~xlH55DAbjhb$}7eHr`p=y~_N?Gk9wR3DP1V^9yHJ|C0 z#<3_;V&=rL=n~!21%LOHX30tNsPfoD9Ezpt*npi}HYR1N`h4c3$h5v1I-|%?z8b(N zqVHD1sp*uR+$AbDF`yy+G360~kVd}^q!+B0tMH%QyIKuJ8Z!AD+)z7-GjOdk>B%x(n*{xh)dZOnHsg`o2Bdcpnor6I&@S&WN9gL87#M6YO#5h zE>#&$%wLid0Yg!N&XZ;plsnY*M9YmmPfwPi5)$Ldw+!fr#-)!Bi} zg9}zs;NmXeuW@e(`CrPSGGyxqDZEDJIR!jhV_CCt?)EOl%r9t)$j&a8gweTDPCn@D z2}WKf3V(aGsIHdyBAo_^G=Si?)FF&1WYT1hA&Qsk+~=fywf0R+7pIycMm5!v5+j+C zv}M}YY#(I#uX&!AZS*tWE+oHl<7TOFZ6O+2qKfN-GjC3iRz<^|vgC?d`A(bGt~K%R zur!9;mr0XnVrh#+`OX}#j@*~(FXNZAW-^2w+<(`8Ey@IjS)7i#AnR%rrBHUbwS+QN z1+#^5M1iKJZmu#4Wr^4ob5JW%aBYQoe-PRdC3~uLn+ro%zh03_+znC(^4e_Fl?ivvp@J5$P9>T|+* z3V$sJR8%I3)or%}>+~ohL7Yh!o)4Z*Gr(=LW|B>b7?f#X=*zFCpMQ-}H+}Nrbck!# ztthazz}h^qHe`*U%wnC*B9T}6>C^#^i`&4UHd^eT|0ikxvZhflHqaW`r^7E!vK@Qt zlo#?W-Pq~w&)8#eq$w6l>rRW?Qo7XQw)AebCdkyTwYWLG zdo6CB!Nu0wFO{3EuVWflTVKaC?zY~Jsa$SxM_MOZ+&H!CtqEI3_gmbV+65Q=P*jR~ zL(Ie8;j&4o4^ z(09$!?te(}c)U=? zR6PGCwJe^0!_AB5-{_9T^Kb0WoDrPG18(Ba3LkLe&o*~MohXb2>fj?m(!n4)|9rw@ zFHO6^{gB{WyCk>%>9P|jM>D2#TS*e1Bh7oyS6|!p-ZjaH?nDH@o_LNX{F8zC@a{)uZJh>nzp7*5_K0fZ++SGa;B8L+&Rr0lxe12)Pps3s?QKadA>eVrvP0j6!fV<7YYV_ z%Fu;^@pe4|6j{?*u}e|)7&p(8vQd@ZrBC|fEnKHd%ZzT0u}+pU{fXbd`k20~t2%i?Wq{35H*R#3BzI#Ti{W)AlDTUWqw zQar?h6QfgCnO;)-!@8b*3`5Br=di>Whc~#bX=53d9>=h_Y5{M>zW+87>86WISZ+*0 zfkSTthqA;N%q?l>7F&>uUY#MHAm1Ix=rzBXgzmr8>QlxEEPp&k;0;PM`P@Hw#{sM` zX1}PQTvSjlDkx`VC+U6lm*JGUuYpP`1=JP(Mps!P`UXI`cWym|Y4+rw!Z5#febq(s`%l zuYN9NQ;QPyd2l0YFPwb*KInX)bD1mI?|G%{bp`GvmL}2V6FIwY`niObB1AQpDK*(p zIncFv9+ZsM8@Dw@mX;eDi?8#gAR0%d>-pwebTC`AGJl%8RU;+ySc{;x6}f}2ET}9` z0I0>t+-FWDQZ8=xA}(&RQ?Jkwya>sQ^T7nKdUtt3l`flDkn1g;lWap7jhDZ`o)j{$ zWGU|)up_|R-jRiLwm#%7@6j<8T`_p>>LN;b$>a1->$F0>96kUh1!!Lt|CsBd@voz z2SpIt76{@hkI7D@@H0zBc&4rj#8jE6=5p;>J6X(s&cC2c7O?>fx|ceDQ^6`c^j7@( z%ZYHCyE;OGp^!-47Q{Z6`ePI!$LLd;;hZ=K6se;R0fR?JgFA6M%MG*itZu@J29qI618I>mwQmo1&5veGC6 zGiouYBZLl@`Ie^)Cy&P{tp^J6by%%H5%EUNHcEH0Qma-+2Y9AyM+KzVP}uWA5Jd=k zuyaD+#M4@JaDTrKaIBFy>*7m|Rs@;Ldw&&|bx#|$cP7bG$*c&kF@0GzQANWd+pa=#eec!{zzWY@B0sGy4;N|Iw-sMtm65=?-4ghmEQG7-EnOx~5$&SV{N zh!M*zmKu^Z4}#}|Tz53Varv7!mKX*2)0_PXpAsQ0K_+gf*xkj!wMdXlEk!s3Gk+v- z(I5tkTSp@Xj)W`?0n5jz2=*qHp31k!ck&2CP;vSdM{=Ubh543W`aWS*f$fPv+uXPV zV+AE^IT|batcC8njdy?214?8*C7m5;bQ2M~0L--d0r^=e# z*SD@9gjg?Q#kQmggQ2cf;4L=N6qW-T+)H^PK=l)TxdHMXK+B>_+X8&feN~DEk)4|3{98E z2M$?nd|*VV8ESY!H35kS;1GYe zucvF*?t5Ujh#CT_iMV&v`hQ7%Chl>O;I&ROYDP0IEaHA~;OWSsfwdDN>$5T7)*@f# z7}GD~7_rG01D=_%Tbealndy_#sW~8HhR3VlCF_q#Tf-cfZ|W7 zVblx-#a5*SvSW5*?f^@!8|VUO&G4DP^T{`!fRoaeu31%=B7}mHD1Tt9hr_3>Nl3h! zun+MJ&hwYc96fsnsgWD818^3NhIW$&G8H(;WPR_a0=u()4-k7^V$MbCmWaEaE*5j> za6@=p9$*_=)vYR_VFoT@cRizLA^{i3((Q4(9AvrGGUWe+X|7e7H@G-JgAIf53fa4+ zV0yoKkCa4`tvTVONhP1XH%gLZ@91x(@&^S?a<({b{$VXl4LCYG#Z zu`rGa5iCk@W1m%kxtIP+!}RXspZJrlF)P7kj^T>8*dI0nHNVp;^=fU;M41XaFHxS2 zJ&3mTtjW?pe9YP=$p|JGpo)4>6ezhT7P_5E_I5;gNy8oPvxcZUVll-Qho!POwcLA4 z`0mw`v&1me)_?347qhsyPfFde0SsWQcfA{75wgTNLze6Q0pZoybFd9bv);cq-)(vS zZ1Ye?b$N+P7f{=)*o2G5APUoVgR&sO>)Dj6O@!j1(yUc5MzMTY>3*-iGfs+xUVG9Io4H4EK3M`ZIP|haE<+km#;1*MBk>Cf0^4%rh=`fBkjAcL}C{;s& zhpIrigVX^Dh&Ctltg5yZUQW29b5;cXjDQLR(L5xWM_h=`*M3y;)2T}?0o);SpCAgM zpO7UgQGY+RV8zNy^BdCrB#aC#NzKSgclgg4h<5DORFT7wm7AhP|0BaKnEUVZ`(FV5nt z7zzHRCAgVG8IN^+)wzp#*eN+E6Kh~k74Bx{et+Zz6>AzZy8M&4Yp$_xK`?BQrHe(D zp&Tu}3uC3fJFH(%^WiHO=Fm8r<-%r>CvM#lFzU$dOUGBEb<2{Tz-oC8j zwpy3fao0EsRSl`tkFVv!Ao?}EIJ@QUtqaSP)w+_b!wC(E?+Q`~vV_OlQfDM6N>n8% z^nVk!Fq=Qo1*h!ugkqz6Tg}H&dNQB*sQCG_jLgqlrUl?L>aw}<1?b&-v{B{m!4Pnx zuF&u5LtxRttDxx`Y1cO1{qOG^0>2UQ02I4^Bx1<10U5ZBd!ZyVHCqPz>=nVhSJKA2 z?;Ey&{^xg(%-xP%Lsn-Bm%*cG&Nv3Iuz%)DTV(>T;0h)Vt@8OVAffor``h+`Jcd{e zFY8U~uG>e)hIT)hgKqr!?(fPNAooPAf}h;eF^Gt#^Nc7nKZUpZVZLJJx^>RIE12{y z8KT%_A<3gZ0D4JGBy@x00N~f2)PEh?8N_;C1xN?qCS=O-C5g2IYjOMlD! zJ0HTB8$ToIBk2aljXIDnL-P|BjP7Sw%-L{rNOj+LTZbw0k;6$JtnE#3eM?4d+|EWv z0^ms=P`3Mh>GNNfUBrB`406t(q_^?s2WI0lMDwco%LgWr*P5Gz7;G#7#O_GIObS^l z^Bo&Qt#fgU1iWX=b7h=!WlRA6M1Ro&q3`e@&ekz#h^-7#V92@HJDxjeBDbWHx4jQu^N?wFxh9YDIgy8&>cBiUmSf0u0grAoHf;Sl zT&}$bO9q6yk*WVz5LAhfG4c9GjZpfcD-Tc7h}oOIS@ ziWvzemE_3@hUCQyNO&XxTYor%tH{&ZM*~Gb-Zf0rD1A;+!?SBrDquA$P#kk5Mwc1L z2Eqa%-gQ$fgiS(U+sDn|AkFYDHy>OSt*Bt9ez!|8Y6739!sfJ_LJbzRtUez&2`v)AO?57bug3P( zv(&e0s#w(Yvu3`4sb8q$?h(8uD=39(xhN=U@y zt5ZT&DgNKO@;#(+27l5xgK3-*q>!{<2kMr>uU7bHyAuSiua$&NcLuPlyYcE4$FhiQ#OkW7=g|O}nQ3&fy zA*=_+EUf73r9S-hf_%MNO()0`J`I0H%6O9)tVtKDSxU-fUVpMe0^(&?Z?Hfq6eK=( zWN*y&bA&7e$z#S2X{AnC@7x26K(pWC{!X7UEpXTr!S}o6>PO0aXj#rUuVDP7IC8kI zD54a?!S&r>W(X?!4w>Bc*r~1HSQ^8kN(7K2 zj0LDUJ0=cRVysyL#*HoJ4r0Rqz!p3MkqPhu#v(==%7(}@J-`g%SIFm4keI$Kit>~( z6lYS6kyXZuU2{$n*VdMwk-6lKgcJ1z zb?jg}Hf8=IX(Jm8Pa7G%yKg#Uq}9z9O0FH5gkmm1De_ZN=cn|1-B|Ob3rfP`8*z&d zks?zh=ZvKJA~`4Hs!9Y+ph(UcZNi^xh9rhxB!2`YK~f|HB|uap1dZ*O_AxfegS1G$ znKk{U;}_OC?ArXV>oP!(qovjr1x-gHj}DJma~#Ry$f3x-xz;K9pisM(N%?v}XDb-< z?xQpF<>TU*SN^^OQx$gS7SOyr0DRYDw4a|=a-rAN`93c>Z7o`Fn@`TZWIN2xzq=I4 zZGYo3FRg3h+hubK>eRPER$-Z>4m>oM3w;-fYbkf?=es4>^NuVM*WyM+;@To{ZIQS( zBl_M79>A zFl9n3!krN`uOImq1F^CPL7Fi$*-#lBNUWrzMkoW8C~!bR-sUJ!J|t>7Zrd(mGkw5f zmwV=`Y%m;)oQVf2%L8+Cuip-KUdLRG(UG&e-LuH8#iV?OT~xUKe5^24>~WqE+J8ls z0e9>ocHcW@5xc)$vHL~pFDAu~78!7h47jIi^J9Z&) zddDn8yF#?fRkT}hR@aoK<$1jsX}u;_=fw0jCA-3i{kCP$U)6~13atk=BMKR>O$On! zVHd(}VFeB?vyjQ1u?v~pJ7!@8UVkrD;inhciwv$s2G`YQaE(+;ocNyQog`J5{oH4p zJj>fYZ8IUsBG}4raeo&Xd!1p5jJ+#4;4Fl_{zu-(^T=toC}$-2)zUUM7M!-3kTDAP zOpz-xYKZ*OHb>1+q-`$JHow`l&D2Q^<1;o}!+3pd8M$v2o8kdV$INUDA%6?PcFhf@ zH?z|?7rB=GZHrvXMXu#lBadc$d!n?;)C zT+%FyaBmHz%u0M&V<+GjNwC}uiodxhSSIaj%GAn%%iO;G4-8G0$Cg?st7(7=bS+oQ zP)kdMD)fD%IA%@kLo$3FLVxi|9|A^1c`F%KQ5epKftd~kZpc7%?aN5!3d*|&@_1}W z)}!qfa|s)<;>-*?;^C1qoO%29p`gY@uaR2tq)uXOABVFNQyd5eci4a$SV#;- zkk+-VgxATNLStbj=U@(-m>Iu~IUW^?OxWv}2|Ll^gpdVYT96la>@%aQtf^QFa}w?3!E+e~3M_tm`@sme7rEU6tld>3I3!YgY#(b zMkifQ%)@-b3eo@dpns&=<=L5*VI}2SGZDPDRAh->ewJv`0jKfy5RfSq#6+;5pCl)f zG<1{(xFUab+zgA)U#$YnvRJWea;xq`y<5h=ci|tL`!y0_uzR8`fiC>Nv86pTqt45FGM{vNklhY+O*?!U57ju2m7Srk;xYOfE@ zJa=rV(OMY|5>EeAh6($JHdbo^C*}jXh%Y0}PEB(OEq{t63z=tKypf7FUTXpQvs`r( zJ>=U$dGZA@XQp5@8Q%@C6v(z@2*IFbvy~)ev&az~XjN#Ng|=B}n}xRN|H)U|M6BCZ zH?4Iuh;uVu&RyuBxK*KpM#59*pww^{I%oj6LI;h5tI$F5ScMMCq}b6_>Y&*)!#Oq6 z4v_fnA%7D4Apl|3w;PzSYr5g0&l0uLBJE$WRiT#_dTF7T7J8}wC;P4D>W|*L1FNPy zj$5{Jm5T{#Dx)J8@*+(mQ|O={3RB*&`z~!MQZC{N5+y z9B)_k3Youmf9dmIdFmj4$9Yau3P|uE9pUKnUw=QN5)!vd=(M5gTOI%j1#1Gn+!ugo z<}?4x)`Mf>4%W`8pN);t?bg=RyPs8r3WQo)Na{*Li0aZZ;zk5n#B+;W@~ToL5tuWp zD&-vWBdh_ce;2#a8CfloqM=gFBGou-43sxq9d z$$yNuw}a~m`CM~KrfMaqBP1&r3OuC6atG0)1VlSwk2eJ%NFbPnxs z9#=xP2vUaC&<5CbG{~Fagw)S89gJI=CJdyo^cx;Elx_E;nQb?G0OY(?&eu!7iFb;phQ zg^B!gap#O8zgouZ=7KY3hqCcmJyT@-j2a@pjM-5$6dALNjM)p!m`&IRQ}_cC7yW8f zf+`hc4MMbKHqsbkV=UGsT8g3tlsa1KnGq9_a?x&Q`3fjs~;oQ)Gf&-7)L=^HBiTV>3v z2e-nvwiL=Z68MaiGvDe(ImpEB_eE z)3Pp?;dz%mNmK$AIfEJAk@5D>$&X7q5B$W#xH)t`Fz~uI7vSI++<%jQB(k)<9FV@^7-u8F(E@3U>FBD#Vb&n`O-^cYg)|ReOi>tMxrG6m-gqX-mS5{)d4_i$A7fJ}J3sNP)>Am)SC>m3s!0Qo) ze8&!GDhb3te5b7>fOW468Opt~3c=A5XC9kvk(Wu@xyaeD<7V`$V1K4wy}()tt1Ua5 zwIskI3ni>}M?AQecUc6_*Ufd^0}}Qp>_and9|-pGqCA8?( zOyzm9DmRjcL}SMid_NZ9dqH_u=kI+Hc{%4g70umDbnr<1*jSW4S&PyqvI?aQ;Rogb zU0z1IVBAze*%`dDkbmH#AKrZMWhq=@YGTwORQVPxiGax)PhgCd?6Fg{g<{SDI|95L z<)C%l-w!bai>ezlX2mJ10<@S_Ec3#g9x=T|m&Tbl4(^Q<{YgVRjh*fMi3e31nSd@Y zsQB8PWnem9*`Oz~(uklI5J1hcg&}BdD@zw!S-L`8{OD2uCx3jJwW!i9TAPaApW_y# z(zJr@`sno;Hp7uxhb-AO#%hZKT-6CK=v0en6&(TqP}m513ZjC4nUJ}OP8`7IJjBFW zJuRL`(S%)3h@tVj8A)*wg1!HD`0K)n&dhC&BqDU`v8HwJ*z;)evq z-9HlI4xPQ=0G#vnm)FjRMA`@*jZ6wK4sT&X!@ZV&&E33O50A(jvNxh33D54LK z5*><`E}}JzP#3ODuwrB)Lh>^rl1B{74~dAomp=k|aJ6F!^JV*&q`+KLG+4*lVJ2i< z$K*3(t~`nqv+2AXVUH({)j)jqo|3!NIOJsl@u~#vZGYokG+q<*bl=#t718h`amJEp zUhqlE-A0~;%0yu-AYZHP$ngF(3_2#-d)G72*jq!)Jj{G}#xdjoM=WL)7f>hcN?;0= zGQMka!-Jsy-9z`z80~3KjFnv>b^6(P0sgU3q>0e2d@sk;On zj3F7#gER3=Ga*w+G_j=?Bk05-%RN!}fl__oGwsTKAF80WucxGaY*AoVc7UCG%mupi zfQg}t++7k^PQ@BLYPuoCi1IOc3n{6bk3TCj?tj9Tty%l1SyA-wz#1_E2$wkPirAEA zf=^BJBvPL1yfJI0NZ+@75>C0o^;2|~LB~<6&Pu}}Eh;zqB|%!yZss%IF!K@(pfZ2`Z&F$bac-h)_oMGqK|||GA~~9Aa6_B^o$)PdkKH>e*&Pp` zoqzOkcS`cdZEY41EAJ!$R}-l0P8rJ(60Yi`oQUxm5wqtKgdm`pDJuP)#nA`x7MkdY zP0v7*oMcyUnj*&nD$|hD!%KD9q}SkpIUgnZi7xGK|0JfsjQu`te7fY4?S6vE&hL=_ zN9htw|0pqKW(**wV+7p{nS@8p^Z<|;95Nvr8cKiejQ;M;a2OKyKVcw=$E9vw>UH+B zYL9cvl)0LWysi~D*bzqW>Ox{xd1rTy zT<(7ri?nt^6l)Hg*MQDG;`7Y1eb|r2ias-aYU6WhhUo<-2I+}1H)7x~62==wmLPSY z1P*Ysb-*;39@L1rA<)c#bl4D{D1#0Hg{H@nOw8LHO;}*UzEjZ`ZW%buB;HL!MCfOJ z{`P43Zs%hkqwom8?V^1f{V%=|?IF#fN%jxG?JVC*JF;=iN(L(?@3|d;KquC&JoR%R+$os*IaLI7TsCO?XAWsO zGi#*`gZA|+_-UXWEkBK{O_o#;kA|V8u1l7+_(H*5vjS3Z*R0%?#HQAjrKZZ>;Ol=~ zFxEi3H4;<{jz$8c;AmMnS~Qnf8DCqF;VMUOx7Ay;;`RbD;{z+3C7b9#jf})r7*(R< zs|pmL3${5bDsU_22vZs2GB}0I84wdHGZ*i0V3!>CMulZ40Umor*_GpB8zGY%e`Ulu zmm>ne)$3xgGDe^v?hN^9>Sx=P%(Q>%;%`2&OWsshahtd}uQYpQ=Idi7?jE_FIj{zz zOFG?iG#!7)CFW{%m&ckTWOfg!g(7C;76l$Bj$Q>#7o-8>VhMv|BA87p*BId82Po#8 zQB*-z-Df-oqF*r4b;A6yB#_!0qd@;apOvA1TBnKiLVXMI8037jOtjDJRGWWVb;uGo zSD<`gm^{2<*8=f_4jlTB)y+3&Lf>)wG00p(FQ z^QR;7U?ZJ7(o@EQu7g}s804u9{JI46MsE!ZLrk)nvKpd|j4n^_2o zDa4;82U4#C;lMj5tYolexu1VAt0RF+ml=Q)Kr)&xW7!K;u`#6*^cO_4v6;voM5--< zgs6^j5H}^|Wl2>uC#_{Q3#?8+%Rj$L>GNM+Yk#_=iW~3#{zLj7RBZ^k=P}qS^lvlZ zGB!8PN)md6l31^2GLIKT2Zy90n4Z?CQFJvsrgdKXY&&KU>JjZ{xdpN}bkIQhc z$`}I#gaUNkZG81H1jflO96yNf0Sq5&>O05pL;dH4RPf3zwv*&P^B|XTK~3ERu$}#DcEDd9@Bgt#U68hg`Jao-r0%+P4u}5 z4BI{JTwQi$GjI4$$4q}^Lr2XwH|E_MgiCQ;lghma(VXK}^m!i9H<_@?10bP#7=SPL z1t6L+0e{)V6h|0qc{xOv#97a)0xInlbd%+i3@=BQhFn=pOu+B2%wE!M%Ys=;8X2-+ zE58(5$w6Mo>$P%y-53w#F$9CgLYyjV;2Z~)n(O9yNb9GC&v}19q@)4l!y$Yc{)_-` za-|=-IzNe-QA_bWE&i0f+^+O#CAF~#u(*{Vv&<4ZNuu-n8W({~O)NnR%Mx%QQ_V73 z6i6EUEuVa#*k$UoCS?y_!g*5{j>~@PbW^<1vyUqBnNHNByQF@L`#XSHLA)VUxeVY1 zMU~6la`hvrh`fK(L&}-)=T!$Ysi+}bY1AbzgzH-Rs`nBPn9VV#%i9M5-L9|PkJ{CAxOQBu!9Og ztQ$O{nl!vzT|hflb`b~4jSu$y?}V5_VMb&%eG~4opl^SAHdnD)wE1m3ERf|~_l)vIZO&%#?P>ce4i=LDF;92nysbNROl+m)_Y%vEz ziJpp-DNjIbJ|TP86q3w`L}&{{J2RpQ%jNT3xGs7BmYwK;!&V;BExoz496p&;}|D|D~_DNRw zlP%M@IEKsI!gggWTAANz6{w5vnRtIvfrli@v#|%ewosmIA7aR75>$U&A_?O>i2aetO_~ETu|LNegDuFgZd@nU|6XCb4ghu%$}yMuaeC zgmiFvZ+#zzdZV}k2uf*G^}j5{zv7i6Qe8#7l9b|YdxV)iuSjXf7&=i07a1qV)7WYD7nLr2{{!oDWw^Z&Rq?CYYi+B%-ihrP^ zb5`x}iv|G|NY4!+sLASq^Ysc`ke2A`vS2TZz5yi@M2gAhD(Pm z`N`R8E5Hjyov`T1G%CSxw3jA8-rVTHg9`p-LS`SJ2e3I0F{v(CKKZ%k40A}E>R@#d z4;`TAlej2*K1WaSOS2?us@=oYPw@!RaaHL;nR3bZnJB;IA4Go`8}nx6Yj6Tx@U0G1 zX4AHMBM$+FV>OTvxks1MlnF%45hTy};+HX5xe@;oM5;m^_<2i*6HX;jW+4f62l`4< z1SA#k5QVXTyl}Rw)yQUR7xqZBRjp^Rqf5A2#XQV>cty(U3Uk$qrVKcXWF=G;HSLN-XQ*WFvn|6C@#G_TtRcrEBKM_8wh|d5$y2w-nBylbIk=U-9##Ns28uu{vp` zsMsFSsHoUpRBVp{wy4-1KUh(*JKCurzP{G1xP2(9wG$xEUah^TNlqN`jZ|s-S! zNuRe~(kCuK{IV+gIO%#eIV*+FyP~$wr=qrxXElFCZJ(mHkEh$JYy0ew=g3yuCyE7U zFYOZqFGXpeVAm89(r;dT%D=RaU5mznE=6UZto3=K3fW9z&?rXkqsPS{wj@i3CB^88 zf;I%|VSL{Rp~!pLpXg&O6#Yy2{a>1{%F^I>bT54RSH=1Z@*;FuFpvpB4hESJk^%a% zD9V3Rbk~J%KlHs#p>P=G_dg^!`2YJq{})OQ=%{=Rn18X%5DxwCKOD(vAm~G*hb1Mf z@|*v4lCM{E6@bbZ-k?CO*c-1^?4|#&devM!{Kein_@#T{ZH@UqO21p5F!-Z?RoLHs zfZoBa1&}Mx(6t|ikR7pGW0Z)^gvefthM#}j1Whx52B*M(G3K9W1_q%QD@b^cWHV!e z4gUuyD};7=9Nye52h1>3)9I8XZQ{lH&;kQPmf8T$Z>}-6Y=v*E_8p@`1kw;#JU|i# zBiOxN*-ra_g}t7v4;hq!LY@IQ5bAGBdfFCq2S+fM{vjksLghprqpKGqi1i?Z_XdBz z6ltgr8cs3!7eXGn??NJY*U^VC!JBsiv4p`+H>jyq9AS&O@?>+=7>An5{!Ht++Q zLi10;i3SfD27rthiiK7*ow@C32|a`>5O_gC2lD|g5-Ai=z5LEk|zL1|JgCGHmAPodefE zLn<8F9u_&SGJQb=o?$Ir26Z07o0CDhOcXY3wpxepLV!V~3H4^f6QemL26l1@9xGFJ z=Zd*W%I_$%%h+T^rsEo>OAUVjyr8APqXvjPOxYCv1%*!YW>Fd06ZX6zE>AmTToI@vWB5MpFyDwj@1&CcdC0tROKRR_3*Y9Y+?umbmOU znU@jvfmrl1$hjsmFChGuzvu-J#m_lbu)V4k_$1*u7O)dufcI&T$PFPTYx=cmFFdrW z*qM$9d*$km_r^qzQdA8cb8Uc82CobkRL=uciGyPgWI{*KSY&CAlI`HYl%Xb%vX88xxB=p~0S!<~0|XQR000O8R(Q*?4YvplR(Q);pCY@UUs3=7ER)d)8h>eb z+c>i5_x=?)n){BEo5))2*ts+FB5$$0+wz*Ek1j<*5-p09xky&}_Brpjyr1@d$pgSe zTtE_}sKp6A-95I1r2teFstUFI^#=fj|Iqk89CC%vpwQR#k@mS%GC$cIax&M0Ln!N; z+)qP=o4hi#zSBz8a%Hzzt{2Odl79e4k}}2ZZsBkwaXQ?5))e_4g^zfAUXgY5)jd=- zQIYX9mCZ8#pZWC=>YTvoc>cf8-{=$0(EEyt8{R-(Q3WV~BSS~?gDVvdMW})%8nLHx zIvP&{MW7j@k)rBfRI7QHw8qeqDF_Th44#GuZ7Gt0djj187IYOA_@`=;^yvuVc{E)W<(>rrUZ^OaLAj^*(U%qHQvr54L(=a# z$soPHt58!6m4{zd#TdPNziChLr)wntmRTcdyef_?a0(ZS4h#(nA3?{^feayDoUVWo zr)hvwhecfu*@$8v3BommY!D*?#u~gZ8&LGI1b=z_+s4NkqP*L% zzu$QO{?C|2yVn}Nrcmr+S?hy67myKz1nqyW=8;DDY5&<=qJljs&@6JH)Hpqt?@BegK*#~lgfTyts zhi3g9T)d~|a30ja{(rtH;IF*!Rkq7p+qIqTdUb1Od(-}|ZGPDnt*P3YwL{KafyvFm z-3yz2<67O#QM1SiLh(@6RjzqZ)F5xDXog}BGlC)_I+GKS|i9~?5wysi<=)f)V}fl<3?!)L(AHPrmTs*zOI!vKF0Mfj-=woM?)50 z3}|wLcP_XoTZaI5f$ofT<7`S`kA@C>mm_H2x18jF=x`IfWg%d?sMiL_k_WC-MKE~h zNUhcC+yHu(;eV!;k6UHD?v0P=R5r*jz+8UIT)s6%Xm`@}$^ye2Aa2LZSt$5mqr7)h zF>WI$x+1z?ZTwb6Z7}uFZ$t|>=|&Iar`qt=;RIWaBiL#Jkm;QxX|+nF)oNz6T4kZt z>Kf8&)r(f4v{PMM+Ns9VPBln768aY10h}xpHEs+&RDVPL&P^|2o&A(TYZp!ZoN#9W@r}sI4J&)EKFwwzkw!i>HoSkUBKTseHdk&R0Q)?;#KR zmu~t9?d~TKYC{(?+BkAJ9O=``&NEVc$S_#xf4A}1->#+|iIWGKg|es<58rKc(7Mh4 zgi~ET?tf;gv#p!nFOux)RI;mQMs{@;va7El+0_}zuD-TpSC1#VdMMe!SG0#n{-sf! z_d5#F1v-b&oTptld2Gdz#}*TS^lp*Vu|=hht<0!ni-kJ2){r{37^!1xZK-1`o;tRI z)Uj`9x-vwA$mkkS)MB|)4WchdJi!)a;TGD(Nh z(l*;_==~yzX`2F-AJ?~+f$I{V2-mk6aeX@lu1kDsTqm5SF&b&UgJQt_?RebxFWR2p zzvvWe*3#3r{hAS6W1uadeQPbwTAO3fbxhu9HQ&jC19tfHNaK)$Us`FTDq~SV^OUTu zvVT!ro0+e7|gZ6zGT2e)cdn{wSTdBqQGr)CsPbLQMS*@Gx_45Bb|AI&yqBZ znwk0j^meDb20Gu_+hM&^c)z8*?yy_LU4!@@f;?aU?fUC)57@zX8s{r(c8hDeo>{&- zPh>WLK8$s**CoEWx7r%ASoIEA(u|ISZTO~g|NZX$ru)yPfUdb2FPYKB1MHM+!hgkM zxQ;PM*+o&7MA^JEO@tB}BT*|6jN%0UIb%j21m87-`%6maPyjqnk719#SVxxsj2zZs zhaoH^ysOXdpVshC-EG;%giu5bUNH7gfLwwXj!&fs5{Lgf!MtG$@rGbaXaBy3W3+z{ z{ddWCHjJYTqjS9=C6aIYq98!IXn#Mz+MLYeMG;(1u%mNU_A%37ouR^p_sjz4My8-& zh|bsFLli+wr!#W#;SQDi_)!S|{22fz3E%WE+c0 zjx$NN^GAFe37a#E5L1??SPgmLv^LP)!j<>6*q^;KGbka47 zLRCX1&t7tuw885%wU;tT3c3hG@&62ZBY(DM!kVt!?p(EXoOgPXq!L7 zc0H6u*yoAF#@TH(A4lmZ!ZeOceEFha|E^6!T7@sT%e#%QP;cMijejb(_xq3^w8d^) z??a0YUPVpUXuG!Y{(pbp5QUAv<;t*rEMh2{9tZC1LWyT;whZ>gErPkPq>cCAH*5j@ z&+jgoyBWELD5{NG-;BYJl!z;Z+^xi&vrrnNE4W06Lo0px3(DAU^6sX&uM81Zqs#i8 zb=U3TW5c^2&p|i-e1HFUX$XfMEJXZ=3cFzo4Pg*;unQ?sW_}89c7uGyyuI4axwl1= z-ep6Q+8iQz{0GDq-B?05c%JyUt~sgyKD5(=2}pY9YD|%uiV`zMp4e&W1+*AYXiFHxAh3L4OCa(WLj*_C}l)8)}nw zHab!OkDP#*rYv*Vm%l8#h&GbMAm{W;dK-U!1RGxvnwQOAK7v?YYi<%|u#p51xg$O^ zDPpPMJ28e@=K}0=0Uv;QuE050U;^+b;I!a(WDsZTh^O{u3aK%aOEGe5tcP-v_!CQH zEO@yR1`Q>RW`ALIwP2yW6x4_4j!n%-Ols`JHW#^h2riz)=2OnXXa!LT89xg`h`g|p zBi8Fkg_;(31s6DCRER?SIEJaji327)F9s(CZKc$;%fRx(|(J(>$yKL^XT_YlcI)4GVyOffhx9YCwH1KBHChUuBbP!xy)q_&!=i)|bc3YiSH z;nwFY87G@{nPEnXNhN-AiXnON0umWXBocd4F39q$%Fz=7Wo&6@L@#%BE(X)b@QT6Zde&laMz-=f#p7%|Mpx(0l}pRHw49sl=aAWF;OxL*&9b$c1&^n7I{wz0`+aUXZVr%gF?J%BR84DAUIWYqEuEI=-FZKIvviK(y@Y z4i+c`g2d;J?2Xudo|1(ie$2=rMQaIboqu~^5oq>D)ZacNWC*_Z9X3Po{Z6s`iI&U7 z=^@W`##sg9$HkGOb%hb77!0m&`!ho@(Z3*SIQ2*}q|f+(nbY|=IpTR<7Fub?tZ+Vm7hn#IpzJBV=l-=>B&u1blr=$pV6=Cqv%8k%r zrPeQKI|U4wV6@64Bn7f%b_2JN8^!<^TZqBe5g|RvRe8m!x=hJIL>eJ>ij8@*q!{KT zo54v+lzoV1U9P`8X+P-IE-aXJDSu^BC4ZR8ZC})YO(xj3p#ct{bs&x~6p`lam^e5Y zShM(y8=K%3VM7n176L%X1O?Hm7D5WGfDQzG^cD7b6lKs=BuSY7W8_S#0YwE?1e5>4 zvw+#!-3aXhycJEelCS`J2C&m2t*zdo9?s2+-k*FVt4Z#xbUWE}j|+&d2Z z=DEXLCL zdjfBMNg9ZO!WuqE#q?bh$PjQm?e*LtOfsBBer;UuQ z%i`+)hB8K4-E5)c%8^MJ<`PGFeoE&2l&-I9Yrb@G6tnnR)Z%M-a(~V|IcJ`nbMYqp zxn_uC_<2H58YFo_PzpqOLeR*LNgre5JV^8On`zT;I(}h|gSO58+A{{|aRgFn-d%WRzHD3^v&!GMZ>qwxxkWs$0HM%! z8SUq%l}zY$b-vF_PJdgA*V`20voF~Wv-9sRLvq`w%uDN<_;%Txf;siApH)~UseKpC zWkTP1;#$U?`t@$f^}HkV#I>YRp13woT$?AZO}Lgkac!Qsb_PX;M3N`2bw~)68Gxo0J zfYT86`X6~M%OhvmqKuK?cT3w`U2xiFO1do4GeNG%upzQb+Z;ASp0+tp+x%wJHZvzR zjLz6>4S(bIwFOGoDmEoRoQ@f6^brdpcFhgYnc8Wb^IXf`wt24QJlFCnaxGWsb0o~Q z%*0O8r&;y`nIO%wziWa!{|`4-z2P*=p1hoSnq|T@oMk0Qvn-*#HAY2F7K$1-hQCRI z=~%o8lr_BCN@W#46P-~RiCrYl2BEmYJbK!5qV7RyDXrNu%O_&!t|vnKW+8MzLT z_@wtCkZ|5gz>P+Lw_yO2zR33hLf5W>WiG$GyRQs~hHO3BZh{Nch?Ayf*pYya9PsAt z+eLyJ2wx+!;K`iC+CC0vC8jtKm1sJoOVYH{4NNR(D-rofQ(fdWd=|VSNo33@0HS*? zFn|3uh_<GU?(^pNww@+%n8O%aemAhF0G~A}EKpu4N_0j^7j(OEf)KbI=qG zyte3QRLC=CuV2ROSj!Yf7JRuOp53xD70(>(XeNj}pYc-j8HYG@nxcZ^hl7Z+?NDXg zl%Q>rt=-Zhq@ZHE&eM8<1q(JAWf{-&j-cpM`rtI%$0(9`IvUi2tvHB-*yX zO|=v&DOT#S;5FquoAmOtNz)EEiC2h-O|CE^(gpv-Iin<@qa?uPd9I^oSbUyq6%v-k zNo|u`wePF#BKf_I{@`a{V-be9F)A`_qyHN!s_9nC#JZQ9;I=DDaZdJDJ5|%$f`2lR zC51y=yxr5Sq=8sr;`9T{xcrV2gabr&?+l&4P$ut?#3y#&nW>-xDFtctiqi_>)K~Al z!gCbw#$qMg(8S&`ML)&!^P(VZ%#(-^$;lX1S#kr<=kfi9lKna=j;-97*6lS-{X4Ff zW@M|COq9tcsVOz(QxEDk?}%}=W`B)-$%ZH8A}oP4mIHXb!JXQ*cH2 zWPpN6r;nAX3SVOPnrW!$Gf1QlV5wfJsdNQ%xSHPg<=*C{qacUs=dUfG@8sS}J3;*8^vkJGRuQu9OA|r+9a6Y~I_$Dz??XQsKB7I`v;)Uz($NW~i0wSYWZGj$U`_}fBx`~@**Mqxae(Dtzu z#I_U!L9b!6l{jTH&n4_@m1~>1wwY_2xwh&3$yVFMtlL&Mt#t#;xq+K==Q=29mFu9P z@Z>ruGn}~&>H{vcbQu7BqGXRd!n!j~fP@ax5stq6^(!hNQM-gs8>zm<9+YvgCKQTY5lUv>^S^98I3n&~?VS3#$Qa#r zWlg>Nxsg~xP-_cGaY+eLU0UYckRXd_Zjnj;RiQ!N@%R)3ltVG*p&_elWjT)9=l({xZ$S_ZQ^nep~^a6KjOYeq>|tweT| zWCeXuK(ttFVS1FIWGD7eG{CJ z`l+VFVMEizo*a~ZgQEtr@_sV2@&*rpp5My(dg*u3l31K?UVpFFu#7axR{jdc^vJ1i z-mK`Iqp%lGsB>4FQ6Jyxwah<0gh4bQKkJ4Hf;Z0`uA+t;o%*i2)CD#HpbQUkp(b>1nVL z^bnX<7FQzA(Bzw-kNwv!uKl;j~s4GQu-bGge6kpX%e-?Lacs+1( z;L^^6Jb%xCS)SaF0A01_0vsGe`%e;D_sCMw*0_XMf)41^HI1OoW;8r`Qu{oqJzG-y zq-&#^X=Z0*V+y*}Mv5rw7O;sIYi^QY`!qp$Yz~JOCL`WxfwT!)x@z!*H7H$^lUiIM z$)gp>lm9O_`G1W*N5bU)F?V|UwEuqa5~Th2cYjTwko@7sr#GDTzn-W4&m`@?hU6E% zUnEZe3R>N7lJ~#vSI#rf`%m52`4ay-CKwDykrM=`B8g_iyW+WM_jm;bx8x)*Y$PX0~+?n z>_a_j9|G4W$V)qfvh4(=9a4B`1YQ@B)U*}zx|qmoWK}L8_p!!~CHQSD!f%4{uFl?b zBJ^_3bSjp+nd+R8_@OW_Te22qOB5AJ8-LYv{T#O%AR;|rI0af3!+M{&1njzc3NA|f?ObH1oT zTTL6t%0zDa1O@Up-DS$^ZU-;fiBS^o;s%b!Bcp_ektK^p4IttlF;W8E(kvbJOLnSx7~A_d+#FGs}ViGSxb7@c{i zFk5OA@&aG1DMfqRcpr|}6g}NDHfuFA@<^ProS7SZnsT?1WsxyS9E#Z2YAZA}e+>hM zsrKIW3=($N|1u9V8=i55IKUxCSj9Qg3EMK9Af-%bo7`~UuYY&&y)(pn+L0nQ;h+vY}MV(EvB7Z<+mG@PZ~5_LF4WHb-XL^I8pEFmRO8n6NfDK zMDZt1(?QO(t#m!8g4e#DlJ=2Bfoa(Raqck}IHLzb3~lW061#FH)_>qq(+xR7l#j?c z$VlZv^jVoP6Si#4*+cfunKh$Z`qdja)Al=a_uju@8qNA9Wt9-; zCdy_v{5};myskKsV}F^3G_>j88Q-Gz$h~8d-O2FjNuP9QB!AM@W&x4%PVAJC3?b&K zj>~5loy{1518>$ z;-B!c?DkJ=`pU@fqsC`T4B70)nC!d``9BI5aPp%7ieLy4r+)*YZiY;vqXr!aWk5nE z6hp&_nepG9DG5U&{wDyDcvRZurCw*hs`fayOqr?4$n9D&x48)2c~lv6iT54-S?Dd? zbxB@VoI#@Rxe&27zvJjlv$*4uXm|d>GCV^3lizJ?eYgEW))Z)C>x|=0p+DQJI|WpE;!E)U1^;4BFE#=cm4Qto$^zu2@_#I~InPxTaXz z!U;KdO@9kW&Rx@TR~nmISC*P6dxNKU&RBiz)<{szIT{U+oTH`XXyII9WqfTxhN}#{ z-BxeWirNdzjQ6cuPPitU9`Ro%C7nr*$A8Dgi9mJxf~M!see2dft3*g1$AfWPgB3zuB4{b8UAJy zyW~!F6}5?r^GdTu`N3-#VOk%E9cX_NiLZtwtu4CqpB!R@<7&-d;`m7B7 zlYcr*tQYEAhzGFq%`(wGwNq_k)gevXT#oX-VY2XwT?@qbJ8%%)NsU0?wmu=1<4u!G$_^B&Uo8T?d(@FvwCH_P>Gf5`uXs|{iIJV2~M|1twEBXi@dB%wzjiS>FW^LW8@a6l_y>1vG|g@0F~ zbDG)DK*XVk_-x!9MRR<+hf~<^sEGEeNH9ReD8Sa;##awR08Vz{=s`RWVB}aMU%;XV z!>=1EF27V*L1LV29yXHZ-C7`5TtA=fg>yvq+^arrNFt~IMgH4HDxGQ4`j?fmDrb)% zXOB61O!9dcd(8M1c24ejYby>c(SPSAFkJhjb$QWN%)H^h95Yo69XEfsG4Ix3T#DkF zOzuUP<{Y=8FY}1L@q|_EK^fP>fI_h=LdlE?_{%1yD8g9F%OSiZ&U#)INNF$On=G4T zcp17hWXfV90)BsI_L6K{7R*|b$dEZ(`K{PW2J%8yua)cT#<;Hx5g05M;(tV01LruX z#9TMaLs~yAe9i-+B@Lh-4&~F}XB2qjEB&z5`H9VpT8QRp(WmU@c7@L?sf|T}WmX9? z%`B0V#5%vPaS_PG#NxNGECCl%)huI0fw;ln^2z&(T_!$jTK4cIoHujfxb&yaHpLq~ z`>-OP$wWQ2OX`oPzkQhH$A242l}jI9FjTqRDV9IcipV=Xf&*JD3o}y1_%LNu$ek258I5F5*DB@qf|2|D6z1B+N*h zroThGEb8xEn>(^vG=(}D7RfL)DJB+45TNK>ECDNQd}-%=za)B@|At&PvXL}*}RG`*LnIJkRvG;1YV{+&G5x5l7^P}Eg+;<33hR+E~8(mjSzPo;6_fBW^kEd{$s%`#|f5_gstg7Zfkw5>Ci+~~Do82rtgx+pJOB;eA0JnWbgANR4 zN;~Yk*?~ZmHJw9ZrU3r)Kg~o1()2(76MciT3fkXdzfCiETX#m;^lvfdz;`3T@&T}} zggUOqU8&qw>VKcBTc6A2Z~k6ZZF;{6vfymHolwG`yulYnj5KEnavHoqt!V>Nn7WH+ zR;Y!(XLx4$HUYZ}rL7z?vAG&w|3DkR2{phw;^41D!f&1njju(+-4HM(c=c$&X@HwK zbP$hUgN%<_T3j0=*O1fsKDe)Kg8e@B6an`Ag(Vv7e}CTJQ+QJ#L*O?4@Im_y+^$!dZ@zM0t> z=_beM4f5rSamoMK6)Zvluut41C7&hJLr1eSb#99=QQt2ixbPbbg3~DV(|y-tAyINl zRxsm+$q-`3yp&WhseLnqEm49uDufXuB!km^>w7TN9mVBCP)4Jw_hlja6|WeQ>MG=w zq<;`?+oR0vdPPb)7mGQ`J0tDwBI&GdQ~0{R(Zs*Z`WDp=uF5sB-})cEBek{O5#Nht z#2(b5_MjHM2laK`gRqyoh<&I>?E}TcRtSa0Z42FS-fivVdsbsaiW~Buk;6K|VTeE# z-gPF!1>cT`k%HWVTacq}y=*g!P_}K)7Jt+~87$bo{DTY+7)WT^LPAs2!$mmLTigqU zWdfmS_i(_%yb1@#Xlt?n)Pen!2hWL|kfLW5>(5d{gGkoO`!H3)KJ@B`0tEpvcM;P}6K7Q;C?B0#5mqx)?hT zb_5f?fmTl7NIX|rTA_Ab6}}i&g5kmeM}Km*+KT8xQO6v9G7U>G9PXtFu{Sq<@L+;} znUL8B=mKocLyW5nmQ8-HIl~;1raD+%#6t_}*(5GXpU=@%{L(CmnrQb(^?y?`LU>$N zvQVZ>@_ok2Z`lVCM#j8Z`5K%+7jmmZ6}+>p-q=F`@SFx?BKO!*ngU?X#S8R8+&nvcrykh$=UI;U<*bedvob=Xjs{-d6t=OKI7ycEwYJbk$Xn^F*?H4L9 z9K+WbJ^nrYa*pO}$I8({+)}*kjMj*SmnHP(p-#%wIcKbC0m&I_TE*jpZ=_1wuUeBlFUag3^o=0nn=Y-n1_hb(va`P`W#naNV`j}u zywL{DOT6VJ-a=dFC4b(2_Y!Y;?WNd_TQn2RYcHAmkk?*Hv+Omiy_A>qA%o^6eF6>g zl0LsgagV&DPhQd|FX@w)^vO&5MXFD(LlSyeG z^KIW!$rQC%E+RGO*RSof?bj9}Yx_9clccy0b!RC_@4cC31K)>AiqsPglkiMnfCCLE zZ(?yEiQ-*oL4S2D^6*d=Mv5rYK7sHO_z2bfYyhM0M3SB0nlvC z4xqW9_I;JQiTLwG`)CcszLluM@~WEztq^6Y-Q!uK1q-HYc&Tt}2dYumz8IuS?l5HlrC$t3J65;5`>{&7Tp zXbqWfe1GSvhotlg(r0;u-Wt|MnT%*J#yQ7=C`-8^L{4Pbb^lLw560U zZl7wG2ZQbF^3BoBKxnq^Mz{Az_Ye1#{(rZJ;l<$F!#A1xD!uTvn~ER{b@=##w)Wv` zzb>ALqtjdI!PM=4o55v*6IC@b}f9husRsEB=WoTyyujh|nUw58Qrux}! z<>K+7vitn4Y8;F854X~m(N(sg`nof|D(`kXwGUVFwz)rOPbP=<{+LS+-Je6eKY#nE z(ZODWH}~iIq(<7l9v<$s4qx~BCwq6-LZ81m7tfW$=F#EljnX;Z+i#u!yc;*}pX9Tf z{r=P7;_^`1xgmQrL_0P*eZH$+{OoOA4lWLF?!Fzj4yDt(%FX?~Bs@LbkDkAMy&rz7 z_D7t2Q5GJ*)!?zT-BT_P`%m1l*nb?J4n~)E(l_pLcrxUam&?J3xahV z>FG(hM2CGW@d(W6iS+aIjK3FT@$vOx=N_Jnk4mCiSGot)N$aw%Kb7`hY8Ud}SLNYm zBsUMbm#s_X>3OeSKjKQ0pF7`>6ma(8#CV1c;fA|BooL-XNrkP6rksnl=Be^}wzc*3 z{JC6Le?Gr%jXn%Nd@YH>&VT*WnS8tTsdm#jo1ArCyWb?4yBIYqr>8F;I=#X1793w) z?{ejY+RDt*0r9q7Af+)r88_bX@hPPKeIfc($P!I_~{KYW|Ct}oAbcka=a++S^v z(H8IMyTbUvuZm6p0E9e=lHgMsMl|rTY@e=H>L=eIjMWv(uHdE>P4w(>L*zq_tg3p zJia=<-x}#Ucf-j~`pe+9wcR~=xe#{_h5CzXbf)svRJ%5ApD+1_tUrE}ANBLc+pW&d z_A|HtDxMrlm96a$cYpo839rkIEp_Ym_|xTB?A~*a@|hr4N`XH*}n{3k*A`Dyod@97@h|MwSHQh)8kL#fng2t#;q`)Zut zD-{l^yRf$1-8m4>KZxBU{<#11^`hP#l%F3uFXis7&Wjglt9kLfcB)+tI*s07XQ$JB zP`^q)w-4$Nsr5B~qkgY0q~{e${H1)0(D~(cRsj>{MSzN6!a)=UdI%`QC6m6tC+0 zA5J^_ojd({yo0WX$D42J^WDvnqFwxak~%l&2)~_Nm$&t=FVc;6@_3+XUmG{C_lTT! z_O6b;Dt{mLN=FaRRk=T`?c8juFRkjiff&Zs%lX;u_07%Aq*)n{`Q~eLN8dTzyMMZD z@yA=YFWN!>ihCX3?^d_BRYTpbedumIp3Bet{inkgI}z)~!@DSncY~)3Q7{ z+3B3VNW;tF^r`XnwyKKtua&F%4LrTt+c7lxMt?XhKi-|3y`1h0b}qLccE<&qhVXd<}Hd>dvM@Qf4SG8@PJF5=19!ooo#vS+cv&IcxUTUIJE$!@o+dA&R=J@bM zg&$6CRYM!q#qrgC(>S|Q8^ZJlvP%&W%v{ za6f+iR=+q^FIxRuVpPmnP4r&)i zN8O7piMwc>it1_Q=l0cEXF8hlvQX1M+>~|)|DwK}PdJd%RCSBX#n zoTttt@9MNCPu921pipeTMH0!idHVyk=7vN_79f6-o5`@V$58Df5qUd`-UnE|SAV7u zi`QrX`)O1|g0u2N78H_R^S-X^vhXd3!Zz<-H&psu|)4alx6Mrg+ktS4xIc!m9t8zk2fIIxrF zk##$&HLxpp(v$~+3nYVgbT~I)s5actzIK#U zfo_bY6EIexuI%8Ucylf3LoE0a!8hi9(%`1n-oYoV8N>9twQ1KtbTr=(Xnz+XVqiRl zUL@N*8;X*nxQMkdp8-!Bhfjt!il}CUFmgEL)T!5o3QP+pD3V_Q`fau_fE8@Q`V<*4 z85Q8nCZ-celxw?>TifH3C@n;cwDCEhjUX>}MIJF|o$xb*M2$sGQC2ff-xK=IpS~_X1L;MU=;iG=@T$7*CxxIi*+~lhKQBwnS88^-V=PR^JZES(&0|%)!{>B2`Qx z%9{1?gAXjx>c~uK&%)}S=0tomr#KgDggH*f8o}DjsEX4uBY&i3E1pqYEN1qKd|NJm zCja>Tj+uwef&saIn3<6W3NJFR%RV2D6?uvkWJE`JOQ3*LmKohHRB>KE52Yb4cw!*c z2%9h(M$bUhh>wY+B{n3IAW(FPW0*rCYE_U*4{CKV6eS5uY*?YfkF|;+>(ob6rX{S& znZ{L^kLjQJaeqSlIN$cZ%5+CW#@>q|lDEC1BNg%@Q=!7pAu`|Ap(5+y*{oy6S&wbi z(9Pdocg`-FcK8YGU~n-{Cf|Xxv;B{jTr0paloTZCc2s4eSrH*a1??>?Vk0T3vL+(l z-$Ru7*15K(bD?p34Bc~CCl(4#SEB60F})YG!8^rT<$tzX`@FS_{(0jYY;DoHZ17%m zVS<=}GT+j~eUkP_);{48W+wdRA_pSHniJ{>tF*0}M7#MAm;Mkd7jQWeMOwjqzc znhrS$-9W^7*+83yruI+l(sDJ3QA$BYmeFp3JmVO9xUUW-76PzAou}6Yu$WMg*MC>%m zU2Z5!EHyG+eI4HcyQ+^hNP@-sSt1z#vqW2DH#GBQ4ske@<8{*?G@(m@4Q>{vdjo|t zY=6dTnX1M59;|gw;kzT@yI$CQ^7ZXcHGfX1@?}^?-|@Mc68mGb{gk}Mk04jhFgC-V z&uMJAOgaT>y3z8CIN2rZo(;k!;3lh)DpZc-giMcE4VeTC4HbD75;F_)F`pZqFL3Ha zq~szLT)Mb-tBfk;@?f8UdSwBWNa|ej`Pj-(N=bg!KfMrdxsYS2FwJP0oLhNYg@3)5 zFO$h+v!^IMDLM*?GFB$X#?+3bReYPc7IV~DkJ`0DyPkio>2L$n@TrN z&wL$ml1R%ftCDKZ({Q?EWzamaf0~{7>`xNwfl)X>lnbW^mCqp^B6#|_A!8qjzhBw6DN2qok^Z9G9&%d#GbVvR(~Me)RSZ= zlA4p4v!~$F75oq0kuZKm<%u~O@SFytD|tGDLfII`pp2_^X7i%4_N`0{;GL70el`Zf z5E10ynk9v-?v~QC+vxekbq4*aVDs{%czqCi2e>B*iB~emz*3+_OEVe1#SOZL+EJj5Zh&KAI`G*k5W-w-dVA)y*X{)plt&KWxWVA$lCX#? zSTkE$X58aQO<Bce}5v6{*~Lx?&n(d zb9LuKx%##1jnoinj5F^*mVTv-QjAo;cQ`at6WZW*P9b2mBcD+lTc8U6ULm(M^y;7e^^dR>2@`k{HQL? zZfQ=+bWzYue{m(jIDd1BzHoZ-Q+POe`Sx&8Za$9;;o(&~+dt7dRbkW-o7>IjyXyJD z_2m5ddh7i8?zJgS#HYvmGWT_N$~}(y!dGeBk#>K6dpxOf4;NDNSrNZgcgNqVuhQA@ zV%%w+?4}l-6CCQ|%+9Ga^`+#I;edn%b4rF2e=Y&5yqLgX34bCJu8%5DqN|fD@uXK8 zI=pZ(O1#VSWR6M41FLHyhtHPXPLhg*YDqB%m`C+=BRACwxi+fkyqX`Dguj?{x>WTq z6Qr@-IEnc;DZ-qy*^XUZ6Cg`M1GO8zUn&t)icAkF%`4_~{-lCEOtp!J$>cE}zrrUb zEHcQFz0>g~rGGpjvcYp75Ke7EO#jP1BFy|K#Zx1@zd08P20kj|L~SXxkPFl|kqY5M z0aJ@{Jl<8)jRxlf<{=btavU=&Z9?|>D=H{SM6ShYD7j;d|GV5VhWzA?F(Cjf!PjJ5 z{nb)U-&cRLY}3^8fu6B*XA`jY&L+Qc!s(VlO35vHFMsU~G*^;eN$Ibo<@;(@Q|)<% z_b263dRYt?#)WQ7!I2#!E?P!w3#)yl0AnUhGHH^DNm~t}ios$4N@|sM>0oG67eUjR z$XSjcyu<_N6(P06Zq5C0n$#h_dlRAqs zFBw9V6_dp?mL&kwdN+)2)0z%DiWJ@EZiM!4pVOjEuSi{*urxatU!f4+tf8MlPSbbx z`y5Vg5v{q++E=PcJ8UQHP_4T%5^Ho8K1JA)|m z)ta^bvcZ>3u2IvC_Z;dRHdHN>N*SwNBzBI?gy7h7zh*Pt(l{1FO3aKn7F(iww&0$^ zG=Dxx9#bBBghP>39T~8b$;Kp1RiDkA44KwfLuU*b%2xvzL-gHBI5nHHlet92#RfD1 z{t^N0BtNDsA`p`3x4!g()nXa_vvXUi;7Ehor_J51%7=0VM;k1Qv$8_FFY4t;#ubWT zix>9y?bNAuUY7$>A9AVanXEiuctJqkQP(_)n(%+XP9B}bvmV!K%&cO`mUHV)`on3g zxu&wxQ`ih|5h=3ZYabz{mHW`0!H5m~?6d>Muw&K?S1d*r(vHE>RntUWxY6qjNe ze~f>oqcE;v8g0Xk2~l6T{?CvEEg0#HJ7HHo#HIVn#Lj`H_eqX3C*N7j{mP_xq)J_e zd!3tg_WT_euX|)7Y$C7`FCU89QVn+;68pxY8vC;G2F+XuMMnl=C+%e^;P4fPqMPnP z?S;tiSwQI|&K9Mm?25vSTJz1)c6`v6FdctBs-KFyl(`I!UoW-Tyh@j<49Dg#$%ufF zsKDk)vkJ=X>w2u^#-696C`bv3@Z?(uizV^IVxB2}Nf}|cA?xaNUlHIrHyWYEougl) z-Vn0Cl%-LhtL`W88ky%5$ZWM`&Bo8RcPVCmQ5#9z^kPXEohjvHgU+sC6i<$u0~M`WQSWzC=*pMTNpeO^hpZh=-hi$j+oAterEpD@=TZ?Sp3+jQr0q`6UkF(IiP>yGD)0n zyB%1k#}EnPOuF!V@NAj^X`42aY(m6fOasGSem(j8YmBvR^0tkO>>4scxD2Ku$peE+;Zar>7xje5R;*2o?mesPlR&|RlImuK0=PIiAr z9*ZNlDqY9hEi-W-`y)zFy(fQ3u~=4jTGE!$rIxg1cdIo)W_GP5&Dq^+N%Isgw(fq3 z+-yA^lepS?IwoLUBIdx`#_K=#46n~84UID&wzHiTY`TCF`nundBP#? z3OGSfp{7An*Gw|=5H34XCQz2#gso`7X3{IA&_kRXeIn61HPS}sTU{KEv{^D`QwtK1 z{lo@lmR#gv=wrv<+hyZO&dU`dQOG+s0nW?|zK&<8^|`nV#j_(k<}|$FFg?xpT_da` z>EqzT)^Vdk0L1`vYr}sFSjzDvMx*#aGkj7kw0@raOMxVu|F$(z>PlJ%nfytI24(Kk3?CAz3}|=F^|10MMJa6(KFYx za`==X-y}2lA3&Tx8P^F}O(L!}N*5 zShF^IfOy;5e3ERAiGfRO<6M~CY9aQe_)L$P&mEifaRD>3W`N9mYQ}7kna>-a88Z2l znRCmf*L7Lzq#vT(RXH?(!RrZ9A7-BPBQB4mXZF?Ljii6@OsO~*cE_6DbIYb_YuY$b zcTw|Jmpw0UO3BNe)67AcWZFeNSTm>k3_z6S>oao-(1k+5o*HzaV6dkQT__lD*CSx0 zXgVjg8LA$W=2=oUuF|{oNq@eD>vU%C(dwKSJe9&*zb2+o~&TF>O zSNcoWYKnr+OHlD{x>u(#j30*>P1Ar_n%ow>^N zlHwoM_3R@UO6oX=CB`_s!EH?%%dqq~hQ(D2cq{h(w~;YP@2i+{>eHHV1+UJc?IRXf^uF# zIW0R$?yJ8HKm8T5lXc1Ik&TT==0$uSHxN5+u0;VoHn-+1gbiMib)5U8jTnhIhV6uv zq~@wS>dd{8N&8~2-&RF!kjRLX2@F=A9~^$rQ(_$xGV+r$QwyB5^W)tvwNnWOK8bMR5O`UQw)`dZJXyI$!NWC zTN^3zazkUub-oltUIE=yQtCKJVnQZ8FAQj~!)`n9cImYk5_v3t>C zkxv?Z6ADl!=w^999mUy2ve!qJV(ZTI?JJuNw*rH4(BLYloJ26J3)y)R$fYB?Ob+GB za-_h;+Y%f`syS>1zw{?N$ANfVPTzmC>uYfOtGjxU_GCz_h?AusObhWr2?n+Wfw;xC#%w6~F%S658grj**}* z#*()MvB#zU2uH{PeWC!~iG#qAI(i=hGCCgIiQ8Fjn5AoVV@@)dEDV%7uQq@1fYZz+ z0X*b#mois*f>~Y`J7Nk7pfe?Bl>B7!(kXfAl)Q9`1KV#~Iz{E=K?-Kn0JtN9j+FUU zCV*FlL!8zFhxj_IR%D2HV`dwLTV+%!mk0Y~rYlDUWY|#D^IVi91iQa;OyAhkT6J)L zw+l(Eku+_SON~_onag{Xly!ek8nt&SD-+qQ2(N*zqME3p5s_`#p?M2a;-fq{)-JhU zgl@b<*%`5GMKe^`#t$X&F)mE(qHqDnP(8#W!#J4;-54hCifd=Gjwr;4N#rB2Fd?v|kvVR0 zM8+*G2KarG7e?toLBJc$|2hbL!J?vF;4^c51V6r z|BkR9-74=~^y5rk#H}{of7~d|plw;4!2xySqcy??F6hQLMk8(C&~#$5T7#v)&EMCcbdMr``U zKxU@wmS#=X6sTOCLhM!=i?CIM!FQ#?p$Jvb#E&;t(lt7)B%?q8Q1U4=jG8gRu~kWd zY?_aqzbNw}A zj;_5!)W{FG9y|?4L%Yd6oeCUevcC6Hf!*1@2dF(S2 z@@ARRFa;N}yPmQ$5uXcW;pV7W^t0S@5%GV@G*_x37d#q?bhFugzA$Yvpz zO@Z^=p*DYrCN9hvNAL=*70Y$n73wZNRQQf=9&`%W*6Y4E?I!N^hh1XsT?yb-1S@Ap zPCvTDGyKBH=t!d0hw4Fe-w;0Mwv8R@L&E3&Ir{fMkpid4y?b23inrl^Qi(DWfAqCXS|L;+xC(nTa- z<&aci&yYA(nu4Jsi-^OMy_ju|;7JsRSD|wQH0W>$1rblmnF}H*b4j}OY;Miu@u;?D?is}$|#%ay~PIDH94euI_gZBZzI6;5Fy}97T zcupChPBVhe;a4_FAcl6J@Wv2*ZsziL zUUTe`FoTagSUm ztm`o;qv+59BP3Qgn_@_>%>XF3(-HCOT-Fk6>ou zIYej{4!7=Z#G+I-aSVbF!sEQ-!fOkJ$(7LBLUJG?&a+`3UTO4&A!G z-ii=oEa8g4ZcA7gO1ytclLv7f#n36Y9+7MQCtP0h4Cx4Mg2K~=cev6_IE+vWBNTve zmCgpi-!NXIW9`YCD#t&?VGn33@7fZTn{1j)8dIk=PB_1|ST#C!WyYpWvftFk2#b*9 zBItcI!Kba!EBdn!F_k%g|C>!457qQN7DT2VR2y8h?Jb$jEwO*C&259B+SbzB)R=8) zZW!pcv*b3j#I~|X8(BKr*xw%Ic6J^37iaQxvh#(;#esKbq!J?}7lY4BfmZ?>jcnc) zG>M1fI5r2x2nsZ_GNW~-5-^>{y?D&KmT;M6j%8Grz6_f9G{*vJOJ4w0Ses)7^;NCF zBR9^mfUVREV19ooidhiV>O04Zwu38*wf2+ZGgqd)@W2cOw_YH3i{)+ijfvj?nHoCg zS|6kIUl}t{UCsfvj|_!5n|ZDMqXH6GVJfFZq{*ugDgH>}(M{`+Z!Zh9C>Phx*oJGz z?CZR=TF<0Zi*fuTD+m(+>=VN?lWiy<>2hS4A!>jB@%IuR{~u6G0Rj{Q6aWAK2mn@i h%ae>-LJd}U%UGWxyP#iE001nL+gmmUNLv5^0064-^ Date: Thu, 20 Jun 2024 14:56:32 +0200 Subject: [PATCH 15/33] Fix for apikey --- .../RFI-CustomConnector-0-1-0/azuredeploy.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json index 91b274d4de..9b23b0ca97 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json @@ -279,7 +279,7 @@ }, "security": [ { - "ApiKeyAuth": [] + "apiKey-auth": [] } ], "x-ms-api-annotation": { @@ -448,7 +448,7 @@ }, "security": [ { - "ApiKeyAuth": [] + "apiKey-auth": [] } ], "x-ms-visibility": "important" @@ -487,7 +487,7 @@ }, "security": [ { - "ApiKeyAuth": [] + "apiKey-auth": [] } ], "x-ms-api-annotation": { @@ -1802,7 +1802,7 @@ "parameters": {}, "responses": {}, "securityDefinitions": { - "ApiKeyAuth": { + "apiKey-auth": { "type": "apiKey", "in": "header", "name": "X-RFToken" @@ -1810,7 +1810,7 @@ }, "security": [ { - "ApiKeyAuth": [] + "apiKey-auth": [] } ], "tags": [], From 2a128ee910bd0005647fbea43a70b833b3abd38d Mon Sep 17 00:00:00 2001 From: RecordedFutureOskbo Date: Thu, 20 Jun 2024 14:57:17 +0200 Subject: [PATCH 16/33] Added custom connector installation and other small fixes. --- .../Playbooks/readme.md | 57 ++++++++++++------- .../Recorded Future Identity/ReleaseNotes.md | 2 +- 2 files changed, 39 insertions(+), 20 deletions(-) diff --git a/Solutions/Recorded Future Identity/Playbooks/readme.md b/Solutions/Recorded Future Identity/Playbooks/readme.md index 5be63c9850..bd7047b53d 100644 --- a/Solutions/Recorded Future Identity/Playbooks/readme.md +++ b/Solutions/Recorded Future Identity/Playbooks/readme.md @@ -52,7 +52,7 @@ Possible remediations include requiring a password reset, or temporarily locking 1) [Overview](#overview) 2) [Playbooks](#playbooks) 1) ["Base" playbooks (Workforce and External)](#base_playbooks) - 2) ["Reactive" playbooks](#reactive_playbooks) + 2) ["Search" playbooks](#search_playbooks) 1) [Add risky user to Active Directory Security Group](#add_risky_user_to_active_directory_security_group) 2) [Active Directory Identity Protection - confirm user is compromised](#active_directory_identity_protection_confirm_user_is_compromised) 3) [Lookup risky user and save results](#lookup_risky_user_and_save_results) @@ -91,7 +91,7 @@ This Solution consists of 5 Playbooks (Logic Apps).
-"Reactive" playbooks: +"Search" playbooks: Theese are sub playbooks that are called by the base playbooks. | Playbook Name | Description | @@ -124,11 +124,11 @@ Those playbooks search the Recorded Future Identity Intelligence Module for comp | 2 | Pull previously seen/saved leaks data from Log Analytics Custom Log. | | 3 | Compare data from step 1 and step 2 - to determine which leaks are new and haven't been seen previously by the Base Logic App. | | 4 | Save the new leaks from step 3, so on the next run of the Base Logic App we would get that data on step 2. | -| 5 | Use "Reactive" Logic Apps to react / take actions on the newly leaked credentials. | +| 5 | Use "Search" Logic Apps to react / take actions on the newly leaked credentials. |
-If you are using External use case - you will get info on your clients leaks, so probably the most valuable "reactive" Logic App for you will be "Lookup risky user and save results", as "Add risky user to Active Directory Security Group" and "Active Directory Identity Protection - confirm user is compromised" assumes that the leaked email is a user in your organization Microsoft Entra ID, which is mostly probably not true for External use case. +If you are using External use case - you will get info on your clients leaks, so probably the most valuable "Search" Logic App for you will be "Lookup risky user and save results", as "Add risky user to Active Directory Security Group" and "Active Directory Identity Protection - confirm user is compromised" assumes that the leaked email is a user in your organization Microsoft Entra ID, which is mostly probably not true for External use case.
@@ -145,7 +145,7 @@ Logic App Parameters for Base Logic App Workforce use case: | **active_directory_security_group_id** | ID of Active Directory Security Group for users at risk. You need to pre-create it by hand: search for "Groups" in Service search at the top of the page. For more information, see [Active Directory Security Groups](https://docs.microsoft.com/windows/security/identity-protection/access-control/active-directory-security-groups) documentation. | | **lookup_lookback_days** | Time range for Lookup / number of days before today to search (e.g. input "-14" to search the last 14 days). **Make sure to use `lookup_lookback_days` same or larger than `search_lookback_days`. Otherwise you can encounter a situation when you get empty results on Lookup for the compromised credentials from the Search.** | | **lookup_results_log_analytics_custom_log_name** | Name for Log Analytics Custom Log to save Lookup results at (**needs to end with "`_CL`"**). | -| **active_directory_domain** | (Optional, can be left empty) - in case your Active Directory domain is different from your organization domain, this parameter will be used to transform compromised credentials to find corresponding user in your Active Directory (ex. Compromised email: leaked@mycompany.com, your Active Directory domain: `@mycompany.onmicrosoft.com`, so you set parameter `active_directory_domain = mycompany.onmicrosoft.com` (**just domain, without "@"**), and reactive playbooks will replace the domain from the leaked email with the provided domain from the active_directory_domain parameter, before searching for the corresponding user in your Active Directory: `leaked@mycompany.com -> leaked@mycompany.onmicrosoft.com`. (Lookup playbook - will still use the original email to Lookup the data). | +| **active_directory_domain** | (Optional, can be left empty) - in case your Active Directory domain is different from your organization domain, this parameter will be used to transform compromised credentials to find corresponding user in your Active Directory (ex. Compromised email: leaked@mycompany.com, your Active Directory domain: `@mycompany.onmicrosoft.com`, so you set parameter `active_directory_domain = mycompany.onmicrosoft.com` (**just domain, without "@"**), and search playbooks will replace the domain from the leaked email with the provided domain from the active_directory_domain parameter, before searching for the corresponding user in your Active Directory: `leaked@mycompany.com -> leaked@mycompany.onmicrosoft.com`. (Lookup playbook - will still use the original email to Lookup the data). |
@@ -153,13 +153,13 @@ Logic App Parameters for Base Logic App "External use case" are the same as for
- + -### "Reactive" playbooks +### "Search" playbooks
-"Reactive" playbooks can be used to react to leaked credentials and mitigate the risks. +"Search" playbooks can be used to react to leaked credentials and mitigate the risks.
@@ -196,7 +196,7 @@ HTTP request parameters: |----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **risky_user_email** | Compromised user email. | | **active_directory_security_group_id** | ID of Active Directory Security Group for users at risk. You need to pre-create security group by hand: search for "Groups" in Service search at the top of the page. For more information, see [Active Directory Security Groups](https://docs.microsoft.com/windows/security/identity-protection/access-control/active-directory-security-groups) documentation. | -| **active_directory_domain** | (Optional, can be left empty) - in case your Active Directory domain is different from your organization domain, this parameter will be used to transform compromised credentials to find corresponding user in your Active Directory (ex. Compromised email: leaked@mycompany.com, your Active Directory domain: `@mycompany.onmicrosoft.com`, so you set parameter `active_directory_domain = mycompany.onmicrosoft.com` (**just domain, without "@"**), and reactive playbooks will replace the domain from the leaked email with the provided domain from the active_directory_domain parameter, before searching for the corresponding user in your Active Directory: `leaked@mycompany.com -> leaked@mycompany.onmicrosoft.com`. (Lookup playbook - will still use the original email to Lookup the data). | +| **active_directory_domain** | (Optional, can be left empty) - in case your Active Directory domain is different from your organization domain, this parameter will be used to transform compromised credentials to find corresponding user in your Active Directory (ex. Compromised email: leaked@mycompany.com, your Active Directory domain: `@mycompany.onmicrosoft.com`, so you set parameter `active_directory_domain = mycompany.onmicrosoft.com` (**just domain, without "@"**), and search playbooks will replace the domain from the leaked email with the provided domain from the active_directory_domain parameter, before searching for the corresponding user in your Active Directory: `leaked@mycompany.com -> leaked@mycompany.onmicrosoft.com`. (Lookup playbook - will still use the original email to Lookup the data). |
@@ -232,7 +232,7 @@ HTTP request parameters: | Parameter | Description | |----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **risky_user_email** | Compromised user email. | -| **active_directory_domain** | (Optional, can be left empty) - in case your Active Directory domain is different from your organization domain, this parameter will be used to transform compromised credentials to find corresponding user in your Active Directory (ex. Compromised email: leaked@mycompany.com, your Active Directory domain: `@mycompany.onmicrosoft.com`, so you set parameter `active_directory_domain = mycompany.onmicrosoft.com` (**just domain, without "@"**), and reactive playbooks will replace the domain from the leaked email with the provided domain from the active_directory_domain parameter, before searching for the corresponding user in your Active Directory: `leaked@mycompany.com -> leaked@mycompany.onmicrosoft.com`. (Lookup playbook - will still use the original email to Lookup the data). | +| **active_directory_domain** | (Optional, can be left empty) - in case your Active Directory domain is different from your organization domain, this parameter will be used to transform compromised credentials to find corresponding user in your Active Directory (ex. Compromised email: leaked@mycompany.com, your Active Directory domain: `@mycompany.onmicrosoft.com`, so you set parameter `active_directory_domain = mycompany.onmicrosoft.com` (**just domain, without "@"**), and search playbooks will replace the domain from the leaked email with the provided domain from the active_directory_domain parameter, before searching for the corresponding user in your Active Directory: `leaked@mycompany.com -> leaked@mycompany.onmicrosoft.com`. (Lookup playbook - will still use the original email to Lookup the data). |
@@ -301,8 +301,8 @@ Another way to cover this case - you can add a corresponding check to RFI-lookup ## Deployment > [!IMPORTANT] -> Make sure you deploy all 3 "Reactive" playbooks before deploying "Base" playbooks. And make sure you configure all 3 "Reactive" playbooks before running "Base" playbooks. -> Make sure to specify correct "Reactive" playbook names while deploying "Base" playbooks.** "Correct" - are just the same as you have used while deploying "Reactive" playbooks. +> Make sure you deploy all "Base" playbooks before deploying any of the "search" playbooks. And make sure you configure all 3 base playbooks before running "RFI-search..." playbooks. +> Make sure to specify correct playbook names while deploying "search" playbooks.** "Correct" - are just the same as you have used while deploying playbooks. @@ -319,14 +319,33 @@ Another way to cover this case - you can add a corresponding check to RFI-lookup #### Deploy Playbooks one by one -> [!IMPORTANT] -> **Make sure you deploy all 3 "Reactive" playbooks before deploying "Base" playbooks. And make sure you configure all 3 "Reactive" playbooks before running "Base" playbooks.** -> **Make sure to specify correct "Reactive" playbook names while deploying "Base" playbooks.** "Correct" - are just the same as you have used while deploying "Reactive" playbooks. -
+> [!IMPORTANT] +> Make sure you deploy all "Base" playbooks before deploying any of the "search" playbooks. And make sure you configure all 3 base playbooks before running "RFI-search..." playbooks. +> Make sure to specify correct playbook names while deploying "search" playbooks.** "Correct" - are just the same as you have used while deploying playbooks. + +##### RecordedFuture-CustomConnector +Logic-app custom connector\ + +This connector is used by other logic apps in this solution to comunicate with Recorded Future backend API. + +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRFI-CustomConnector-0-1-0%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRFI-CustomConnector-0-1-0%2Fazuredeploy.json) + +Parameters for deployment: + +| Parameter | Description | +|--------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Subscription** | Your Azure Subscription to deploy the Solution in. All resources in an Azure subscription are billed together. | +| **Resource group** | Resource group in your Subscription to deploy the Solution in. A resource group is a collection of resources that share the same lifecycle, permissions, and policies. | +| **Region** | Choose the Azure region that's right for you and your customers. Not every resource is available in every region. | +| **Connector-Name** | Connector name to use for this playbook (ex. "RFI-CustomConnector-0-1-0"). | +|**Service Endpoint**| API Endpoint, always use the default ```https://api.recordedfuture.com/gw/azure-identity```| + + ##### RFI-add-EntraID-security-group-user [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FRecorded%20Future%20Identity%2FPlaybooks%2FRFI-add-EntraID-security-group-user%2Fazuredeploy.json) @@ -443,8 +462,8 @@ After deployment - initial set up for each deployed Logic App (playbook) include
**Important:** -- **Make sure you deploy all 3 "Reactive" playbooks before deploying "Base" playbooks. And make sure you configure all 3 "Reactive" playbooks before running "Base" playbooks.** -- **Make sure to specify correct "Reactive" playbook names while deploying "Base" playbooks.** "Correct" - are just the same as you have used while deploying "Reactive" playbooks. +- **Make sure you deploy all 3 "Search" playbooks before deploying "Base" playbooks. And make sure you configure all 3 "Search" playbooks before running "Base" playbooks.** +- **Make sure to specify correct "Search" playbook names while deploying "Base" playbooks.** "Correct" - are just the same as you have used while deploying "Search" playbooks. - **Make sure to use `lookup_lookback_days` same or larger than `search_lookback_days`. Otherwise you can encounter a situation when you get empty results on Lookup for the compromised credentials from the Search.**
@@ -537,7 +556,7 @@ Permissions / Roles: ## How to obtain Recorded Future API token -Recorded Future clients interested in API access for custom scripts or to enable a paid integration can request an API Token via this Integration Support Ticket form. Please fill out the following fields, based on intended API usage. +Recorded Future clients interested in API access for custom scripts or to enable a paid integration can request an API Token via this [Integration Support Ticket form](https://support.recordedfuture.com/hc/en-us/articles/4411077373587-Requesting-API-Tokens). Please fill out the following fields, based on intended API usage. Recorded Future API Services - Choose if your token is pertaining to one of the below Recorded Future API offerings: - Connect API diff --git a/Solutions/Recorded Future Identity/ReleaseNotes.md b/Solutions/Recorded Future Identity/ReleaseNotes.md index 2b51e290a4..48a7e3470a 100644 --- a/Solutions/Recorded Future Identity/ReleaseNotes.md +++ b/Solutions/Recorded Future Identity/ReleaseNotes.md @@ -1,4 +1,4 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|---------------------------------------------| -| 3.0.0 | 15-04-2024 | Fixedhardcoded SubscriptionID.
Entra ID renaming of playbooks and readme.
Using solution format V3
Change prefix on all logic app installation names from RecordedFutureIdentity to RFI die to name size limit of 64 characters. | +| 3.0.0 | 15-04-2024 | Fixedhardcoded SubscriptionID.
Entra ID renaming of playbooks and readme.
Using solution format V3
Change prefix on all logic app installation names from RecordedFutureIdentity to RFI due to logic app name size limitation of 64 characters. | | 2.0.0 | 14-09-2022 | Initial Solution Release | From 1171968995f89f2582c6fe90423e29de42b33c3c Mon Sep 17 00:00:00 2001 From: Niklas Logren Date: Tue, 25 Jun 2024 11:10:39 +0200 Subject: [PATCH 17/33] Update api version to 1.1.0 and add deprecated flag to v1 endpoint --- .../Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json index 9b23b0ca97..011a898b50 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json @@ -48,7 +48,7 @@ "url": "https://support.recordedfuture.com", "email": "support@recordedfuture.com" }, - "version": "0.1.0" + "version": "1.1.0" }, "host": "api.recordedfuture.com", "basePath": "/gw/azure-identity", @@ -282,6 +282,7 @@ "apiKey-auth": [] } ], + "deprecated": true, "x-ms-api-annotation": { "family": "Credential_Lookup", "revision": 1 From e77f51a5403d6310e58de9218d536f9fe22b79b0 Mon Sep 17 00:00:00 2001 From: Niklas Logren Date: Tue, 25 Jun 2024 11:35:39 +0200 Subject: [PATCH 18/33] rename security key to ApiKeyAuth --- .../RFI-CustomConnector-0-1-0/azuredeploy.json | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json index 011a898b50..55b8df9385 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json @@ -279,7 +279,7 @@ }, "security": [ { - "apiKey-auth": [] + "ApiKeyAuth": [] } ], "deprecated": true, @@ -449,7 +449,7 @@ }, "security": [ { - "apiKey-auth": [] + "ApiKeyAuth": [] } ], "x-ms-visibility": "important" @@ -488,7 +488,7 @@ }, "security": [ { - "apiKey-auth": [] + "ApiKeyAuth": [] } ], "x-ms-api-annotation": { @@ -1803,15 +1803,16 @@ "parameters": {}, "responses": {}, "securityDefinitions": { - "apiKey-auth": { + "ApiKeyAuth": { "type": "apiKey", + "name": "X-RFToken", "in": "header", - "name": "X-RFToken" + "description": "API Credential" } }, "security": [ { - "apiKey-auth": [] + "ApiKeyAuth": [] } ], "tags": [], From 519f4fed107adc8e20ac9c2d33d6c492d58a8a4d Mon Sep 17 00:00:00 2001 From: Tiago Duarte <103927368+tduarte14@users.noreply.github.com> Date: Thu, 27 Jun 2024 08:59:33 +0100 Subject: [PATCH 19/33] Update CiscoMeraki.yaml for firewall LogType Added parsing for firewall related LogType events (upgrade from flows). Also inferred networkDirection from firewall logs message format --- .../CiscoMeraki/Parsers/CiscoMeraki.yaml | 109 ++++++++++-------- 1 file changed, 60 insertions(+), 49 deletions(-) diff --git a/Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml b/Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml index d8d521740d..f273dcb5f3 100644 --- a/Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml +++ b/Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml @@ -1,7 +1,7 @@ id: f3811ff1-231c-453f-bd2c-cda06e7c3e1f Function: Title: Parser for CiscoMeraki - Version: '1.0.0' + Version: '1.0.1' LastUpdated: '2023-08-23' Category: Microsoft Sentinel Parser FunctionName: CiscoMeraki @@ -31,16 +31,17 @@ FunctionQuery: | ) | extend Parser = extract_all(@"(\d+.\d+)\s([\w\-\_]+)\s([\w\-\_]+)\s([\S\s]+)$", dynamic([1, 2, 3, 4]), LogMessage)[0] | extend Epoch = tostring(Parser[0]), - DeviceName = coalesce(tostring(Parser[1]),column_ifexists("SrcHostname","")), - LogType = coalesce(column_ifexists("LogType",""),tostring(Parser[2])), - Substring = tostring(Parser[3]) + DeviceName = coalesce(tostring(Parser[1]),column_ifexists("SrcHostname","")), + LogType = coalesce(column_ifexists("LogType",""),tostring(Parser[2])), + Substring = tostring(Parser[3]) | extend EpochTimestamp = split(Epoch,".") | extend EventTimestamp = unixtime_seconds_todatetime(tolong(EpochTimestamp[0])) | extend EventStartTime = coalesce(EventTimestamp,column_ifexists("EventStartTime",datetime(null))) | extend SrcIpAddr = case( isnotempty(column_ifexists("SrcIpAddr","")), column_ifexists("SrcIpAddr",""), + LogType has "events", extract(@"last_known_client_ip=([0-9\.]+)\:",1,Substring), LogType has "urls", extract(@"src=([0-9\.]+)\:",1,Substring), - LogType has "flows", extract(@"src=([0-9\.]+)\s",1,Substring), + LogType has_any ("flows","firewall"), extract(@"src=([0-9\.]+)\s",1,Substring), LogType has "security_event", extract(@"src=([0-9\.]+)\:",1,Substring), LogType has "ids-alerts", extract(@"src=([0-9\.]+)\:",1,Substring), LogType has "events", extract(@"(peer_contact|ip_src)=\'([0-9\.]+)\:",2,Substring), @@ -50,7 +51,7 @@ FunctionQuery: | isnotnull(column_ifexists("SrcPortNumber",int(null))), column_ifexists("SrcPortNumber",int(null)), LogType has "urls", toint(extract(@"src=([0-9\.]+)\:(\d+)\s",2,Substring)), - LogType has "flows", toint(extract(@"sport=(\S+)",1,Substring)), + LogType has_any ("flows","firewall"), toint(extract(@"sport=(\S+)",1,Substring)), LogType has "security_event", toint(extract(@"src=([0-9\.]+)\:(\d+)",2,Substring)), LogType has "ids-alerts", toint(extract(@"src=([0-9\.]+)\:(\d+)",2,Substring)), LogType has "events", toint(extract(@"(peer_contact|ip_src)=\'([0-9\.]+)\:(\d+)\'",3,Substring)), @@ -59,7 +60,7 @@ FunctionQuery: | DstIpAddr = case( isnotempty(column_ifexists("DstIpAddr","")), column_ifexists("DstIpAddr",""), LogType has "urls",extract(@"dst=([0-9\.]+)\:",1,Substring), - LogType has "flows", extract(@"dst=([0-9\.]+)\s",1,Substring), + LogType has_any ("flows","firewall"), extract(@"dst=([0-9\.]+)\s",1,Substring), LogType has "security_event", extract(@"dst=([0-9\.]+)\:",1,Substring), "" ), @@ -67,7 +68,7 @@ FunctionQuery: | isnotnull(column_ifexists("DstPortNumber",int(null))), column_ifexists("DstPortNumber",int(null)), LogType has "urls", toint(extract(@"dst=([0-9\.]+)\:(\d+)\s",2,Substring)), - LogType has "flows", toint(extract(@"dport=(\S+)",1,Substring)), + LogType has_any ("flows","firewall"), toint(extract(@"dport=(\S+)",1,Substring)), LogType has "security_event", toint(extract(@"dst=([0-9\.]+)\:(\d+)",2,Substring)), int(null) ), @@ -80,18 +81,18 @@ FunctionQuery: | SrcMacAddr = case( isnotempty(column_ifexists("SrcMacAddr","")), column_ifexists("SrcMacAddr",""), LogType has "airmarshal_events", tostring(extract(@"src=\'(\S+)\'",1,Substring)), - LogType has "flows", tostring(extract(@"mac=(\S+)\s",1,Substring)), + LogType has_any ("flows","firewall"), tostring(extract(@"mac=(\S+)\s",1,Substring)), LogType has "security_event", tostring(extract(@"shost=(\S+)\s",1,Substring)), "" ), NetworkProtocol = case( isnotempty(column_ifexists("NetworkProtocol","")), column_ifexists("NetworkProtocol",""), LogType has "ids-alerts", tostring(extract(@"protocol=(\w+)\s",1,Substring)), - LogType has "flows", extract(@"protocol=(\w+)\s",1,Substring), + LogType has_any ("flows","firewall"), extract(@"protocol=(\w+)\s",1,Substring), LogType has "security_event", tostring(extract(@"protocol=(\w+)\s",1,Substring)), "" ), - Pattern = iff(LogType has "flows", extract(@"pattern\: ([\S\s]+)",1,Substring), dynamic("")), + Pattern = iff(LogType has_any ("flows","firewall"), extract(@"pattern\: ([\S\s]+)",1,Substring), dynamic("")), EventType = case( isnotempty(column_ifexists("EventOriginalType","")), column_ifexists("EventOriginalType",""), LogType has "airmarshal_events", tostring(extract(@"type= (\S+)",1,Substring)), @@ -148,42 +149,42 @@ FunctionQuery: | "" ), Message = iff(LogType has "security_event", tostring(extract(@"message: ([\w\.\-\+\,\s]+)(\s\w+\=)?",1,Substring)), column_ifexists("Message","")), - VpnType = iff(LogType has "events", tostring(extract(@"vpn_type=\'(\S+)\'",1,Substring)), dynamic("")), - PeerIdentity = iff(LogType has "events", tostring(extract(@"peer_ident=\'(\S+)\'",1,Substring)), dynamic("")), - Radio = iff(LogType has "events", toint(extract(@"radio=\'(\d+)\'",1,Substring)), dynamic("")), - Group = iff(LogType has "events", toint(extract(@"group=\'(\S+)?\'",1,Substring)), dynamic("")), - Attribute = iff(LogType has "events", toint(extract(@"attr=\'(\S+)?\'",1,Substring)), dynamic("")), + VpnType = iff(LogType has "events", tostring(extract(@"vpn_type=\'(\S+)\'",1,Substring)), dynamic("")), + PeerIdentity = iff(LogType has "events", tostring(extract(@"peer_ident=\'(\S+)\'",1,Substring)), dynamic("")), + Radio = iff(LogType has "events", toint(extract(@"radio=\'(\d+)\'",1,Substring)), dynamic("")), + Group = iff(LogType has "events", toint(extract(@"group=\'(\S+)?\'",1,Substring)), dynamic("")), + Attribute = iff(LogType has "events", toint(extract(@"attr=\'(\S+)?\'",1,Substring)), dynamic("")), ClientMacAddr = case( isnotempty(column_ifexists("SrcMacAddr","")), column_ifexists("SrcMacAddr",""), - LogType has "events", tostring(extract(@"client_mac=\'(\S+)\'",1,Substring)), + LogType has "events", tostring(extract(@"client_mac=\'(\S+)\'",1,Substring)), "" ), - Reason = iff(LogType has "events", toint(extract(@"reason=\'(\S+)\'",1,Substring)), dynamic("")), - AppleDaReason = iff(LogType has "events", toint(extract(@"apple_da_reason=\'(\S+)\'",1,Substring)), dynamic("")), - Duration = iff(LogType has "events", tostring(extract(@"duration=\'(\S+)\'",1,Substring)), ""), - FullConn = iff(LogType has "events", tostring(extract(@"full_conn=\'(\S+)\'",1,Substring)), dynamic("")), - IpResp = iff(LogType has "events", tostring(extract(@"ip_resp=\'(\S+)\'\s",1,Substring)), dynamic("")), - HttpResp = iff(LogType has "events", tostring(extract(@"http_resp=\'(\S+)\'",1,Substring)), dynamic("")), - ArpResp = iff(LogType has "events", tostring(extract(@"arp_resp=\'(\S+)\'",1,Substring)), dynamic("")), + Reason = iff(LogType has "events", toint(extract(@"reason=\'(\S+)\'",1,Substring)), dynamic("")), + AppleDaReason = iff(LogType has "events", toint(extract(@"apple_da_reason=\'(\S+)\'",1,Substring)), dynamic("")), + Duration = iff(LogType has "events", tostring(extract(@"duration=\'(\S+)\'",1,Substring)), ""), + FullConn = iff(LogType has "events", tostring(extract(@"full_conn=\'(\S+)\'",1,Substring)), dynamic("")), + IpResp = iff(LogType has "events", tostring(extract(@"ip_resp=\'(\S+)\'\s",1,Substring)), dynamic("")), + HttpResp = iff(LogType has "events", tostring(extract(@"http_resp=\'(\S+)\'",1,Substring)), dynamic("")), + ArpResp = iff(LogType has "events", tostring(extract(@"arp_resp=\'(\S+)\'",1,Substring)), dynamic("")), ArpSrcIpAddr = case( isnotempty(column_ifexists("SrcIpAddr","")), column_ifexists("SrcIpAddr",""), - LogType has "events", tostring(extract(@"arp_src=\'(\S+)\'",1,Substring)), + LogType has "events", tostring(extract(@"arp_src=\'(\S+)\'",1,Substring)), "" ), - Connectivity = iff(LogType has "events", tostring(extract(@"connectivity=\'(\S+)\'",1,Substring)), dynamic("")), - Rtt = iff(LogType has "events", tostring(extract(@"rtt=\'([\w+\.\s]+)\'",1,Substring)), dynamic("")), - UserName = iff(LogType has "events", tostring(extract(@"identity=\'(\S+)\'",1,Substring)), dynamic("")), - Aid = iff(LogType has "events", tostring(extract(@"aid=\'(\S+)\'",1,Substring)), dynamic("")), - Spi = iff(LogType has "events", tostring(extract(@"spi=(\S+)$",1,Substring)), dynamic("")), + Connectivity = iff(LogType has "events", tostring(extract(@"connectivity=\'(\S+)\'",1,Substring)), dynamic("")), + Rtt = iff(LogType has "events", tostring(extract(@"rtt=\'([\w+\.\s]+)\'",1,Substring)), dynamic("")), + UserName = iff(LogType has "events", tostring(extract(@"identity=\'(\S+)\'",1,Substring)), dynamic("")), + Aid = iff(LogType has "events", tostring(extract(@"aid=\'(\S+)\'",1,Substring)), dynamic("")), + Spi = iff(LogType has "events", tostring(extract(@"spi=(\S+)$",1,Substring)), dynamic("")), DvcMacAddr = case( isnotempty(column_ifexists("DvcMacAddr","")), column_ifexists("DvcMacAddr",""), - LogType has "events", tostring(extract(@"device=\'(\S+)\'",1,Substring)), + LogType has "events", tostring(extract(@"device=\'(\S+)\'",1,Substring)), "" ), - State = iff(LogType has "events", tostring(extract(@"state=\'(\S+)\'",1,Substring)), dynamic("")), - AlarmId = iff(LogType has "events", toint(extract(@"alarm_id=\'(\S+)\'",1,Substring)), dynamic("")), - DosCount = iff(LogType has "events", tostring(extract(@"dos_count=\'(\S+)\'",1,Substring)), dynamic("")), - InterArrival = iff(LogType has "events", tostring(extract(@"inter_arrival=\'(\S+)\'",1,Substring)), dynamic("")), + State = iff(LogType has "events", tostring(extract(@"state=\'(\S+)\'",1,Substring)), dynamic("")), + AlarmId = iff(LogType has "events", toint(extract(@"alarm_id=\'(\S+)\'",1,Substring)), dynamic("")), + DosCount = iff(LogType has "events", tostring(extract(@"dos_count=\'(\S+)\'",1,Substring)), dynamic("")), + InterArrival = iff(LogType has "events", tostring(extract(@"inter_arrival=\'(\S+)\'",1,Substring)), dynamic("")), LogTimestamp = case( isnotnull(column_ifexists("EventStartTime",datetime(null))), column_ifexists("EventStartTime",datetime(null)), LogType has "security_event", unixtime_seconds_todatetime(tolong(split(tostring(extract(@"timestamp=(\S+)\s",1,Substring)),".")[0])), @@ -193,15 +194,15 @@ FunctionQuery: | IpAddr = iff(LogType has "events", tostring(extract(@"dhcp lease of ip ([\d\.]+)", 1, Substring)), dynamic("")), ServerMacAddr = iff(LogType has "events", tostring(extract(@"server mac ([\w\:]+)", 1, Substring)), dynamic("")), RouterIpAddr = iff(LogType has "events", tostring(extract(@"router ([\d\.]+)", 1, Substring)), dynamic("")), - Subnet = iff(LogType has "events", tostring(extract(@"subnet ([\d\.]+)", 1, Substring)), dynamic("")), - Dns = iff(LogType has "events", split(extract(@"dns ([\d\.\,\:\s]+)", 1, Substring), ", "), dynamic("")) + Subnet = iff(LogType has "events", tostring(extract(@"subnet ([\d\.]+)", 1, Substring)), dynamic("")), + Dns = iff(LogType has "events", split(extract(@"dns ([\d\.\,\:\s]+)", 1, Substring), ", "), dynamic("")) | extend - ClientMacAddr = iif(isempty(ClientMacAddr), tostring(extract(@"client mac ([\w\:]+)", 1, Substring)), ClientMacAddr), - SrcPortNumber = iif(isempty(SrcPortNumber), toint(extract(@"port=\'(\S+)\'",1,Substring)), SrcPortNumber), - Dns = iif(Dns[0] == "", "", Dns) + ClientMacAddr = iif(isempty(ClientMacAddr), tostring(extract(@"client mac ([\w\:]+)", 1, Substring)), ClientMacAddr), + SrcPortNumber = iif(isempty(SrcPortNumber), toint(extract(@"port=\'(\S+)\'",1,Substring)), SrcPortNumber), + Dns = iif(Dns[0] == "", "", Dns) | extend LogType = case( isnotempty(LogType), LogType, - LogType !in ("urls", "airmarshal_events","security_event","ids-alerts", "events") and LogType !contains "flows", iif(isempty(LogType), "", LogType), + LogType !in ("urls", "airmarshal_events","security_event","ids-alerts", "events") and LogType !contains "flows" and LogType !contains "firewall", iif(isempty(LogType), "", LogType), "" ), NetworkProtocol = case(NetworkProtocol has "tcp", "TCP", @@ -214,22 +215,32 @@ FunctionQuery: | Priority == 3, "Low", Priority == 4, "Infomational", ""), - Disposition = case( + Disposition = case( EventType contains "File Scanned", tolower(column_ifexists("EventOriginalSeverity","")), LogType has "security_event", tostring(extract(@"disposition=(\w+)",1,Substring)), "" ), - ThreatName = case( + ThreatName = case( LogType has "security_event", tostring(extract(@"name=(\S+)",1,Substring)), "" ), - Sha256 = case ( + Sha256 = case ( EventType == "File Scanned", column_ifexists("Sha256",""), LogType has "security_event", tostring(extract(@"sha256=(\S+)?",1,Substring)), "" ), - Action = case( - Action == "block", "deny", - tolower(Action) - ) - | project-away Substring, Parser \ No newline at end of file + NetworkDirection = case ( + LogType has_any ("flows", "firewall") and Pattern has_any ('1','0'), "inbound", //added by Logicalis + LogType has_any ("flows", "firewall") and Pattern has_any ('allow','deny'), "outbound", //added by Logicalis + LogType has "flows" and ipv4_is_private(DstIpAddr) and not(ipv4_is_private(SrcIpAddr)), "inbound", + LogType has "flows" and ipv4_is_private(SrcIpAddr) and not(ipv4_is_private(DstIpAddr)), "outbound", + NetworkDirection + ), + Action = case( + //https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Server_Overview_and_Configuration + LogType has_any ("flows","firewall") and (Pattern startswith "1" or Pattern startswith "deny"), "deny", + LogType has_any ("flows","firewall") and (Pattern startswith "0" or Pattern startswith "allow"), "allow", + Action == "block", "deny", + tolower(Action) + ) + | project-away Substring, Parser From 1c10c9149c981b5bcec5479b618692b4a0876533 Mon Sep 17 00:00:00 2001 From: Tiago Duarte <103927368+tduarte14@users.noreply.github.com> Date: Thu, 27 Jun 2024 09:03:42 +0100 Subject: [PATCH 20/33] Update CiscoMeraki.yaml was missing an update to LastUpdated field --- Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml b/Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml index f273dcb5f3..38da8c63bf 100644 --- a/Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml +++ b/Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml @@ -2,7 +2,7 @@ id: f3811ff1-231c-453f-bd2c-cda06e7c3e1f Function: Title: Parser for CiscoMeraki Version: '1.0.1' - LastUpdated: '2023-08-23' + LastUpdated: '2024-06-27' Category: Microsoft Sentinel Parser FunctionName: CiscoMeraki FunctionAlias: CiscoMeraki From 26fe7c66d0dffe4383bcc04a991325d33599012d Mon Sep 17 00:00:00 2001 From: Tiago Duarte <103927368+tduarte14@users.noreply.github.com> Date: Thu, 27 Jun 2024 09:06:20 +0100 Subject: [PATCH 21/33] Update CiscoMeraki.yaml (code indentation) fixed indentation for a small block of code --- Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml b/Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml index 38da8c63bf..9d6500f2a1 100644 --- a/Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml +++ b/Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml @@ -198,7 +198,7 @@ FunctionQuery: | Dns = iff(LogType has "events", split(extract(@"dns ([\d\.\,\:\s]+)", 1, Substring), ", "), dynamic("")) | extend ClientMacAddr = iif(isempty(ClientMacAddr), tostring(extract(@"client mac ([\w\:]+)", 1, Substring)), ClientMacAddr), - SrcPortNumber = iif(isempty(SrcPortNumber), toint(extract(@"port=\'(\S+)\'",1,Substring)), SrcPortNumber), + SrcPortNumber = iif(isempty(SrcPortNumber), toint(extract(@"port=\'(\S+)\'",1,Substring)), SrcPortNumber), Dns = iif(Dns[0] == "", "", Dns) | extend LogType = case( isnotempty(LogType), LogType, From 1d1b3d60e0504933fdfdd86bb45e756ab98c9a7a Mon Sep 17 00:00:00 2001 From: v-sabiraj Date: Thu, 27 Jun 2024 18:12:21 +0530 Subject: [PATCH 22/33] Fixed parameters for authentication of Jira --- .../AtlassianJiraAudit/Package/3.0.3.zip | Bin 0 -> 47163 bytes .../Package/mainTemplate.json | 72 +++++++++--------- 2 files changed, 36 insertions(+), 36 deletions(-) create mode 100644 Solutions/AtlassianJiraAudit/Package/3.0.3.zip diff --git a/Solutions/AtlassianJiraAudit/Package/3.0.3.zip b/Solutions/AtlassianJiraAudit/Package/3.0.3.zip new file mode 100644 index 0000000000000000000000000000000000000000..0eb188225b4fc46aa52024003df6a37a658719e3 GIT binary patch literal 47163 zcmX_n18^-{*KKT_*tTukws~UPIk9cqwr$(C?VKbp_x|^LRl93fb?sSuV6M??c2~bYeQ?{Xlt{j z{cXF!iu(QO_kjm-MPzerm$N>Qjtv+o0xn)v=DbEWyaIXEB|pM=UZ6(gl=4~Hq<3MZd&j{m;HX^dM>xLOVtzKiJQ4nNLnY|X-r8e{2l>jKSc*r>WKw5!Fu^lc{YMIh`o zLUw1eDc2r>G0d^+s2f>wvXPCkQ3`o;mm~oSVsCfcxSA_3UQ~JjAN>xTRiJ=wA0r11 zc6M;d^NTA9ka^myRGsf8O>xLu1s5g?P^tSc%!TPYNz5_7@cS?KN^~KW?er62R&lsQ zszO1qJew%uho>D>6!-5vghWtjxSh~8d7*Nla^#Y_lH`Yn>2Polz``7#q`zQD^t^hf zfA2dUUb%f9PsQ@q8pL8o*^QMM2-hMd@b+GsDz@ek4IC zB_3i3Xnudp_>P4s7!)OBX37lx|jHtc*uC2Y3=2C@S&ejz^X6 zg&Si(Nhq#pE32i3XafozQm6RkLV%K0ER9pam}LUqcI4-#!PD1@MK%WMB2gq`-x@bw zEdi0fzXH$~ zvgCFjOW6q(gK^`gYMI3cZk8;I^7JR?%7Ji_ie{i8N~iXOijW`Ua{+$C^g34>03x=TFn0yoNCG9(=OTVs z`d6XE%#%oZ1O0)vi9!Fxgbi*telwJY-U?MZOpq2J7iC>bxwjhFMh@=@#ku z4Y&iyM?Ge(aq|-&4}Ba9kK+i)%^#Bv9~~6BH4pVh4G%voFSUEABUCmWL&*uIo@lAo z=V3aPg85+iq7dD~^9dM&We?P)Szye&lzR~qZ5=&zFiTYGK))AB#4`3`^2mu$JeI6M zQk{}@RQDvph(d&$t}KG6aE1IO%Pu*`a4{JflA02K);^2=8&DZ3n9*RBm8xO^kU(6>BH%eQh(4bPZO6dnLj~By1}?1o8Pjq$@&JWvNFnzA%Ho9w8OYRria& zj1Z~bvWuRn|1Us{%^HURA?_o* zHSe6?2%$gdxF>6eZhSd_N4}Ni#KW z7>Q69G<$V_VaQ(=QsVma;B6V@Ym4k~&_2ZkshjBZ`4THY^_E)&p7PFq0og5sd*1uQ zPoobv5Z9LaP)keuu=0u3@YFjO36)j9e0k7kkJ3egW&NpiR`O1FV;n1fqOsv&S|Dea z-ccL@WA7<^>;n?p_d zTw~q28kmd_W-a7OaE7HAV+QcDYWtMm_T<_xJ?rxFC(H>za&%#w|{wE*91cnA|4F6qPOF!L(ZITzd zn8@D%YZa_R-i8&RsR@Q2Glo#;br~bD#RRcvSOMm4W53}JE`z5BDEYhA z(tuGFiswRW2@^%HekJyk=einCw(L+i<`#yyS+Tbr(55^9~vZ02ri&Nn$#iy z(Lx2wph+7^t=zA5;j)CSieQ$SMM7mcfnk3CT%LTp)o3DoXZpzXV3BhuRcfHJk-4{N zyYtqtponWAIZreGs2Z-c0J(*+iaTI0mOM0x{7 z?*T&9W_QBaxmY^ajpuziQrWVVT+aqC_5n!5ksp`E#n*=4Ci5~GukPD*9M);?eXXsSKAT1wQ%z2JwUv`{RQ4OM=aj$4%mbCL|3bJ zva3`$5_>?Om+lwi8yBW-G*gG_(sAQ1qYLjg&x@!CdBbR6hImo|s^5R_eNq|9AS0ih z1b6Cqde*ymZU|$2np~x>`C@&#JQt#hUj5*U3VW?q^=93+{jq$yTn{wZDj_=h8;oT4 zxmXVuwy^GTdhht-0x3bc{^BD=3cE!zLSFsu@bTGgPWJZTqt37qw@sc9g|$+B)r(=s zN|L5nmEER+>NW=l6|NVjz7v3uw1^(M+PvJ^gl||N|Lg6!nVRO$-p7$qasFmcG{_MP{h>wuzRj;w{)2p1{*g&6{6pN3uygSSil;E@4o~@v`&MA06 z9G9C#?jg8WL*0-2I1cx&d1Uqkyd?wHe~HTC#VFDg9=h-$Tf6Yt zTF4P4>)J1%V&gNan^BwW*i(97Nt3T+@E)mIM~;+r5Z!{_CjpBbtM;%quh+MH5WGr6 zxoHCnHviD6$$cFaT3Em;^t9@+7SSzQz`-u1o4u9CJ2(VCztYMT@X6;z>gr;8k|7xX zvfmTF2vsICe@Xxx5<>d1LJ0`OCRLDhplZO~J~EWd=ax-?y=2~T6= zWzy$Gi5-)FljbiW)Nq-rf}!9&^)tf!J<%;^-~`pPyYmew|NloM`=1f%X4)1{t{ebB zDFYnf*UyM#ZD4MrY+`L^^)o2_I~-l=TsUs9$A9~%yztdJsgZD*tnX)}E0+&n5I1ah zdexae5V)A|BgV7miNi{89E^E{19l5sJ|hf= zJj2?FDj-fTil-*ISfUJHz)N{!B1A9}%+Nsmg{XMJ2(?VXOj?x2KTjQAw7|?Sv0rd& z>k}!vlARMRzU4_e3^fEH3`jxc4-yxlNb39yfm`fKC9NqjzY2fS1|W>Y=M^>J-tMPZ zF$wposB6U?ncfukVMPqn6a-

I3Mu`xi1jil8sZ(BDp{(=FcVhzi_8dS zGON^+<`<=Um-5XP1?bE~T;ht}5MQcIegQm(nb$x;A0?WKOyZplL81E|YVV!=RWVt= ziZv`wNrzh+jsP-7plmG^AcG@LO?{P4kJYiJUd+l`U;Cp61{f#tIDeAs0 z{R~&B^77;wPSAtrIN|ri(_oHh_J>tlg13|U6z`Fi$)$ofqp1iBQ8B}MnGByohNzv! zsFQ9^swFCpl?-4)qNY`LmFWT9duWNy;WsOQJ|};nygL;qQkL$gTM3rS5!+etu%-ux zs%=I&(<$qDGgj*l$fGM|RCJnZc@~~1ODGGz>@50TnS1Re&yRiya`T{?`)W@dsr-6I zv?8|w%g9B2;te}V1n)y1(i&(*_x`1Uj>eFs9$*B;UaVhGV=JVN<6oODq>d3tPvU%8 zW+Tl)ToHXe-fm!Ce{h~`wU%sHS{^-_HV0|&w1*Mu>1^S zz(B+5SKI6h0e#jeg1Q`nUl}2k8n0Q-pdvGrY&u$tzg$ZwXNn}^5@#(VZLD8K27U3r z;+Ox5yZ<&5mFl~t7U9p3DKYIhFV;xq@zTQG+^auA(Pi(M^+!jEyHRBo_0OC zkfiYv9{BWMx#fT5TK_Begy?Vnr@T7fU`2sn6hVEN2cnfiQF~2Z#&O@hJ({`(ssDL^ zfO@{0J@AT0KwUZl7T@XyuV0YUIxeV02q8QCM>Wjs;NM7r###%tl^d%GahyRl2&UyM z44Y+n&Vp|5|M%B>Xa5n;zW%ow(7=Q-&_I#^!ceqA#yXIc)_)qPte!W(X24!WWO%if zWyD^3%AQMMQk@%Sm=Gv*fIYzsA}l7xh=GN**Ip;#6F@_}OaPy5`LOEs@Aoo$_d!=d zMe<8`K?PzmeKC2qdo`F576wHz#RWuhZnSm3xUM75lCr^WK)KNcWkFXbzSiGmuvkAR z|6`Sq$%^odlz76!wuCa9QSl7H5i1UH7v+uEElBQRH$#hL0<-O`&d$A5HDOSJ2MeL& zqn?f3^prSR<`rivxonxFuu3@^Em637V^H_u#b<0S6&!(w>%$?SkxoKNh;%hPMmpcE zEK6Oa94~2`6J5O8}rPCzFi@bF zt)v%4MrY{@!sKACO7q=LqLBZ~^nag3rMFx$Bt>rP|;pr{C&(U4~0aX)yg zEv`-9o<@kIh%U`crrx9@hjz8@QXe~n#Q{-@Z>H-x+WFTRx7wYeti&@mA6u;1Kp2=v zJf<^K#Y!W?Old_Rx?slYhqG~9P>3!d3dj@}&JSl;{~ylf<;8pK*_2vtlBiPB=((Ou zXox9B=fy=b+@7TWZ~(CTKgw7SM$z6}$0ORnOq!!|$qYixmxgi)Pho)jXThWy;b$Dx zVK_^SpfsHsZ4@(uK%90m(yW0wA_fr6QTq)I5yyXWweRLiI8AK&_s1N$AB6a(OkIXV zjdwLrqgtnqRf$nA_u0&pF#MZMKWbVZn<)PJt@GzRmTKi8E_dp`$*>exEwY$A3b=$G zi=0*w_H2S?K{D}{Wy9l}RfVh36tLIebebu)$hyu_R{l-Zkg zZ31(c^-c-0`Z!fTE=ip>2v*WoF9*=iXffby!5)epxrg)A0xk4CsN3{g_75 z$4~^T62iYyq;MInl1cZo1n_;}lvto;wPTRn1$62X9I z4JKC25uW`t+HtxR$-PtBXmhBbmpg}mB@F?)@^I-SSaRNI<~dre0B4va(wowc!$ z-zb+0wkt=CKDZCr)%|9ejyiHts|RXGwm&;{4$Mdt2{}Qpj!l`_r}Q!Fa*bMfZ zAFfBx7UJ|T!YLOA1x-(2KMus48-XG!R+Gw;=}3eVG|w@o<|Cz zLd;7my|h>sa@u9tDGkV@)a6 zfJ}|Qf@Kt7Y#nXPf}4kLDcVlRUZMeFrws7fREqf7XNuD#0Hf|Da2i?0QI#X+as4y{ z0Gi$lca>iH=l98Ox(g&SNNlCZ-EWKshJ(j85JA6KOQKv7I;#vO*_sMh+ocuSX#sP* zs|vab%>}Yho_05J2ivyR*mD}u4q5RIy+cx1f!k<6?z5~i)({Sx$wyl_Vj8hxHwN%+ z&C}Rc7agEU60VXuC$k%qtmY&;=cPNOIr6n!a`f!s$xa{Q&NjPS)K1x^zMN4cr;dWy&zzz(J%w&yS+g#+#stHeBH)@fZuF z^!_?2=)QPP{3Tzy)-I$@8HIO*U(!nG{?r*25lS1Pv^yXu^U`xzDAjupJGIlJqh_}s zXE#Xl?OyJ27^n=!Bs5e+i&VXUjwU>6O3HU`iHi2`GvzC!px4Mn_r&&BO{BUX1Y5Be zPuaATj@Sp|q_a<-o%pTftI=kif;%Dk*Ld;JZpWsU3IPgeMozrvmbJxhL2z*Jl2fkv`m_na#BgT=>(->ZIvuaVJVmi{-PwoI|{%Z57bF2?=j31IxK6dm}O+0x>th`FDELiu7o7=KrQy!ePI!WTRdbCN=0 z!LQACRq>{cPP1-u6yFd>71Hh$`KDkpA@AXk3!)hHU*602*Ep}F5E>xxWjnd^p(S2l z$I=gVltFNQ4F%~^79HijTPVb2PFDCa?yJSmCF6O~>CCPNE5tZc()0z6SBlYVn6?P_ ztW@myLSNQOb$${@j_Ol)aplr-0qai^{hk)0D3Mv7Ac6Vy)eBmk$yFwjqx6mWmM7fq z%AW<#BT0>uc)%~ZczHEi0(gS11jYr(sFo!(FIy5%4}`w~Zt@6fe@-dp42jj0s+tph zjuO^9JJO6p!1GbUtee2wioMmp>MgxZBWX(+(;lVudHZIXKezCPwzd;9oT(F|my&&b z=hKKcxK zemu86qtFAg74t7uBVWbVt`yt(s|9t6qE_RpO z>Qf4Nu8ffB9^J}B3PV28>B-lo+!=Z~b;sjL9^Zowa+r-fOj*QgB&u zemP@hsZdCMWtqt15uL*2Tsspoaq5PSMO2>swvKF|hm>N+vX-K)lS|4Qa(Hom{zBnc zc`pTN0vuVdj#A~wRSdX;V^->wJ{c^6B;!iqBHGQ)=he`fih%a>HtvPYgh%1Dfot~Y z$Db_W#t6e2qFjzuj&r;)g~yunAc4c|kcLp!XUw9S0z2JO-Mmg*9=Z7la@n2vRcdkB zlLzz}DR;URDNWQ}j=&MD%;D}0g{(Ly2K-#k2!Hb9a|a$x{X~Dp#AOmEoyh*tfy6l} zJaF9*YK)c$$wVMF?CuZ+s0iiwZLDWH#Tei=;sa;Bj2q+u&Cd;K=lA}C%a5S_gMp5h z8r^Q67Xfa5u=WM7);pf(0+U6a(Tj5<&nz~fHx90J$I%x}jmhANPh`WE54_x*PUJBKai25#(YFLk|95+k z5j=!KaoR6?kYYA`{ckgTJEs{u*iX{j*Ect9M4n6K16_!CVmL$}Zr4mDA{)Eu1nBtwZXRUQUOsUGn=z2Fa!BcZ@ zD+;h-3adejFKK3fclRn_kJs$8WoG_9@^{UB}8^A7R^33s<{T#_RL*QTW;8b?M?1X`h@e|WZS=h?#DtL z!T(TcHof00U>;(nX}?Q&$yi7oCONesqoYi)>(&VjHWVY0&~=i8S9@|P zIaN)=QFc>TBhK2%(9n(cI8wuLq4s*M@nT!dm*j7T+w};{$?B&1xA()|fyWA@#gNiK_StomA898L%9%k+`3 zwggee47(@?^`l|O=yj!M2#s9F4#K>VCy4oyUR4+|xHbOutJT6mw-&&|F7^JP%FaV9 zvktddC*_0bzzg?H^l)=Y$lRy^c2~nWneH{VGBg%%e)q04P-o*84oW+thIPfa3>Cv& zGk1b;oh+KdW|=Up&aZnML4o$?fMnsvGq8T*e{M`F*_#(OkOyOyj&uhZV?5wZ=%T)t zL`%k68vbg^bN%8j&sNj7#$MS#Slq5C43I^tjRSmIJ$<}-fNR5NR;pj}TI4j1^=;i8 zE5Y?)QSLS|57?Z*@a6QJvdy?3t^4MdioiySg`a^rY>2Y+pGRJ6ks{tcz={UXh)Kus zeX=a_Q85vZf1I4I$d-;a|2?9)N*)-FYOQ*Nn9DfO&++A^U;iX2v9#5IM~(;c>h-N z`ZCJgCn~!qOSQ<$-MsNQcVGQT{I)=b3jIVXdqtrL^ZIV#+-HO7;U4^=7W)SA`4h!t zj|krty_0k>HSCsG^DIXbkw^c!5CG;z2HX;L=HFM`FnH3NV-@mU-ZtTYMN~e ziWi`v7sr8gQQGt*u20PlVVYF!yud+sUO}K|m$%|ov_baC--~_g*vqtDS}HNtY+|Xz z?dfF4Rc=`Y$h}nC>UNLpH08j-uhtv03u8oM{q*Eg7SFR&pYwrVnbzR%$48vAD=?4N z4(0cJT%!n(80%a~jESXB6wg@QqTIjeyrWTB_ad*{r~6!?Y+i6uHqCoUTsgJpbI@qt zwmZh24IiVPMxrE=Wn$DeIcV;@LsJiG6%_6ucAqP#F6Hub4Op6 z&d1juf(h1Wz|}#{JoW9Ks%j)hK<(E)(1k|`{H{EaHX0sUt+HjdhKL%_dpXR21pweqF)sd{hRz5L5)Z$y*oNle><|QqZnNrvOQ= zYU|F|+3VFv@g$!~u^tCbZD2bKq4m(aYe1W`h7Znpv7r+GRxLFbb(MO@z&tK&vTAgK zcx0_MwYA#W{;hg?K5$hXa|6J*21If&j6TN(oYcgGv$|$Tk;*yCda1T4fjZ`L*(9*k z!j(3)A9L0!MnwE0I{sAR33g`juFKA!MpIb+^#(ZchZE4kBR11AvRhsmG5S1QwpvwI ze%-q@^ROEskmYQ19k;fR#Ipd9I44Ls`>;x8lZ|Gixqx#=6x5L|okUiZyehN1V`oM0K)7G`L~wCmH|= zoNr91MK=0=5=z;Qx7q$1-r%G;Yyb%}T>A4lSo9jLJf6bKqJ$@*0dO%`+0+>XHLrgg z2VV&K6K0xlyEeVYAM^SWsNB+6Zxu}?NiQ($0%DXXawYsweD4MAB)3Q3N)Dn6nyyR> zo{G8qxLSQPeCvh0jG@^pzYkjE=W6N~FCQpB17FpSYcdHO)q9>aLkHLMn?`f1j>dIu z19i|G4ctD`?(43v`{`*`{**iCTAY@2VTC|4w0J`*uV|nhUjGC9d=KcplUmuz#yzVux$@^@t zKyt_E!np8l86d4XhB|i+Az1|g+JY>Al_iNpaB6D2J`aMjX{$W z&g8}+f~x;@BRTPMS)&L6ma7{od!g)eq(~VwI`;feH*%N!bff)f3M~8K1YF4DNsy3g z0x}*Oj7Bq$?%mNpT^LB9XYpSb1`?PSakIY*6KEM{j!}z$QltTu@ew@i6GoFxkM^|Q z;-|X8#o%ATv&QQh0%=$<-bhwaU`%5SXiKB&XQ!UZ%>eO9NSMUsr|!jFOux|>q!rfT zMQa@IE1hh@uRvj>%4Ka;g(Z5O4cB>kqPp#|cWEDNu4MUgZbYF|H0Jh-al~{8h;>X3 zz+usRpF72nDxL$(bC^{Di*H=|;ga%eM!QN>wrKl37CDIY0vCqEHG+vx0U4MQ08ls( z^{=@AnEzNR&gIwmKTE~`v6SDUJExIf+Bs`XJ@GwIKw9P}W|RJjS%%MQz@I}%`qQ1T z7_Uph=_<-6vS3WkZs5V*sMzG<0HufP->^M%)vWo~U3>;5w(oSQNm8%@(X%5{C359H z!7+pBRa3nMmkg>ku&|uVZYH3{PAs!}sm;q?36u<4`v-#Ecqr?X??pgs>p#s7vBE%s zM?ls)6kS-jX8#1`>~B;a4rsvj*f}cG4M6LkpftPi`~N{{_7jxu0M@V_DA2|-WZuL1 zi;yt&zsDWnx|QrYZbsK%V1Evr`eQl>jf1rA7%VNS4ZNDy&wqR!T<%`symxq^SP%=U zvbQS3X&+7_cc;eHJE(Gnz{*m<>0c(Wf@1ymi$Apq9fzM!Ii+w`?)}xJ}{3+4HD$mAR z#de`%Rjjm)7@&Qsvs@z%!`Zg1D;??{xU39l&JyD~;VS1BhmA{RT+&pHFbM)oE!xbs zt|D!uTesqR_^Mwr3vNpq5XE8JOm@RK6h2m5Y{*3T@MZ@-m%9<`I^xwn#Mm zGF7h_F%ER}wZ$AOZLRWsH$DOxDa3=s27BNBI;1y5XZe3upz7BEGrl_grtm@?sypYx zGPFrd`F`Rj3Fk{L1g<~8pDDvyR=Pq3kV&ODxpigxbk)%)p9CebEcCFYB^1t*@YN!c zIC4L-{7715%?0W=4Ca8{%^(i&3)wimLYJ=Hgo`4*wew%;NK48_6lN!um1Sc4Ksog#qayRq%Dl7n|!5=W8I zQc{hO-GoY#$y#+aVC-Y6rRejMMV1lez`L<)2@KeI3e-t6gX2U*o6l(xWUiC@P}@ns zW(0po`3ePc>+Lk>369sL)z`7-hMS(7*^uVbfJTVziAef<-i@6E!u-EZbW_TM++j=1aRjpduL z!-J|?(*9qpFrq!3vyhEPeNR%F>}Fx$0b7^M`fOY{E(bHv9qu<<{9vO6!`9=^!&KLq zKU)fy&EH}QYcB65FqmxktgWzK3^>)u)!4ribViYHrHMEn{@p{=tWh%cj++}6>os)U zh|7{&@t?lS&SnzH$37DQEl*(yaGt}%ImJ$g3vqI-_u84Z#YXqva83MiI#-^>oG&xz zrWOasaJOs5DNIPYz|Vr4FZ-{<@Np{T%puRn4>mqPPZrJ2bq6?>KRs&grfq;T8#ekl zzB+d^iJB!2fm6L6fo5bn=Zr*M$B+Np4!Jm)s{LSR{pphzLe^6_HV1>UTYfYq$EWCB zo4M@x+O$eH=@Ob)BK9pl2-9+`Q?5S_*X#@@ZxJUr;f~+(nL5_otsUCPVtYGTN4f0I zlx9);i}ZS^;Q^8K>>F@HKhFWkWkdFr|96RjTP|r7wwJfR{1kMyV0Nuhz`5|@QCB|E z04{&16mtISp2wN9dKHb>`j9G+RsVDsJ|ipTg~wI;ApL`q@dsrK=>vfC;)nlIzr!Ih zE^?w$LUzMUH|k#u*1uy$VD6k&WF>GL8s=6fX{?l9&DvICd&gNv`dt42yZQ%Ma{vtU z53r3NV5_nrSN{XH`U7kdV?&{?8!uKis{fj$&}gd$9Qusg*3T*1H8#2jUHnABh{L4e z03|2qAJ3^z+VbnKs3*~xZA7eUv28XDEqmtGqun@42JAHT*&F8lT+wA^ae^D>(Wf1) z(Oe}2+q|M(fUw-{9S0zFWsu-Y|j zSNZXz&ya}*i#{CzH*j|nxySwf;yBJaLeeFxw1i1hiBAfW;wp zVlquE9=-lDWO1^(0V(AO|Fq=09p2tBJ_U0s%-&{kYv}lF^dvvY7G$SuRM?F;5@d%0 zzo7>2FH;h*geVDqtH;MS4((fWL6Ft04zS~dDETj~|Jc>?n#dwd^Y~Jih-$rH_S9Xk z1Ps~gvhK3cas3_6Ve)w(F~kchfSdMQ6qj9lcNbX7J@ITnsLYwh}9w?%l_~ zI99xBesFv+{@_5MY6Xjz`Iz2|JBSt){uq-i+<28h?<1D9U197M`E2l0IIS78Vk8)T z0;gc$f&NSEtjmQ|A4;N2d1pUuOY(TM*U!8Z*M*dO457T}t%8lh>0~Bj(xx!txkHCm zrSR%#%3<~ohXR%#4nfQKL_ZvaEPps?F66QNkAvn92kW`?_tqz$Jr)+ujup44f0Wd1 z=vo3;wX$^%jpCyl6vci>u+CxQ42xa`{5Ar!qkJB*M4gOw@VP{oeooGBzViB69@o-V z^qKQIg&@howugmtl6)50@$H1nyksSrp+@hL)1O0b<7LB3aXm<*B@EQd-HJ{r03oKSm_T&rYsD}B5;mr7+TW(5veLA|_gJ@bgK z4A3q&XmH9EgPu_!O{Z(#!~W|*h7P#^_WM4_!NMsD)Pn(Kai4d+9k)VwoNY4dmKWDI zcqY8102pi6)_6qAh0c+tB03R<=K`Enj;zWqur5Iq?h#c|1Z^ zfBE=L!VROadh=pm66Az?Zb!}?a?$x<*Jb&`aI{hyvcT$gw2jg!7uMW&$x>Qd)z{a) z&WF_sPJ<~w4(A=aQ9bS2Nq^r>O-%(;`4~B-Fxv^Swq$%0fUdaf8DwTj+rzQ>4N5@X z~4bM21a} zL34uzaA|)wa02&X&sEtxW4=w>BhI*p2EWx8JjCxm)Jisj?}w$sM;w{6@{%Ay6KW9< z?z}Zb_@;U*5n9jqQS9ZV5eM98e&4D0 zFeZ&QG}CWQhHz9LIuFd+a^O#&;;Dw>?W&Xro-OU?UXkM&=mLn(U3Z(Xbv9E}ujQ-F zF7f6XdtHt;i5$*;MZg9h_et_AJK58w1mB-cda`!>D6l`C)2_~PS#dYf1LS%Au@sC( zzTkgGD>D%O^#4lo5i*K6Sk2OP0C@xXU5?$J!w~!Faboq2lkc;H0zI!ERGaQj?1vLB zDwm&V7J$is0Wj0^EPC$pGg9w!O&(LS8HRIO5{M~YY|3xB5)UQ$mD5F_E#Q%95l;rq*?q@&J#8U$>y z>!RP`aKt3yqE*f%&cWC5J&$SUM|lzYbbXfk+h@lHty&0+;ODb-U|PB+Am{hTco{Np z+^wU)%^L6a<>5JbT|AH@j>?%D2kMI!ocET=U3(tQAw_kD))r?GWFas;T)Xa=e7!U3qS$J|F9 zoB?w4PqwRUsa{zl6^Aa+B+#Y6 zSj~MF`j0(}o$on}M4~UKroGs%Zzefz2f-Rxz28$mJkU5=<1~}&Ain2b6P_4BWFZsr zb8o&8>fmqfwuc?N(fV&9$lwC36RJIa!CjE|okq{GFOg<)W<~uDRInHr{n&-map(lV zI9q_bmt4(&=r;sLEbdc$b^NME0pW6uzM{PHtgEI69ZlE>sXe(mJtXRdaFNEMYI5OY z;~r7guqS^;3w=;w!9V(}kSyY9R)o_fG3ism@du`HLa_&sSi5qgPTTkeZ>-odMEmZI zO7gMGSxocpwgSdPNYiHLP@)E1!0p3_0D3|P&U`Bn)zEW)>_|o9s%+2Vu$F1Jikpwf z#OmY(7qlk*rHytRV{nzOf29y&NhRco&&HZh8N29~Y8%x@bq2R#$|WYCRhbgS;UXR;kJRzO(VI%d=>3QNSXuYd#=#cTaXu=?sTA_?K z&!!nGS~)DOUpiqyd(MSF(v}=%u!VHV`^fNR-h8WarKRpjP^U{z?L53B_`2vx=xM-U zaN`0hco@rDO%%9Ckn$v#9P=zrSThFxfU+FX@l#m#y4Rn|Led2!Pvx05=0az}1-hha z1$UeZ+638hO$joUS5Ot#b`Uw0q98K2a*r9s_)fc0XMFl3O>DwR6CgX?WF^eM5jK>L z)BW*5TGY61=vl7h$a-H1PwS~<#&|xPT&v%q+Nrvwwr(nDh4C41K*e1#4gBsIRyGn; z_v+c;Hf~Akx=>W(H2S6GeW&B*JiKdEZr6vsSYWgnZ|`gUjCNp21zw*FXakFyIUs3zroV!S{P?ITtg)%f#QGla`pMsQ>K#~S1>3;>OR6>Fsx zUY*y3GAGOt#Xkeyz3Sh^WHM6p3vB zZ#IcHtc4hgY{cnriGJP~xpiQKhO$_(wr0-7Fp44^KPa)S(UsHuGQSLl#D@F6=h|qU z?Te!gM4}`u>vHKo{T*fX0y!sLGgGLJ-19{fqv(5a)N}7Ca(Kesu-lUDq#!Gx^nfGuU%%0QODcS$*r=Cvm4Y6!o-{HWBN?{w!7_^`K@W*Ddm$9)f&- zV@2alQ&sVIrT>LS7flsSH{a>*%X#bot#B6*1lyp?MVNh$UD(;n>|X0r*yOFhJ8nL@j|h%#EC}?lkV5;IXX;DR5lW>?lIWOe<*=tZ1&>)CC7=fl z>UWnCGHMSBr7@4PGC~gp<>~sUug*#_&11d>XI9b3Vo$FV^Bp0Sp88$jGS}=eh)DvQ zXe7a0;+AxoL;8v;b0(<3)5x&5sS98!u8_qtF3ol;-XdLJei4rqga#!36UpacZ-rvJDeukY zd)=9S$=blP5`LX)9kC3A#1E?~?rTveIR3$pMJAYSry4SYW>~?;n{G|g9RS`*TvV5p zP}*%h_;EiVVYHh)@^ST%fy=y3VBb?7uhu6RuzJYqI>ovg?wxzz=S;|_ZEvfxrQ_{{IK!O=0FOQ1o{jo z8YLBL6&*JvsPFtJj&+Os_$U^jjavtqs|Cd;x~0jpAk2Uib9uUXC%UxDefULu)ktbq^70 z`gKqON4K578z=vj(IBOQHsK>(TJANdkuL3Azxp(`9%b4BG)X(Lw#-Cpig+wtY~$Et z72f@4F&dqnQIwa&;9t;R4=F;&cZQ?dx=;dcqnYQw1s@ux%YxzMS+7S^0OSkkP;z!6 z@Em>5fMM-TQG|C5zv@GV)o$@DwRC@8kasIH`bFn-SYYzVD8~A`6paJ7mp%_~wAM$1 z=mP3XB=uzF6_BS!@xVKUqRc8T`&p{gu*DGW+rBtAxFq}O>}&zU9b8*V2yTZ10U}} zB-PHwtbU!S8aV{6da4#oB&e?bl4>+g^Mm@RY{U341A)!eIH!{S^Q0097J`>Tn>?e(m~KERg)q(rH%a+N~UENI*aW)Q=n ze!^^y0b|CqVHc&UGKcM;qr)FcKbzqYS!HuPBCFcHh}k3=0@uhYE&N5y@}Ek7XilY@ zlP7li`OA(Z+#}|HL_!C$;;CaM)%Jg9VV7DV#^MBiBdV zsPt{l1v)H_fiW+3)JLTmOLf@!wV<(#Q-6I!T}S768Y5C{L#3*^_7eIwjnFRseHyL% z)9Ox`?hkI_Ywl#{Z)H?E%3@u;$3Dupyrr5fC^hh#JiSEQ5jpLIwk85F;kQa5gJR_ zn^LyY^@2?Rc+@Pptqk_Y9vg+@;q2U1zoVoxd^b*^M|&yRl$_7fEOq`O)~;k;I8s(g zBdl>v-7(9qQri~$S$M4v7Z-`ATP-8{;}J15Aw^VIoN)Gz{XaapLf}vQrt+lR_SV)G zvU|j&rzFtSM|A8e#lOhF9=YjdO=3*%?;AWNQaP&X1g_piW}eh`6jGP}RE`zof67M$ zQhN{lB4XU)CZc)+VR$8xZ&e=CRm2u?-Eh9=OHBtv$5W5q1KKH`+}H+>kMYQ-e9=hW zGbr!>u{3Bt01h`l2Mlw!V3_yr2!@y0sl+>_1DHD4Zv_yzX3w^xhI6VjbbGM1`vA6p z^d6Nz{B+oA`=`4RoR##e4t~b#P@U_dXw;43J(vs5kF$`iNSgG=;$7j4pKg2C-5Kug z4BzdY;mj7@(a2|B<0HE;1^WEKB^`^oO%mR}v+I+T890ISD7s=7@kC-#>X1fVSYsi9 z7_RY-;4i-blmK0ZT8^8Lu9L_i^+p@wS`G{^y^{l_po{6HpYVDYV%9ls;FHQvo@9&T zlP6?2G;)3AtTVPS5-PU;%uU9p zc)gm#HM+NGX^p}a>tZE!9c4bwX7R}}j@EX!MmlX9 ze(X`R2wb~S3N6*xw9@vYc4GQoXZ{d zoT2tEdo1p<-&F3hlO+-sz^nFCe9+}u$p!x^3TXt%nYYCh)D zPT6Huc2l+PHM59NC3)(qvIQy60kZk)%!2UJPcb9CxcEL7j zR7&}lbUR@*?}31Jm_q_gM|w7*#uzkHRrP00M1#LXj@}Uc^U0IyQ|P%kk9kRA4`cwzoRa1;9a#Q%-B9XgwTaHxK1_K( zVIbFu_9+1D1-A}y&~afICbmuA$DvtZ;+i{I_12Pg2NrFZ&hXzve@rK2VRJr13hhSu z4-&4#AR^D1c<>1-Kbg>gfVK@S!b!hR<_k2$65@&WzvdWAqMc+~zd4-_h^x8whlT%! z^?Ps)!jXx7LAHe<@lopnyeZ31&n(=qWS6i4EON98Go*xw@{=YtT;+0vC=*nPTou(? zdQb)fBuUF6ObsR2^|Xj~ElOKYo*bXNJ#x04fwNx#5E*zTqD+Rv934J+@>@tYvXTZC z@4Ja^nCoUBw&c5=-&BYDK=abe4(R1F0(|wu`?n4xh46QYp#R{$(woT1kHnm4nmJzf zS0;33elS<*J5Jdrol0|qX_y%C;jc#@KA!BoKLJbr!MlhU+Dcf`W(kih%q`jYQ|HpX z_DV$#57={R*&q0$FLbi54apom2RWxc#1fTm)|$(R>m|9uu0+M?Eg_fYF4b(z$23C_h|RTG`lnB`mfde|6w&9**Y0nQW6d zj6IA->OXmM!2J^6tr72XK1!Co%o$oUW>A%?+2jnKO()g#ui zyWza07b}@nDa$rNGRl*9o9n-nHH-)oNz-*YiJo;*1snzGk! zztW_d*jXcUa^1e9TWJWhhgcZEPIPz*Ehq4AC-1?O^=tzu-=PR|lCrw`87&e0M`}Cg5U;#_}>x-Iu41Tepui) zUkS-tM_Qrfvmijo(+5DID$6($el;Z8q<&?CI!}HMSMobjs*K}`rIrkSn!IA+g}VV# zuz_Pk1#^mziCY*wYD+o3LX7=9CW{=kvnYg?U9hYWwulKUEvtNkHFz#HD6jNVvvk#! ze&V18XE4kR?a7nc!N&LJqePqa%N%kfW?{8bN(!AyhrW$jSho$TA%i>1ck! zr1M5p?iU;K3Psm}bHap#YI{x?rTztnFQ6WOkOkt73lP6zqELu`l0E|nq{yG=u|p}E zLPte-xj`c3JZe57!Iv9kwo)aJMHbz;=YNsn z@%)c+^v(X7V;l#iKaedn`%4gw_aLz_^@qu)*mu?jNnk4;;?19(bH&`jAO`}rvxM{%f%>c*kzMgNdO8nPYy zbj(W2Pk)o)B)au4Zl$_>{mX}otwFDx|0Cx9f3d5LUVJ$E=SDP2HlnG|5AS)>`z-lC z%m_YE=R&5na?B~fcJ7fy*8|t>jl_%Q#P_*$YhjceRsCb*4W-g_txVH48R9k1FW@he zWL4&rUO&`5Z~<9xYsAC)#cN50GKOrlU{q`?C_7%Lk76TN1jI`sQ~k zvyzz0Q`&1GoJYf}5tY{))MvE9I;;0@G!>AqQ7ERgsuSH?5vode{#Jzi&--`(bGp!r zk8RyW`Bg!!w=j9hu(U@}K4VzC533ctT)HB^;=Yj?15@uOsxIQ!CkKHF4cCIYVZ0|?Hznjx8|B4{-$Sf zyHlE0uEnQYn%DWm@o06^5qTNRKftGHB!&Adjm;f7+< z;6AFGiKaIa7h!x2HxHW-&2r+c?T4T(ZW2C*8-%!d+UBNUcSCTow@eIf2$rXo{Lj(~ z-h2bFG4$zf{Go6BH6Mz1H~W@!tCAT(er5Zp5|KO8HM^c*k_Yb~oF)n{D0Aw)=Fm zZEiQ(EPci5-&~v5jWuHhbvM%*LvztYcQZ|lRd+M3yO}1?((YzjcQfsN-AuDsBfA@D z-3_$v2AcW?T3t4S;TJTzj|L#Z(W&@oK(4vwtko77p~HoJ0gCnH1O0IMc7J_?{k!}r zsO|1UQ2snV1eIB<0~vD85t|$j>Elmod*X$+%f60;8adC{AIip_@lbpt zeS3>&O$8&E&hv!$^wF^g8(C$po9%?l7&Kmh^-kO|jk46)3B}A9Zndz8N&wBfXspg{ zfc1JDv1C0(gv+=oYYMl#7qGm{eEKMhXDNXJ@$OP?C3r#SwFCcWZQc3vw^05O5-+p?@|2vw>&ldx874lIesCG6wGy^E_pb5okBpfHY9Fk5}x@N6dxtS z>5tAv@QG<~SBi?ik~ob_b@9R8 zYHfB@PQt&Mn#cY~SCIss@bTKik)}HBGu`qM6M%fqDkHvoIZO2nj;WidR`v29HSIIs za7g^}p`s5__UoCi>p{*ztw4zfxTr=hu=Q@_l=4CvZu^&RIQB-L=~jUl;^>w%?GLNQ zIFt(tW@T=B*|{pTUCYlc7S(agdwaz1(AD;K$_q8>j&W<$-ZU##Yn9xk!GKiRiC*mb}+}X0|7=lJ&{<{9^XUAGfa|b+E{S z@O`Ri5d57;4=?tukTm^N?+t7GpW5Nocr%@|(s&`Yi)r#4ddE;R=W8c(;~cGrUZC04GP&x+8UQ;i9KL zN3Z^|@<7X~zQ(cxySin*#==4~{Z(yE41GA-u6vC|vkT0AM?~qQh3dN()g+7NxK}J6 zRB1Ll&SLDY-+z*&APZh~Z=MWwH>}lrs(n#hwO?`aJD)WHw&udM(H@SoYIv|kSZ32j z>#PFug%{&{*@9FFHQj?P%1YgXEplzK3tsgHTa27W`Pr7L&#(gl)UUJf^(A$$yfvLZ zo<83q>l9gg`qQ{i|AQY59@DdqHO@m@omOQ+vg!t^Va@favis##OyKGFyAzh4UvQWo z#;w7=5O`Y~SkD?#(<8k~2+elZm_lYqsH}s?I*3fS6Yd}~K^;Vf;MYN99YoeaWR8P@ z#x#(a5(+Er^)S$v2J(`&P1&YtesP=GBZFG#%03WVWvmPJI-#DUS&G4Q1u(36ZA0~# zmFx0f;o)SSGTfKo%va4`NEAxEGMI zb_lQWnD~uy`8s^KE{Ck72ATmZK$U&|797KHslr8M(We8NC4!cwfUHc_EBqAfsN)Wa zrN&H$8N?zmjoi5!sU{+^$q!-BvN+zlIP1OFuVXHd<^9xnP1fl4g8RJa26wM zvZ*lIoBGLSL3N6Quija;CsIrDkE+_z?>nok1{mX}-tW})UiG1bo>qXK6c_iin2=rv zCOzkcVecKD*7MEQFpbl%shck}tY7kKGpSu|zR0VMQs1GN7Bw^9C_}UwEWp6$`d4LT zmP3K<7lW-A>Wt7#jq>Q$xF2;EXCW&1iZev3Y|s*D-AZbCEu!nm30L)Akiu0IxS^t~ zMbxVn&&iHp3L$UVRa7fBo->xjSPe7zPi6U7Ve3E&+irMwmN&fbqOm`u;qOHd-Jpi| z= zZu5g+Vn=nZ`^34n2@`8{o2CH62F?a&KY8hy9}cNYH#fw#7Wjw^fIaaAqK!RG?jJ9i znaUv_m!z}}fAgmo!Xq`GJ|6BzlW7!^GHcuc{XpjQ+WLQg?Pp8>abb(zKVAQ8v#^&n z<@ZspOxa2BuNf;Y4)ub_x;&_W8mzYQG}5S^hi7N*S?JxI`4pk6n-B3U+=CY(8Z2Bh z&lJ&(ROxs&9D3eJ5j5pgNw^oJx5CBDVbm&e;d{ZTffFrQf-uDtaHPM#a^Cz2jgrt# zq1--LNgh!3Psu-}%KcMFbvX8}Jpk6tStYzCEpXsjxjUw8(BpOzdENtbwiDk zk70uz9kKu0-rCxFS?kd1{T5J<=Y3JXYSu&g7}$b5>K!c}5aus^&6q-8QHzGJK3kBA z{+@kfq+WGAcLyHRgx%bS{kkyE)C;TrtoWlcr@whCfZPaVIUjmAUkDW%JfUn6y;qjI zNQ>>NLV!7;ju~eGCJk5eV4&%Iq|lXINk+e9O$iaadc!S6JkMP1|kWj)SL2llYUG?Oat~Z zWCSnPx-!R`OZpdh;! zj>z6;kjvLopeH@{oMx7$=D~%qNi<^bQeODq3aaz@H3z0#`cCbUG#u;|eCG=cvs8l& zF=0es5oFJl!c(BHSXnU;NBp|O8heTq-fX>bL;9Vei7jg9grD$9pa+J_~2$3*_7 z%CQ%CZsNUav2pqtAezZd{*Ii>9<0z z@U**GZ5q>5u2U;QnsOdRO^&7d7PU&Ea>0sVipN0Fbq!)KQH$HuJMq? zSpRBR2U6H}!`mfj+l}n}60}8xrX1NWN4v|>E)?i;v=NCJ4mLGIve7%v(YDWy?b5V$ zg~b}Na#^~08WkUP_Ay6a2@EqbI<;3DW^=l>VRGujN%Sn||FS2vXl|iNk|&-`LxLxs z(S1zr#P_aC>;$syVVBt1C3YfWT!jF0LMt-PtDP~|gsT?1k}Ii8?Bqq}Vz^ymXOo$B ziJh-jKe2OX;fbB9(+gU4h);sh@|a^{r?!nQu`@5%C3dcOVrRBPU-{h5uN7y5P25!Y zDJhdv@vEHL*_5r$#qx0vM2N@3&X^4Mv$lL-H{kR(Fs_uW294Gs5jLE`-Npg%<8oSgJZPN@HO)vQ(DshEx`y zrgRpd1*WtB)i?$EbAyB^Uq}m@_(NI&=I$0On<<#H?fNBi{sI4ox zV+Yzcs03=O0?C`s44kQm1rqD1SNBs*o)XS=iDMuC5ARIu;7ODUTjH7atSGCDab8-x ztdZRdl7>hI7ZHbBC8r1xeA1DCQ+i;+McZC*n4HE3Cw{Y_?;-ls4l{%M%ZH zHjE|{#2T0r(xi%1*!(cF;ya%v>nak;){4~V5g9ejdO=K6U#4aQf?iWh~E?JE$5? zKitxPQPlACFA(m%cjM5k;)KZh=Fe!Bf)>e&3Qv_M9{ZF7ZBy}Mwj}Cjz(T0q*P=iG}C*$QhC)~nqx%0^h5&SSR(39D|D5ug6N&R|$ z>EBH;k!VVtGW89V%z<7kV{0!g6;@IHx-Dd*3eu}QapEMgBqnTyY?#I$iI zzZTSc!;d=s)SD2?Q(1=Ua|ZN>gFL}03pLQ@$_V9B1sN2^PX=jdf8;iet%{TfD~pwX zEuLhs*dquidv;w?u)7VQA!?>sChK5~5vj(Ckx2_*H?!BvobB(2#-E=nd zB?LWaK*)guLK-=mC)yaqtUSCxbq&Y2VY(m47l8ixthnzoM* z#WD<|8jMZIn(2aNUJ03hVF2f{0LZV~ne(1jwt76(1(t|Bc5+eNF9FF3E%9d|%W z1EE<1t^7()Z5cggK*(_eLfSW)C)ySkzs!q6-@9Mwg(M~nS8lP-I$_YR<$9kdP@`;v z5!#Y*rUaC&@sd7{l>32S~SuMlY%^I!2r+ANyg>aF*z z3kI#)uJ$ayZe`Ybo1wFD^FTNwGWAmCjvoj)+kxf7m7!YYMS3Q>vqLle%+reJ8AK zql|o!T%P6PqecS=X*sxon}>I-;y4ELxpR+dT6y=#jUGK}K**5;LRvYRC)yg8;UDD_ z0;E;6bdF<_dX`QBsGPyXS~fLcbDsc&v;-jBs4<$`A~9A)$Lx9%x}SK#)gxgrn8tZz z*!z_-*_bs@?Y_*ot3Y$y-2++f@PP`ueCUf|(+)a$j2fR9xh`M7p0Ki5`OeylUk2{e z!gV6uCc67wIA!PqfqL(#^F$9C5OUyvkS31ii8hACL{r+tN~BF>Vi88B4&K7CXAYg; zF~v4jaO8ioPj{3YdBuJAUlH&9bsPCw3DPnUg)k#$;Tp``0*WP&r90@oX;43YWF7u} zB5Zl=#KaUs@Inoz!Q^g`tEoAowY{b-?N53E&_;_f)dmCYdB4xx0A-X5T9tZl!dVbB z3}>zV)M#H@uSWZgHm0kqc`paCR^)AF9GVvi)Ur@`L%Wrs7_KN;mz1x57s+Y>=Q1{p zcd(J6wT3BMBt?ldzbseR%EVJb5dtzLTDOBxD3!4JnS(iyF-~F(yhQpV3hJ|_}tg|Zg z(a~L*loR{)^>Os+27}}Zu-Vop)0wfjvBr=B~^lNU<3c`gN{vpRrtwYnV833eC>lh0F#D` zAT@qd`%_!LS^iUXcH|$z{Hp&-oW3?DYPkTtug?L`B9Qdq0Nfo z`N!lGMMKqUfL!e7HV?1(_l-ZRBy9ZfU+DwLHa%fF)5d>(b-ES4j;RhLs$TOxjD4d~ z-%mrZ>6RmH4(PXWPee*zK>iYv?p&)KehXXLU7jtWzm!cB;F49&MOfR;4tyqC^`-2r zN@jIDSk!#C^l4uT1S=n!?mrcwrid`$`@Dghq-!j%MN+T$dh+3Dm$D^(S-A`}8yFGQ zQ+>(3(1O~KhWM|*Yk6GNdwhgujYOPm@aLhmDtq!HLG2Tl9c)`gH!4L1v zM!x0%uvhpHt*jmSo8iidp`3pt9FMe!P$pewUmBsjiR%XyiRfPqgh^)8X{0}gu1e$V zM=`14*625rj5B|ef39~JO*EB=VaJ$m6Zd=t<+4xNvNkq~ZCLmy`JbnSwtJb2sc5N3 zKNAS@u$bE+LAS%AZYTffR=F$XZ$+M5`iUdvfOF#qfy2JX=|nOACW`c#l#p`XaK4aD zUE%8~tPa_)7For!&~b@aoF)B0L=6|7MWf^5jz&VHG!kc};KE zZM~xZ`*+2(`To2*Ajh}iP|@A|)2r;}V1rb#7kF;sy^k~#M->7{%j>r8v)Xnpi`EQv zvd~}oL4hNLs1~Xq=OrIp_+9!5z-#z%29nhon@D;KPY z=(nhA5LJp=+`5EiWs|ARPK3)T5HxB3TiuE54z`{tcOv-?M9~w$`grOMVW6HBG*R5> zDt9i~Mz>f|190`edf!NoKeBoVv^7`&PloEg?Dpcg6k!lX(l=K2acKJ;7+2t zj~{s#?kq?@i;El;wJO%d+Edx`rloh{g)Uh`)k)1c9L#uC8`FpK^yhM5E*hiJ2nl9J zB+{jaAS(9 z3w{~~K9A*NPw|v@Q@4(3J=)gZ-hp#`RNFNgEPKg(Iv6TD$OIyPbW?~~=@l4SgdVv$ zdqaT8oC80myNX*Pv9r%qz-k(6fYm0}g6RL8hL#J=Efm__E1vc>^+En;u|tJCjj|`8 zDkQ3=nl7T1)aPV}t<g!`r&Ck-z>7z zghDlS^YDxHOOC-NwK3QiIR;beJaiSOfhAWU+EeWQFkt@T4~7g5PUdzV)QHGej(m)g z51czV;Mrc@0ng%XqGpX+tYIwfpwP5S_BNFNepFzf&qJhsS#9fuh}YnBqJ5^EiBg4PC@8NsL8l&i z$qM1Jy``D@fj)JtN!nEBSgOV2SMckEBPyP`wHe2mSRcLL$zoD-;n)iz)bm?LtZ9Xb`;B-QGO3XjB;ESN?#8IEwCEGbbAqWEr+c** ziVNizBt{yg^|nE?}EN$f$6fjdAZ|p?2U=fB{j$JdM(^h~i#t^7Ut%A%93dmLqtFD zT-wSB(`z6h6WUB?O+UI(=6WUZQK4tOB3nz+k{F?F6W|{o>p93$r@5 zqXLB015j`0*|(i%D=ORW&bQs26_xGTci*0Uw?x^nMe&_5cfUYb{w3rGttLAap`}W^ z;9`ZuN&SiU?(zzcFn<3E;Dq>NHDnP5*km_C1}iFL1j(IY%~w`mY^(iKeh~^{6B0pWjuzs zf>_~u^oCn(_Vo%j2*?(gf#VBj(-dEYZ`kk^gpb14pd*Ygo=qQo72(fu6;6?iZ5AS& z?PQ$YICe2#SjMpJAszrOl(*Ro^|DuO(N!E{@Bzq5I!0C?1W=1Mf!cr(K(@|S5XMM~ z)DD;cx)Yi0KnkE%Kn0MEye$9=pq5q%)CRZ!YCFn6=9&X)17ZN(q2w(94WK)eyal)c zG#AOuE7^3`W{H={yv=r?2T)t}TF7j^aS(I|!rFr&K&=Hft6&1++p-fUGx=K!!q^0u(^Yl+SKzFL9LFdmnpUNROi~q&H<@BX1Yd1DR_Ms0-=u zK=Ll6$C7!QT}W?47Q%KRy@t%%>g8YCHdJG~h!kJgq(4^2FF=MzFhEAfFhIuVDnM+@ zWmYBj;GsWn^n-cTLS$`L)%XwyC^J8^TGxK!pZh`67YK@kJ>vngoq%{_H9qeF!m_9D z7@ACJ%ZM2*kNFKYAWIj6mdfxp8_=Rf>MkO2f>XsQS>FxL6^*A9P7X6j$znY4V&LHp ztL>y6v|$%ZVLArWwv26lgnz;W^Fw{b{jYQQ3Aqi1jugtwp0nNHgQXp&}u8!QbK%Tlg`*I zAwc*xY`1mx>N1ecJV0H7P&Qk<7J}glV&%6Bz06JsrFGh%PQDu8E6KKtuf-Qce1&Yp z@m1u209WaeM3vik6u@Skx7b5lwFA_1#|HPy1lc+QoVo?|{^Q5)N6+je6lh7}nS1u7 ziFV_iFHtgVQG6F{90Z;}na?qNVD~t6)0xqPv7cv&aa%ww1_h}LATHd#n|k9YHohUS zR3Q%(pX6#H>rn&hdDCck`KuoUzC~?GJNN@-nM_m!)Vqj%FB}ENqX=X_l0e3y`bqTN zi>>W@AStXwcOa%oakD+u4z3g&>?=-yy50h#E~c2WVEv{U+soss(NRc9pO7(VZH zXfYd?V(XV)Fg@|Ut?C}fA6krStBGhg`GH!s3q*Ts4(8|7S^^+jfIlaD+mOk`PGqu$ z|8u%y`7I9za=K&rEsqXznv?uC)$BTLzt#yd7S>$Qc0!uAXPoT8sNK*TY0<1l_S!RP z$3koN8Z#3tN!TaBcbMx(B=XCo}U*EjbO7(7iJkI7=-}!!YF(@@>BST-bc?(%p!3s z#Q^mtUXr-uRh`SRu_l082!}0-?}hms0>bj|C700+wQ3V3+1fIu7*29?tzh_8Jj?f3 zt(cpPjXXQ(oyL;nLGRp*@evzw@EaK`e`kRcrx**id1i}mpBl8&wgym0f zj0RrnjrMPcfthw~kaO#SBvsGJDm1*r-zv??($6x&s*+L93*2eqjZS>?z`T`ufLfhH zwy}FgW|{)(O{|Z2C2{Qzc@1VOBh&8L&0I!iZS}^H8yw7H*XBf^vpOT{tWFTw6--<| zBxBY&I}CMZry;Ypdh`X7yD_cCSqCLEdr840fXjbZ(~+1LmDFcp64qj5B|W-YSOHf<1{_uS+F?QZZPZS zY}F>8uh^V@j-RuJ2VGWk%6L}U=!p?VTa1k7)>4Ero?$Jd!WF~{Z?)4geMNz(2Vb6; z9j+{PYhdnAuo^Vp4q(_;90NZ6!Pu&7__}GMimDUXE z+O4`cEdW7+>ns=@Fto%_;(tKnp8{mBa5`Yb|xIwV9UXS~10NGB3z$kO?>@0X2I1+09tf zR)7{gOS+Guae~pI?2x*!GXc9t$*tM~vU{(@Zk7XK6fMZ^Es`b4X7$d}b72B7rm=Cf42!z!f0_qK;Ac{?0JCL0&fUx=iGPGYH zOB)6rrnqn@n81M_!OFAjC{#cX$Onv7*>44817!$A0JrZxhlc zF@j@{#5HE`_gi{lj3R*Y8?7rWBMjK_6h3pcJlQbCa2;5XqnS;?t)N$R3q7F3xL%3O z*6S$6PfWYHeCZ~iBLjs4EgH5njRMRaDiB&6qfr2|FiN1+pPV;tI=sZ|!p zVlN>B;)h<)KP5WPem^8?X>`R6j<~V=M6Sz-8UnGjrZMPE-SiU5ZXR+oN@@kH5l-(1 zv@-PKS-5x6n4Q$i4XxMk%tP;ZHXM51$g6vT;nYG>@7oj-(i?51=Z1}MQ8Z2cFv8id z_xsGHSv$3@@xpHcFC3?r^;5UWT!6NkifGl#sD4qJ@2Ck6eR!cU2VLFXPhNVKc*EGM z9SYMW0OkHs4$R1T;T#uaRa_NU8O|HkswG>$_O* zy#Ssj1ApOuh_RncLZ9AjgS$YW(!4P31wD`y;c1@eVB+VzUHaEwyJH6bP_`^6#qKkB6 z7)=^N&0#>8u$){nb>#W5&we?`W`S{4|M+2AC3tbvkm&7@te|HWK zngz-HEls06@MGenqWJd19#L@J9tG!!etLUS>xgEt-!LSb*V`Lgo3n)U>%aeg;RmFH zuMhIvKgavs>A(4tyRn)$-KCMR=h1&i$%Fk<;<%i(55zOLq~q(vh4uBW%W(1*!mQR) zn7e|zoxHS5|4Q1g$z;e{8tgDiH3A>xQ5~ z)0P4KTAaxpvPZ7NE=s2ThBQ{zC?h&qE{i900UcMdBIh>vhSLnS`b9B-x0JP0vUxtJ9=*ERq zjb`!CI~=X`f6YSwFW&j445vJGuHD#&Z(dXQfwh$*L^PCNuix!RZF5IVT1RlLXX^8A z>donFW&8EXmGxETg&=B8*hf6qV@BT?6&2iQ2tZt59Mi5>3!bcY*-mcLbT-uhhgH6 zFVkc*8_q9tW-w2vgV2P z^d$>C23VL3OD1Rksj%@Q5^oZ*CZ32@)C!mXOu0Opvo!QxW$H5 zI7bY1Ehvp!;3L(#XQJ}HD52$X<DiQf;Y1?3)P#a_j5ssr^rVo3w zG2Tl9K$4OW+J5E&i5Cm)Vy_D39(R$`aAP z8VHljrtriBUK(dVib;){ZAC5_XZ{9(d-sT8$Cz%zE67kzz_`4P61HyPqvU@UcM-kJ z#ZM=qX^FTzy3bDhRDCAZ+um^YW6w=JCt=HtGZniu zB1(Emd$94*b4MF{L@;+sTp3%?9O9TJK0RMgKpyhXizuErV=txBCeF|$HAul+(w`{& zuJCg^L=1i==dm8r#tB1*<-a%#X?NUkWt@LS%~HFkzd%<(5LU8fx{ z3`SI9xiOnoQjDJ;?M*}Yh zJ6k7PTd(N<{#}_gG~Cjh;r8~}$Tl^dx?^>H@EA>%V=wUB#CsoUCao$Ckk;7kjjfF> z_xRaEz?-Dc8O5 zYYt4!-GUv$wOlbo<%qHO_v}R&ijjojJw`6l?Yx{dLOBVQWO(LJ zaWtC}74X8OSN-s`o^R$9HD08qZtl5Qzhw6{sdZmpWcQ_1d?*Z~#zIAVihv1&hLzx6 z#oQ^cE!!^!TjYP+ilUhsEe|A$E6i7%F-4AVq7sm%-w2*bDMrl~u; zq`#Go1i@o3MyQ_ND>ifH{?poEl zKbIcc;7L_+sy1iM7y9P>&o>v$7tGKDCK|v^p2h?Uc;lB&H+&@Ah^rQ5-=noV!g`)~P2)=(1G| zGo{om{%Py9kNgdr_$u*_27BMUEC~XEeO?#^~g+BN)tf1aw9{A_-)SCb? z909Bj!fgAwZDFQaA$=NRm!{|b(3xAkg-h@@eLJ%tm zHIUVjHLyP*R+h;^HvVwAO$G2K)!exp#E>%tGMivCAZ?%4AdTuZArpsqP{MA+mHgOX3)%+tu*DzN#(&Ig^7M!3Rq#G=U@byYK(y?L1K>m0 zAgKIPsB<l(L@F2ckBA{p)et# zw3oESwnwzDb)26F zw}P_vH5+={TUL;NOGrr#h@}lr-heG<>C5yCwe0pj+!-_OMaQccD6e@$+CM?Gl93{R+@7 zz)i`l|3F}PO?(VjS0q02HVr?Z)DbTZY^CxJ)61g5)!*}SW!pE6SVz)dwK;dw?|tRt zI4vs}j9!}0X}XJT*0$r0T;`w4^1zs&o;%7r?$GH6{1RIp)^w)FJ33}txYEH~Vi(YX zkTo||JN&^RPVf|({eWG=D~dWo_S|gFn9$$dufp3p3n>jjf=Vf)V&X!bQ7cb<$_9Lq zLXV^{CUoUFVq2Xnf4iUneKO8aM(OCBXNg%s5F&6PSR)G9bbf6=iIsz?|CnB|dzx=H zm*MSZ$0UuS2ca(vjs4L!F~Qe^W3e3i{s~b>$VgmafLI!Hi9mrCAAx8?i4iZ&TNLMx zT{f-fB7qvaqXQL&S?@sI{Qo`kS2F7Mxpa8Si+mKb!$)jpW&FegnQIZb+UT?(K?IR*l-fUhO*GoYiN`(`Y%Ff z0_LQrNezFZD_w(G4Kr&mAlOHAn9a$+5;eW#mQJ4S6J_-qW2<)g>pz~O+6+i4VSABO zIR70TZbRW3eGQTyS99{43LhliC|8mecmBTB!*F2|f3%9>>fzC%Mf^Pt(Ypv;8m#sEJ`7fO>nPZEPcDpO7WW%$&=DDdU+*0XiHP;MIY|Iznp-Wc4Xdr1|p9S z0@+LxJIxE8n9k2Li2Yi{uECF2&398nkwdEMK?qQOWTK9*w`h3u3;D-bF=n-d4f5EMs26gv5@s1jB?lJwj8% zEz7@9sVA3vbuCqW92vUaDr6%~OC3j^sX_~W>PB4=A-%Sdyu$%|FH1=CF%)XY6%CI* z`ee4Qh%42ID{WGesJ|IrLQt{>M4XgTy4f6$WJ zzmfay{EX(q{Go?MHX8DEQIAC_hU{GU2OCSut^~V?fk7#DcpjJVHp*cF{Cg{kzD2O2sBAG2m4M0qy zJy{OBKFFkjO_s-y3B~+=)j6lmAWx3dDGD>J3(Ay*lU{>>xI?V|Zb81f65P{blf!C2P=O>AIuT$~VRxt_29L|yZ_SMJPZuMs1=26QD ztnYj#U>#M_2wo=FooHg6ZV}NYB&&pFabQBGgJrQeA4y?VvodFMH%Tg+@ZWx3My=*V zs?@YhWi5|=b$J9=QnjBgI+6k1&8%RqXw^%!z`)kcHWOJclC^2QTguNQ&qFX7V$?8W3 z2EFznPQWmCFy4WN;PUhq#K!?DBjkXsb~u!R5H@75%Ya_N!q0>-q7uGPMl5%=nJTuVt{_< z{NE?0k`ez~#FPkm?Z1dAfb9QGOs`rD|Bs0&H|IaZbkoB5pNQ=`Q9juMRzdt%(&wwj z>Gm@h*o(n>`>TBB&hlm=FOv$F$Gg#*tEopV-p){{@1Dc;J2Q6@dK-HPCE8V%VdQv# z&a!TzkUY*xztx0^@RLf*4brpA(%Ee$T^OR-66c?3e;66;0% zhNbq#PVuj?E&{QyyCGgm-6i%&Wv}K_B6ZKx1I$8Ic}0#&+~$>MM8z6|1Ox#Q4vk`S zF1nmS(JT9grLRSzA!XE`g?RcMck-*(IXug@=lz_IBS~C`HV4&ku@kRnXN{Y}Rv9^e z5|&VO&(dBy@Pc1v`bdd%OnLPYukrsW4IU??m)AcoQ&IS&hg$nq=VR1-i^bUeq{% z0k?j?m)dqtyq9$Gc1mwMao+Di5d-LF<+&oQr~a(r4G#AIhCXgHQI|@IeOVF9v1If$ zLUpiB`JyM{ve#rD0UQqPC|1=-bfDzPjaHb8*O0M=TF2S4D1a2%0}pSIgU&nYeR^JG z?Z1$g!ng9=y)}E_?*q5xez^J^4%a{BoRJ8+%w@(pX~;t!6c|1RP*g`+Z-RQH{aLjH z$0{?UxYD`UKEKN!ej~%(Ds2#7C-iY)yjk55Hq`<0EaE*py=UXP?<`B4zMdz#VzvEX z>|r6cv3RlgMkBMqxPfTXV0Qg4uTxHYGihSAZfz8h7IN4VQ-*3B(np_(9d{#s#hZtO zm2KZh&dqSW2(^;YcC9$YzY^tVPKn_F-N+im3tO&`*E^xT@li6Snm?W=vJk>-c?fn4 z@bfnkI1%!7;>0laRuEK+wQqPGYS9GqhJPWRV7)&^xt)2tnhT#+q9_spw|ggd@h65N6iOHBeLR9=~)@$&! z1}vpW@!mhtFBJk)rcS2oe?~T@sJK;fkYLvpbNq{(YIp|#%Mlkb^daeW9+Y0)cRe9L zgB)MrNn<7xw-7}IA2xbWs#2nodV&Hg;y+1vHS2JZYNU=IWhVh-z_>=n$ko$6KgI{y zg{eMgb#-xjhEsM1b4LO~VtgdV2&dos8yhP$h>96XA`2fy6acCXBv3vp5C%{IKZd4O z*c37iqRCJfm1H=L;5(fKc4#j#dfOks8Zy*#6l#Z#+3sj_EOKFTLsq37yepo?@X2?` zTK^s37_NuTHjAdito;*5+q}KeXb|P2)aRCjZfbk;#}(cQO85u!7D)x?I55)jrj=qL z?7~RCl5r?ozI=|bgQ=jfcak8VqmmH{(wTf8Gdq0Iz>X(52%=7<#2X}-(a9k65;GbF z5I?|`oMm@)1(UTK0v+{f8g!AG_kz%7SWL_FM!&kg`u8&%XM#efi2{&i^G+Gj*Nx#* zmzs*Z^&=gJQ3h?SY}nQl;Op$sC)SPir!?w}F)hw zdk)C~iC4|yy)rY_(L2fP-5=h69I8(o-MPrjQt1ekl*{2C5b6N1cDf-9F{XzV_;&td~c-HPXh!le*$x z4K-O|DKE}gP7E;yk7=EF;J{B6vZL5PdTrn&m^_OM>f+EKT$USG-~1kwfYnnrgg12t zF?O$%6l~k|?idAGbfSL1UMaE-PT#m+kqtc`+4Y9S}1i{=~?lgtB$?APneN z9~n4{m=~jVy8*Zj$m#JTPxna)k&maiB{28%*^9LQYIA85e#jlD z3via)GTZANypY(NlGqzoyn0eZ6zmWb@OtZ3-0Tvh`0{vsxsZJBPE~&KYj^s6JibO0 zi=?=jec|V>2+p(m_EZvQ=f~&$l=A-ep+j*tI^6#xXgF{dZAKzN8hZQ@7SwDGW#_m4 zc7HiAV%5})NrA?hv6u5C&^0)6`(TaR8D-ni;=5L}oDWQH2yQ+_(R4YeTD1mc$44b3 zQt}txIHBtpW8xK86Nj6kuFLPZP9UYhW{5f%N|M@fo7btNj!@Ntm4&pP3479 z_A+qEk|$XuIGS`NVfaM@Z;29qE=RUWI3t=tX4H&tnXc1W73y9Ao;Xk3q8jUM5nc1j zN2UXNxqt8F9sw6TPE-}zQe;Pu8EdlvDtdS}uOBfVYcl}pW(DCxP&3_F}QE^Hh2tGIJ#Q6&)@@kEn@-UW#pNak~XTzRX!ih zkF8(I4aByQ*v(86Tu4n(-dD>$ssG>F35L@0xGQDzJqk8vgPC_Kg!)ZkuLB&*-83|% z#DPGL&6qv~D7wVf4amR(tiq!tbNm?WzsfgP5oOf!z}3qNub38wJ>&d94JyZ+Ez%~Y z?7pXjS}@&Gs#+l_%5B*E;? z$TtF(OpvP3@-1Jv7|TUJXR>ll_M`x8CjZtbXRpUl4Y;7iG)c~)Zrh?zmvT%T6z^Cf zuy_wp7iE818kg5JMJ$3BKIufr6E?*~Bt{Tehsh5rdxQy1jiOO7P1F)Ge$G#vyaI+Y z;{rpO#Z8+)choa-Rpa_hLhO-UV`G$uLjW5 zSbyexI*c9!nN%~JdIQdjvFW2;Lh-*5Y({E%RlekX

dk_i~rXgN=TD-_> zej(ZE_0y1gHTv}P6!cv$q(N7iUi<3Au+CL1j15c?4K)ew_tj7J zTtjLQ;5Q^2Zi?yFrDbJ3_tVx0(21lk-o)e}GG;7v*rUCs1+Uq}44n&8pxTkaz>J+x zTp)mZT7Tqp+(#35-|vXCw&Al2bWpZk2W32u!3n6W;s|n|sk{?$^iqWZ8g5GlpkC8 z%lrwmWy?|U!go}ieM=>=l18QhpnPF~67}(1-Ud8g)z=Zz;?|gcoBx*fWM$8SQDv)f z;0urVL55nUNye)Zr(6kpdGRPE%fIrtV1mAZ0TH&bA+!JZ%kC)cWxl?O^HZ!sG04Jc zY$5?tWL%xq^I&0t)_AO3a*YEv^Mn9Y)c9l4#ry&B0}`)N^(dqJ@%I{Y9MVJ+72Nwz zIa{9%(i)lZY_L7&cYyYysl((=%mjM&xw7^6Zq8gft~gb~(x~AcF|#?#JkvnN>azp{ zfF@&@{PzItU5s?LhczAIzb~|K-DobOm^l70kFF%f=6s3cv`Sg}Am%lmZY1Ehhx^=; zPC8^Yks5=@B>5CrzVinh1~kl=U3f4c{*|Xs0Tg$u+%6}pv5L)4BDTMwE6YZ_cFVza z^0B@7$8sZcpOzq848p z*x^1c3Y~+TF>}-VORxNR9Pv4o)VB(QDb9thaa`g^=%`M@LM{IxT4AqJg;9@QHLN^k zh~w0xST3uM`*XQiez9Mpkp&0qc#T6E^=O}qDWDI5zdtGDHLah>^1z4AeP4`R<(#(` zmTvNZCPuc3K1t75AMePjjDI@f6~dqqrj{ z_KPr?fRLKo1LqJvuYuJq+-mIVtJ4K^FN z_-ve^-rkeluQcanDIuGSx&b5$1OK`Owk;!F`@}sFxLHX7#gDqucgy$rA4DU(R zLlmCmRL07-aEwB-9EreXeHiEN-H5V#gOH5UdXhGoSV>n)Hu|-m{+&qk#m_rj_Qk;O z$#6=8>@RGDz{&${>zs0R(}krgR-~qnsFJJsfsJyl5?xAekLK(vk@@d!PwWltSW>r4 z-M}=yg1H|4SJ`@E5TY_>BU>n|^6#ANDeSc1i&dtdO56q}yh+-MkWzRL*~LCk3M=>f znLdz~xNGLfly$(~u18C0dgPm;` zXj$S01DQr+a+P_Nr~!d9T{XNav~f=E)AO=k0ZW;+KbWgz(SL`m_v>Ya=L$M`bU1bg zU+$>~jpD3n@};X?a(?sal@D9y_T7)n25xP1#1xsCjNvkI93MJM%!Crj^C2S&qr?f> zZ2DF)I^R9gnpZdoKecm;gWboSDIRo#0 zxR=s?mnYSdmrRvYn{2>K5i69q-?PzvaqH7Q4*Rn!2EmcCoV90i}@@|F*+Bax{44b|-s% z-#^@M=y{TLNY$RqthL?LL`tNODv^Xq__AyVV;q?U!L-!YrQ%(dnfDU0+yC?IBaYQ# zFHbOahaanrJepB}@l0MwDSSusA~x&}Whd^=#@c)8IroNp&p9qo8BZbR4HL6m?=W!$ zE+kcAx^JXG-(_nU)w7+U`0&G|;swG~)ce;|N^%!g7lx$& zJu}0;-pIK9=$vkZOwnnQO9_YVd+r@vt9}w$ZEHNQaJG)>X2|*vCg;gd>}H4V)HBf~ z8QZ;B2&-!xtEb|W(7?L!EpOKA!%aOay8468&I}!E>jmcvyQ-=a+KSGDT4uib|!$X696Od$U+^sHbbZnc9-lRU4+5TnY1@f)wQ^l;Y_Rc5749T{nphm*Mm0 zhv>((UNL&Z-%ItH$I4!a(*bM+6IKsrJU?aR4-)Lw0HwcKaUrb0Ij|gK?T--YbAb6| z89H!)T!e)5fpk>Gy!b+Ys!@wl57Sfpb5uEj%87Yjgs^(TzRk+3>D{U*b#6JvV zyju0M0ywnhc{b3Lwnq_jGTcQ}iKCM|dkbg`++wK_z}{ejKiL&^qn{9??Ybceb+oiC zaRHrv?=60GqpQ^z3GON)bx5&eG4Pj7mVNm)Ae+#hUBnx#Au*%rA^&lCX-brXF z^?o|lk`_~~g(pO?s%>6qe;aTT@_V5CDVva;+8?I|dg6l4&}tkmOGATL?S2-Gj5R%O z3fk_%&u-{8k4Sb{o%d&G2JfX>52|l>t(HNk)$g}V+I=WBKfxed4x zLT%tYn)yajHhJ2gS=K_1$ZXMOCVr14A7Gm+FNN_x*q0oMCdBzC3L152;0hmyuc=gn zf#^e(@%|<(Ng914MzujmQs14KBLb17=ugG0(4vI^xNAvNGAhNc0WgJ>y>xIY#Er0O z#M0MI(3-@J3o?Zq0dR#)RnY^#@l`U2A?MJ(+o8+|d5Y}Q2jWS|3QtXw8EUW$U`6Pg zx938s=-j|E-BBV^^Mh)7FoBn`8vysm&jvl^2i8eIp12jMAcc@}1GqF_fS6I>J|tCq z+W_U+UxKDvIU*>Yjh1`1zb*Ic-^tuL8Te849i{Mof5ODu>3Y)KoUOOq)1mqUB^U!0 zv^PcIU2?o}N&jrE#S274D|pa=cBrsXO$G6wDuZ5%kbEd?@b%SuCHZvv@8nMC;G{Al z#^p}DHqPp0XE^1wQfoe`IYg-+8jqexsEzJEmS82aaQtR0gr5rTWO)%J1xA;VlG^Nr zlc9&f_Ug>Ol>wD3=M3Wgy>Qepe}fQ%2rrT4DNXYb(ip`JaiwuPG`VSP-HjG0G%)>< zPhbFaE5z0qWaaqrCOg5ge))9320tP>W-DvCT!p}sEp0ZM(s}j+qEsgWp zEM>eQVk7jRymnM*$RP_6-E!wqRcfO|)GJdHC)Xb{?)kJmt(e5~li5(JEt)vZiIB?1 z7L$F@8yw=0o2aGVy| zCOe%BAAS$76*XUvP5`D|EExWyRWS}sYRID(Ut0|ca1o7tG_C@`1xs&Ht@}EJoGRL_ z3jXc_9%r}88}yiK%OfTsFJmrjM0|X(b`w>m>^Mv&s&wm%S$8I4HA^L?MNGaul_?eT z?(ZX#s~Ue4ir1APwQeQVl>QpjuCF`o1knmNm&Ztj6+!x)?2W^I(d4*R2Ss`lAoZ)% z_PCpCleCkVN0ESZFyR=+z!7lg4#3eQW1-?9#=*9F@oWRp1Lyoh-h}%|`M~8u(O^v) zH4r0QydW`NsuCS>p;t0cCb9kXJz@<`dVhkXF@e8;mBhh>>OxH_)ALa8#vnqGfd{h> zrOV5nuXIWU{} zUAq5^o1fWtXIDr;FfRzdlYn`nSn8>$YC?RS$!;la@ z-w0iXw<#EX#f{$SZL804m+Ui6uLYAH*bLLU?F*(nXzXT*?8tI*oU7 z!ZtVYG#gK!=oa%T0^zM3fS@L!Cr`0b?C}Tk2l8SN8LY=G9zQvtNGP98R?a&rK#X2L z$KXM&Fw|Tha_GsnLK<}xi<8WxGeFtFUQ+NNJ#pr8SPa8duIV<@vNUv=!7qPChEJ+$ zNqp_tM~+XLWYzcv-~?LzYc_3G$9T7n@~oBl=Cn?-YcFdWOtMa-c9sXzrh$PxwP-u> ze#Q*XSTZl>uR3xKgU(j?EgQ|UW5xnYdIC9ZVNFd=!wSm-nR^jlNeW2H?|^ZglB~Zu zz$(zm96ssdU>z9(HpGx@h;*}Bl!bw`J*CwaHtwr+(BO(7gkSUNv-0g%B@^s$lkB0m>^8FOualQx^tZZo ztPX`@I|I6;x@M)d1z0j;6o%Mp5~r7c>3S&;EvH8H<_ip7s-tobiX~{sop&w5P`M&m z2SldC!|I_UY;Ss_MulY)F2ts!@c10Ap_PNLs+!5v!i5HOiHBFIqw)=(HTM7dO1;!| z4m=9>&5-4EU#jd>ShAMf{)F+_{)s@?o3M;Q(&|Fwrz#9BG?LwCC6_CZ)%UlpMFc-U zgc?cng4CfE)5>^1ImVHVns|reI*pSrj@13TZU;gDnPOOIHY1KqtAjPUcw!-mDr|s@ z(5?^br$Uu6PiGe%Zs0kZE6_fooyx-oGss?-{Z<-D}z7G+4i5;v20U1yJ zs{DR%j<|mpyY(42XQXceSo=>Y?BakksOJ%UjF6FSJ2`858#!xM7gKHOQH#_cChWQ2 zVteu^+yu4a4weENPW9?MxR^+O5&Xng#$>^W|GCas4kzte5?A?~R2e)AaNd;-{64?j zJ%P?R&d$PIDV08vyY^y2ZG30H6BVGXBMm3BreaBFzl%gI@Ipv_Z_sc&9bx_6?=Y-7 z-Ra^XY16%`rI%ami(EEY-_)Q>kh|NJNTx2&k{?r$JU28u77=2z2Xt_!+b-zU=jq%Y zCLp7d;~;SAJ5U|;wGg~+M%PP_*NvRDVN*DfX|OSB)u;7P2>gu?5B50ta2;`n63^`= zW9#6w>7s_K)4D4waH+Q>NJC=5zj2by7YH^%@}5R&LHrJo!<16O1nMm)GoM8jv+U2g=Wo3qvk+Z=-5uoZRz_8gHMrHgFl zj!HiC0%u98@Ac~4C@iU}+%$~ooL+)VY}T+W##BdmZ?G;@Y3V(LQ3;E16|{oDnk!bvm_YF{`XnF~Y~m+3Ye_F1RNBT{ZI z>2cf_V$rXw_q8{ApAo+GSLiQYE|;!{TAYq*3LVV)tx~8+by9TetrzE{O~l* z`uxK^T|95Sw8x)1*(xQ|b@Fs~AM^A!;!ae& zRWZ7+XULUdX4!_fLO|Wgwqlq%``#t7T25oD^P_WrnYbr}zbfzb_w8X855e@gG0PWg z39BMImLD6l<&o8oq6SxGybAXA7ZtJg!l4JB0R}5Bne7j+^;Rx8$Wx=1&W9*o==YiK z7+1d^oF7JZ9%dW70Z~YVqJlhwur&bKJ5WeYW}A!i1>E0Y{wC9CLb;ef_3JX2z}fv9 zH#bki>N9>t8LdEJMhgDAI>-F#z!s=)dY$j-4y#5F{-`746KwiwO9In|uL@B$&-Jv7 z%;voTd0j%pi6c<-4;0Fv|ei_)}f~#Zch!qJZ6A>)5-{iaPhA`_s2V=Yf8V6+t@GX zq3N(S_GPHp=^r`)0XUj_{W~8UML{>&K#jnyuRDNa~Yn`U{=B zveuBfTYh~B9Uj`o(WGHuYJ-L;K`nPB+ZuIn#eHUIEvdPUH?AepT-y5}LgxJHOcnO} z#R4p&6y=5{BEx9xC?#{OpauN<*nAF7n_M@I&<-Jy9caR5GAKo+{0$ooL5#~GRD8kV zO&Y$I$}`elWd;1ZgE)oKxqlyrUTXNsWxfTj@A4I;%X!Kf@=ED$4w0fSFCan(vlhh#0__-;WvoHx^B2C?p7B`rq4m~pm`Vbjn@DSFISE8Gp#8T zi-5nc#vA7vOm_>_51-}-;Aqz8P^WvYfALAF3|xb3W}vb^F+VG}a}rLikMe#8UPuP0 zFhPbHXueUe84{VUjO!k5l}Lj z0;8mtjZPH}N?C+`d1Jy_u23^mQW78be&zp!|7BGLMLfVfMm8HLHYumARK2^`p|VYk z9!3vXz5y8C6uSL!>ui3?`n;-vYb*RfY!-=8*fZXcSC^a`$t23?q;|^XOWm&E^bKLi zfE?&EsPArXZa2qQ2`11y%2Lal)n}w2W*M$m!H$X$;8-b~d+KY>Cl539yT1yxtTDF z(LDc>ZZ>r6XRg`?z^38f&v#aeLzK<0aKgno+{I3N_NAs2z==&)&)xZ>kMjb8|ApSY6?SY zjrg2#tj13Z8_adMAL+4TA4~S@-e=20JeLeL|D}q z$b7p1kBC1_Vl3ewHU|2F4g!Dx&gl{km+H|_NW>8qI0UpBHqNR1&lAUu+N*0VHO`nx5HtRUAu7gRYWUDvzQxW*>-C7) z9MIE9;hhU=|AQSEajl=+B)`tXa20{-57X! zM;RGQ53x#hn+(+U*D#gG;m#o`3nI)9M5PR3EUQU(TPsyMWxXg5{nXU@q%Zy!GjVHF z1?x!`&Uk`TT{eFjuj!$XTrRn#N;-T->DnIF?I{yAd?rjpXkFVG)oo?C^A3?K6vE}0 zD;T}Wu6715yyB@Q?Tp$Q;_NH1?!Sj8VQA&*Jp+ZE2}0=#_T1~FkHZGC;E32}M)~=* zxdPQaf%Mt}Q5#p!ld9>SjoV|FTMrELchd+u66Im)mgZ6GTUiGI@t=L_ zY}v7OjmVGQ^DzA4aJcXP%z5{ESLQbXnUfY;twVrUcjrRMs1T9&tS4(oTWt}TFwdp; zyxFh*9nA8vtvK54$@Os-;Mh|_va-Z9F@Ha&_w9KKP_qOCZAaCw6^%ZwkG3VjTo;HD z@QL__hEhE4W{kY@puKGp#8on3qYt2RA+^^ogFdoL!IrxUp>FM& z`|StO)eDn$5c&KeS_ig_7ti6#5fFiZrPq8sqTTf_^lVbasH++^LJZ&t78oT_^ewGt z!(tEP$Ph`tS28QBi<}{+G#Q0e=Ln%%%^OAK97OR9C~_BD05mFYWlk@`bqP}aiP{-$ zl^WO;ku9ezqo&6yN>ro06$MadXkOucdr+^RW%FW*`>PMH%E^dc^sK5wlwWnkv_po& zyrt6#fop&6OY@m|uwl+*&d~g9J@%;0GRRu9WO`GPs8F_MKR-97(zL~j6LL8~8;mq* zzO#`hSZ2lg|IC2PRwGY-183C`^KV{@o1=QPO)jI5UA3Cjd!zffM@#x#-dh;A7@2ju z)89)bbZu{z9~D+_-33bb)Akb6#@Vme`zUn?r^Ax@oOD^7S|PJ_T1>|GUP=Mxv65yC z%RNqTalbtH1Z#lu_09G{?7a#`Li)lUI>)){wsF_%Dexu9`mmp4=87(^*H1* zK6FIjYqlRs8Fo64!bvlGF~T6nTe01X+HoA$YWv$~_&)z9^^Q*7HHC;bsd*5T9sOSIw)t#goWg{w{M6E~$lQw!KFl zi+@;EctLiGxHjF=_D;3J{tl2TJq^hal;es^xg*Jn%Id;{Gt@4{u5Yu#b)JdPnRvwp zzcDL@;D@l**r$AStr#X+r6Sm#IBkB@w9Ns}XV>qqCoR7`rlorE$R<4{?nJxjiTd=anjZmep*FEOE7K6MuB`b8Ho+>f?54?3Z5| ze{)Y7qd69`H=UXM>`I~}Ip&P@G^Tkbr$v70ck*|xQ%mQL zIKED2KA93Q(-OMURZW>+oM+FAF1p~*t=6`1Y5AGxI AH2?qr literal 0 HcmV?d00001 diff --git a/Solutions/AtlassianJiraAudit/Package/mainTemplate.json b/Solutions/AtlassianJiraAudit/Package/mainTemplate.json index 1a29a39797..d9d10b70f6 100644 --- a/Solutions/AtlassianJiraAudit/Package/mainTemplate.json +++ b/Solutions/AtlassianJiraAudit/Package/mainTemplate.json @@ -55,7 +55,7 @@ "email": "support@microsoft.com", "_email": "[variables('email')]", "_solutionName": "AtlassianJiraAudit", - "_solutionVersion": "3.0.2", + "_solutionVersion": "3.0.3", "solutionId": "azuresentinel.azure-sentinel-solution-atlassianjiraaudit", "_solutionId": "[variables('solutionId')]", "workbookVersion1": "1.0.0", @@ -283,7 +283,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "AtlassianJiraAudit Workbook with template version 3.0.2", + "description": "AtlassianJiraAudit Workbook with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -371,7 +371,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraGlobalPermissionAdded_AnalyticalRules Analytics Rule with template version 3.0.2", + "description": "JiraGlobalPermissionAdded_AnalyticalRules Analytics Rule with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", @@ -484,7 +484,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraNewPrivilegedUser_AnalyticalRules Analytics Rule with template version 3.0.2", + "description": "JiraNewPrivilegedUser_AnalyticalRules Analytics Rule with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", @@ -589,7 +589,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraNewUser_AnalyticalRules Analytics Rule with template version 3.0.2", + "description": "JiraNewUser_AnalyticalRules Analytics Rule with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", @@ -693,7 +693,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraPermissionSchemeUpdated_AnalyticalRules Analytics Rule with template version 3.0.2", + "description": "JiraPermissionSchemeUpdated_AnalyticalRules Analytics Rule with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", @@ -806,7 +806,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraPrivilegedUserPasswordChanged_AnalyticalRules Analytics Rule with template version 3.0.2", + "description": "JiraPrivilegedUserPasswordChanged_AnalyticalRules Analytics Rule with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]", @@ -910,7 +910,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraProjectRolesChanged_AnalyticalRules Analytics Rule with template version 3.0.2", + "description": "JiraProjectRolesChanged_AnalyticalRules Analytics Rule with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]", @@ -1023,7 +1023,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraUserPasswordChange_AnalyticalRules Analytics Rule with template version 3.0.2", + "description": "JiraUserPasswordChange_AnalyticalRules Analytics Rule with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]", @@ -1136,7 +1136,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraUserRemovedFromGroup_AnalyticalRules Analytics Rule with template version 3.0.2", + "description": "JiraUserRemovedFromGroup_AnalyticalRules Analytics Rule with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]", @@ -1240,7 +1240,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraUserRemovedFromProject_AnalyticalRules Analytics Rule with template version 3.0.2", + "description": "JiraUserRemovedFromProject_AnalyticalRules Analytics Rule with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]", @@ -1344,7 +1344,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraWorkflowSchemeCopied_AnalyticalRules Analytics Rule with template version 3.0.2", + "description": "JiraWorkflowSchemeCopied_AnalyticalRules Analytics Rule with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]", @@ -1457,7 +1457,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraBlockedTasks_HuntingQueries Hunting Query with template version 3.0.2", + "description": "JiraBlockedTasks_HuntingQueries Hunting Query with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]", @@ -1542,7 +1542,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraNewUsers_HuntingQueries Hunting Query with template version 3.0.2", + "description": "JiraNewUsers_HuntingQueries Hunting Query with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]", @@ -1627,7 +1627,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraProjectVersionsReleased_HuntingQueries Hunting Query with template version 3.0.2", + "description": "JiraProjectVersionsReleased_HuntingQueries Hunting Query with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]", @@ -1712,7 +1712,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraUpdatedProjectVersions_HuntingQueries Hunting Query with template version 3.0.2", + "description": "JiraUpdatedProjectVersions_HuntingQueries Hunting Query with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]", @@ -1797,7 +1797,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraUpdatedProjects_HuntingQueries Hunting Query with template version 3.0.2", + "description": "JiraUpdatedProjects_HuntingQueries Hunting Query with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]", @@ -1882,7 +1882,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraUpdatedUsers_HuntingQueries Hunting Query with template version 3.0.2", + "description": "JiraUpdatedUsers_HuntingQueries Hunting Query with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]", @@ -1967,7 +1967,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraUpdatedWorkflowSchemes_HuntingQueries Hunting Query with template version 3.0.2", + "description": "JiraUpdatedWorkflowSchemes_HuntingQueries Hunting Query with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]", @@ -2052,7 +2052,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraUpdatedWorkflows_HuntingQueries Hunting Query with template version 3.0.2", + "description": "JiraUpdatedWorkflows_HuntingQueries Hunting Query with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]", @@ -2137,7 +2137,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraUserIPs_HuntingQueries Hunting Query with template version 3.0.2", + "description": "JiraUserIPs_HuntingQueries Hunting Query with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]", @@ -2222,7 +2222,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraWorkflowAddedToProject_HuntingQueries Hunting Query with template version 3.0.2", + "description": "JiraWorkflowAddedToProject_HuntingQueries Hunting Query with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]", @@ -2967,8 +2967,8 @@ }, "auth": { "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" + "UserName": "[[parameters('userid')]", + "Password": "[[parameters('apikey')]" }, "request": { "apiEndpoint": "[[concat('https://', parameters('jiraorganizationurl'), '/rest/api/3/auditing/record')]", @@ -3017,7 +3017,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "AtlassianJiraAudit data connector with template version 3.0.2", + "description": "AtlassianJiraAudit data connector with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion2')]", @@ -3368,7 +3368,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "JiraAudit Data Parser with template version 3.0.2", + "description": "JiraAudit Data Parser with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('parserObject1').parserVersion1]", @@ -3500,7 +3500,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "CreateJiraIssue Playbook with template version 3.0.2", + "description": "CreateJiraIssue Playbook with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion1')]", @@ -3731,7 +3731,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "CreateJiraIssue Playbook with template version 3.0.2", + "description": "CreateJiraIssue Playbook with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion2')]", @@ -3949,7 +3949,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Jira-CreateAndUpdateIssue Playbook with template version 3.0.2", + "description": "Jira-CreateAndUpdateIssue Playbook with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion3')]", @@ -4635,7 +4635,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Sync-AssignedUser Playbook with template version 3.0.2", + "description": "Sync-AssignedUser Playbook with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion4')]", @@ -6033,7 +6033,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Add-JIRALinkComment Playbook with template version 3.0.2", + "description": "Add-JIRALinkComment Playbook with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion5')]", @@ -7256,7 +7256,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Sync-CommentsFunctionApp Playbook with template version 3.0.2", + "description": "Sync-CommentsFunctionApp Playbook with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion6')]", @@ -7410,7 +7410,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Sync-Incidents Playbook with template version 3.0.2", + "description": "Sync-Incidents Playbook with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion7')]", @@ -7922,7 +7922,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Sync-Status Playbook with template version 3.0.2", + "description": "Sync-Status Playbook with template version 3.0.3", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion8')]", @@ -9194,7 +9194,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.2", + "version": "3.0.3", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "AtlassianJiraAudit", @@ -9401,4 +9401,4 @@ } ], "outputs": {} -} +} \ No newline at end of file From 6dbef8d05898c2491a39605b8831657d9540ee6f Mon Sep 17 00:00:00 2001 From: v-sabiraj Date: Mon, 1 Jul 2024 14:17:28 +0530 Subject: [PATCH 23/33] Updating files for correct auth --- .../SophosEP_ccp/SophosEP_PollingConfig.json | 12 +++++++----- .../SophosEP_ccp/SophosEP_Tables.json | 4 ++-- .../azuredeploy_SophosEndpoint_poller_connector.json | 10 ++++++---- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/Solutions/Sophos Endpoint Protection/Data Connectors/SophosEP_ccp/SophosEP_PollingConfig.json b/Solutions/Sophos Endpoint Protection/Data Connectors/SophosEP_ccp/SophosEP_PollingConfig.json index c8a2baa04d..9ea474a79c 100644 --- a/Solutions/Sophos Endpoint Protection/Data Connectors/SophosEP_ccp/SophosEP_PollingConfig.json +++ b/Solutions/Sophos Endpoint Protection/Data Connectors/SophosEP_ccp/SophosEP_PollingConfig.json @@ -17,13 +17,14 @@ "type": "OAuth2", "ClientSecret": "{{clientSecret}}", "ClientId": "{{clientId}}", - "GrantType": "client_credentials", "TokenEndpoint": "https://id.sophos.com/api/v2/oauth2/token", "tokenEndpointHeaders": { "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded" }, - "scope": "token" + "TokenEndpointQueryParameters": {}, + "scope": "token", + "grantType": "client_credentials" }, "request": { "apiEndpoint": "https://api-{{sophosRegion}}.central.sophos.com/siem/v1/alerts", @@ -55,7 +56,7 @@ { "name": "SophosEndpointProtectionCCPEventsPolling", "apiVersion": "2022-12-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "type": "Microsoft.SecurityInsights/dataConnectors", "location": "{{location}}", "kind": "RestApiPoller", "properties": { @@ -70,13 +71,14 @@ "type": "OAuth2", "ClientSecret": "{{clientSecret}}", "ClientId": "{{clientId}}", - "GrantType": "client_credentials", "TokenEndpoint": "https://id.sophos.com/api/v2/oauth2/token", "tokenEndpointHeaders": { "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded" }, - "scope": "token" + "TokenEndpointQueryParameters": {}, + "scope": "token", + "grantType": "client_credentials" }, "request": { "apiEndpoint": "https://api-{{sophosRegion}}.central.sophos.com/siem/v1/events", diff --git a/Solutions/Sophos Endpoint Protection/Data Connectors/SophosEP_ccp/SophosEP_Tables.json b/Solutions/Sophos Endpoint Protection/Data Connectors/SophosEP_ccp/SophosEP_Tables.json index 9ad4c18089..b075abf301 100644 --- a/Solutions/Sophos Endpoint Protection/Data Connectors/SophosEP_ccp/SophosEP_Tables.json +++ b/Solutions/Sophos Endpoint Protection/Data Connectors/SophosEP_ccp/SophosEP_Tables.json @@ -1,7 +1,7 @@ [ { "name": "SophosEPAlerts_CL", - "type": "Microsoft.OperationalInsights/workspaces", + "type": "Microsoft.OperationalInsights/workspaces/tables", "apiVersion": "2021-03-01-privatepreview", "location": "{{location}}", "tags": {}, @@ -85,7 +85,7 @@ }, { "name": "SophosEPEvents_CL", - "type": "Microsoft.OperationalInsights/workspaces", + "type": "Microsoft.OperationalInsights/workspaces/tables", "apiVersion": "2021-03-01-privatepreview", "location": "{{location}}", "tags": {}, diff --git a/Solutions/Sophos Endpoint Protection/Data Connectors/SophosEP_ccp/azuredeploy_SophosEndpoint_poller_connector.json b/Solutions/Sophos Endpoint Protection/Data Connectors/SophosEP_ccp/azuredeploy_SophosEndpoint_poller_connector.json index 9dd7d8398a..71abe3fa5b 100644 --- a/Solutions/Sophos Endpoint Protection/Data Connectors/SophosEP_ccp/azuredeploy_SophosEndpoint_poller_connector.json +++ b/Solutions/Sophos Endpoint Protection/Data Connectors/SophosEP_ccp/azuredeploy_SophosEndpoint_poller_connector.json @@ -779,13 +779,14 @@ "type": "OAuth2", "ClientSecret": "[[parameters('clientSecret')]", "ClientId": "[[parameters('clientId')]", - "GrantType": "client_credentials", "TokenEndpoint": "[variables('tokenEndpoint')]", "tokenEndpointHeaders": { "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded" }, - "scope": "token" + "TokenEndpointQueryParameters": {}, + "scope": "token", + "grantType": "client_credentials" }, "request": { "apiEndpoint": "[[concat('https://api-',parameters('sophosRegion'), variables('alertsApiEndpoint'))]", @@ -832,13 +833,14 @@ "type": "OAuth2", "ClientSecret": "[[parameters('clientSecret')]", "ClientId": "[[parameters('clientId')]", - "GrantType": "client_credentials", "TokenEndpoint": "[variables('tokenEndpoint')]", "tokenEndpointHeaders": { "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded" }, - "scope": "token" + "TokenEndpointQueryParameters": {}, + "scope": "token", + "grantType": "client_credentials" }, "request": { "apiEndpoint": "[[concat('https://api-',parameters('sophosRegion'), variables('eventsApiEndpoint'))]", From d74da45fcf5f5d79de93bba750ef66dc48c5d319 Mon Sep 17 00:00:00 2001 From: v-sabiraj Date: Mon, 1 Jul 2024 14:31:28 +0530 Subject: [PATCH 24/33] Updated package --- .../Package/3.0.4.zip | Bin 0 -> 13200 bytes .../Package/createUiDefinition.json | 4 +- .../Package/mainTemplate.json | 308 +++++++++++++++++- 3 files changed, 292 insertions(+), 20 deletions(-) create mode 100644 Solutions/Sophos Endpoint Protection/Package/3.0.4.zip diff --git a/Solutions/Sophos Endpoint Protection/Package/3.0.4.zip b/Solutions/Sophos Endpoint Protection/Package/3.0.4.zip new file mode 100644 index 0000000000000000000000000000000000000000..61ca6902d924b30c649576fc4300550fbc606f23 GIT binary patch literal 13200 zcmZ|0V~j3L&@DRF9^1BU+qP$qZQFRpwr$(CZQFay^M25$Zq!0U@9R0b%_2YV2fcUhw@Y zPP@;uB1x3Rn8}cvOZ<0CTpPVE*&tUJvoG)SdKs!Ysmxt5bu3qt{nab^W99lzo9U@# zt$!+wnfNSjCa%-tGLdq|w?B_)AJSkbI!t0T<2VAx5CV!s$v=78-jyfBZcwybM$llVaZT*Q6D)yJ7sw=|Q^mcXsCwx!iu0i)thjy3U_lcgT zMsDtp7LTK+*W{_R15G-Tj8Xd1bPc$URmqcjDorb*j4fDFiK{NvW`T2+n%t@`^WpPc z-*0fwvmGv8<5nB-J-O10-y${+ET3Hti*Pe}uXVbXPeMjt7pJ$@X-aCz(Ajo?v-p`M z$rM03%11hiY4O^O&QNfG!01nxFXeNq$>OG0Ig-Di*Qh9o~B zht!nzjal{P>)(dE?vUmn;cIryA#EK^d#Sn=w=Owhhn_m>qJP}Z>}WG3=^{HZtSxfw zHMki;Q07BDE~-Qc=Xa*=1)H z3vAmtVO1B>?NlOcZnRvNj~b1z8lW=im0B8G)iX(8QfnSvXdW>nLujCLnT%m^c+!Po zg-wFF`fIBfARDddl|kM|o40udlq^a@6skFLtF?+M%aKN6P)z)P80eu-p7k>R6ya0p zc&*rrw$igvs}Zx8KjDI7DuYZci_JYi;yR}SU<%MpU&bxmRnzSHEl+do3dojZ3Pp(B z+@%r)2L_bn;3QQ~dHZ+sL3j<(@dCUwYpbMj(x@APNU)2eEj2vB&ZxyB3+>`P9oULR zAcWv1`#~zCkmsBccA%ukIhYY$lEJ&V#+zMV62JOU+^z-!dKLnF=6#)=S zi-hal+5B5jmKt_Gu`yaH=0!RVH%cfYUc{I0_3hT!oUi>$vKs>S?BqSzAj3px_tpDKXW_{!b z6T=>wPHA?D=b8S-6cKipMOKNwu^yWrEuAhaQ?#cyEG=ZD~V?3ZfT5n2zE@zrSf`Zu<)iQb{wkN}~p2m~Y$FcZ@% z^uW;U*vPxDfU<(AeNccaq-RopH}R{aTFMq%SA4rYpD%Z%xDb;f;`q*%HbdS1bT zX&`Z3K5ki|YUdHjuCfHB1##^T#X`K2*z#S7C+nwhD+Pb~`nSg(uDpXl)L6*?75-qT}th7=(0pkftC9*<+I3@>iht;cvH-he6q7N)0#f?u9i5`_YWZfsL9T(aXebxv&vvA?Cas*vbQyKj(3R z=j~VJr@f`Ol9eMDI+5;3K)<%5*AFRZ!jaDutwBnFoKesEn8<4Wk;pnVv&Q9`8DY z$9;kR=*tNU%L{wT%8!COFw3!v@*BhLB=h|yE+l~yUk_ib?OSBBi289G-|P;2Wd#`$ z=TP$IMQzR%PZTC0xDTAUFP!MPFdK`W+Rv;{=&^PIy2-;8^5pwJ{3sNt+Dee#`Nd)R zRz()$%cYt>(fRKAEBugnq13wYZ4k_t_KohMYK7Oft;vRCO`4(igiSyBVd~J70j^%}(4TKQR7L`q*a+E+ z9EC?Nw6e0je4fCRc@o8kfm)??Z6SJe34>$1y)5WIOoGlNGkb-{;~Dq#+e{$+y9&2e z+NZb*(2GRTIN!$#peD#MJ1?xdvEFB8p)ZI2Jk7uE577l5LnHn?xunPQ1BmS}VISgB zP5^hUfX^PLRp*MBXoz0|-jCQT0)ZKlvA#p?*{$kI;L)Yie~KUDtTNPOeF z<#f#6xc?c+`5Ta8E|OLQD8`?Qd~kHfjahDOxdoJ#w7M5{iIheuqLpcp$~6|J^2M&( zZzyarY{+gyB?3V=R#s=at;ja3k;Y4sB1cY(nyuFT{@90He^F&kpKouyM_o@p@=o+( z$Gs;lYy-Nfa+W9wJo{*sxig2IALwxi2=KpMJ>Jd^4i?tSq%Z{xyJ)x-gc-_;{7oF6 zMrH%x7$b{tcfSRfXd_5)&n#Rbeo^kuSYLe@Bw+nUAn(U@j+;0~N*RKsu+1NA<-V)KL_Mvvq*PJ)^%QWo+t+C88V|F=r8>mr#)arCj}t-1JtQ$TuQV;!8dV? z^r11@eUUDk|rJVIe+s2pMXzMF z3RS}cO~9@_n)Mbi(oHWKDJruVqfhJiSt^~K%eikUnwM5@8krH$uhqO^5b*Wd4wG?G zZPPMQLjN6;$X6Vqr@KD32M5s#89vlI;V}uD)QZf%5n0zp8 z?el_sEQN#JmsU$W+^nz9*lfA%bXK0G$h#|L)*t~Vquk|?1LX&66vv0IVU;+t3ca6hqp*1RJ$%8x8Bsp$a2V2h#1MJGPP?gEJ5H`(33;O& z=S0D3fz6+>r>l3O;%ZvvH|4)bp9!HN-V+CzM$loR?c-oyiD+eNg{KgnQ&>cbdaKkM z5yUqCBV;xLRYiF3l+94wk(_|V(b>EVD82Nez9$u=NM2bs92*UWA%=Q z{P|m`DZQWNO<)O)q?ZZb%PTr9^!1*k_X2r<(teDB$XLCjwZ?*n0Y74S=)=49I60vK zRV=CR;3@Yqi^KITfg#^!`>+J4{9bPDTS;Q^!Vv`~cCMa)B%1!C1uue1m(_v8wFS|e zvf|EM?PfpFO+r^e$94d$gH(kk7qVO**~01U z?fwn=^*ta_><+}Mjx8p{tS&E$OwH5X-(&&Cl}+{^*mXCH(^!3d-E*vA|I+xJz67}I z`oFO?1yUZbq`2K=bu`o*DpvmiNVz*%V?kO3mrq&Q4il7A7bQJ5idP|i8XqHfA2F$k z^uIs@Hh|;HLJ-&Y^S8M39h*?l z@x@D=zLW`N_hGD0-Fl)n5lM{qjhk-FZh^spaj1*gUVtbMB5%*<5k7GGKpkO1pZ!THLa!a zhnAXNi;P@xO99O^bxojMADqUvPgNN+ThZH9=Nz%7LnKsSE*A}H15Uw^=4Kj*9fbhevE z<&Xne!&GL~z`hO<>w%0E@}Ug<=rK-%z(Lif^kd388I-;>=UZ32*19}2$*wdMCL1jV z7K{*o)V54xN~;*E&&2P#2p&#^Z^pB<0t|W3SX9FaCAa<;Q1afej67MMADpd+Lg5hm35oNjr2>0KdT{z^{2S)%3tcrS9mMl==*}! zZh}jZ7V1%;SS}B@%30B~65T7Y*su%HkHSsboMI=1zYwoX5tzjgDc$R1@JCv-g1}Kr zE8P&-Tdf8%>fDoBl4WrvS`(%=O+Qz#YI`5BnJ{sdxzUG&f0Re7wya&(q6ELeSKVvwrV);5j{0U7 z_w0-bLuurU*_s><-8AxC?Ob-Wq4>ZjoqOU+LZ!^-lIfnIyJrUfvBy#{vS-NI3AA~d ztoaM+`aI}*-)q}rr&G7Jde!>e`F~RKx~$-~nL|?+uQlq_0szO%q1ciQt*KFse1r94 zl!OWS%StacYpbzM(UFk@GbcDH&?kI~MK4p~~nM$XFV zsFS-v3Pe+T)#kRU-nL54w(`!7k~CPY$ZZV+dNr4PCoP2c)SNA%W-#Lr8jz_P?SMHN zs#)Z|-?2sg3A|&D0B$2DE0`4z+Hx|*%&VJBL^QIUbtHY#7~0Z%@Wht0NY*NVedNtv zOgg3mPia;;=jW6)Te^>Te26`6W0&|(Ar;pEo=`86v|FovU^=bcAYs-+Qlv;r^Kx;& z48!;N*lYB*28;CW#=?6&1;@?z_cx{S%{qU{g2TWnrd+TMZ4ZeE!(?z5p`Hl|gAD(T zhFFwgRCEcDLicbNwD6PQ2~(h!@kfJb7_)U9=3X2{Mr=QrewjXJ>gcwI_>gG6ns<1` zo?{5Hn=p!CT2^9_7C*wPks)T!Z3u1x$5U!)MCR~C@(>xt4=<1GW#qXQi#LvWm3npI#s$!^Gi7BH6j(0+#$>d`N!+T+{moW6~?q zJH>>c1{nteng%C)eNg1#X8u{>8tIg}?3PnOVD#!P&H!|2$K3pBfMlrcVZls9b;-Eaw zMP)6gm?#pJZg%a5S+oeM(9(t$CAh0M1g%#3lR*!zmqn|9WpGB^U3BC z{MLX|6}_EP0zLBTrNw<{j%oM;?VMH@#o$ zef6INbY+7xdt?&)44F6vy$tC`{e&>hQw~Qzc{aa1oG-RA_|op;`1^Gz+E*o)Y4(gE z+4tSWkg{x16HGZLF6BFvV#dcxKX*Q^vOZ8*F#>UNyqD#$8pj>E{xLRGh^`XW)Ge+V z(m((3{7#7cikO8LF*pZUGnVqrSHq{_*A0vZIe3V-`uY?Qf@KGPDC6tb!)x`wKk%|Q zav`@1X`nL<(|@rPBuWE0vcqSpb)0`<{E9h_VA;(||EZH?P;;;0bTNYNR<4J?MHuu4 zPu3jR-?p=o9m#K5vaMiKaj{zg$NyaLh3X{P%D-$ zqN1!hwLN}B52br7m3^`ikv)5UOoH>Rhc*CqE$XsNT2GnTF@>9PvO}aD>kH$A&8fCU zbnSpNXWKQ>s?n+Fcjroc8adU0VBNnR$?8Mc?`V1902J$0Mp3DW45u*`8UdqqsJJM#Ap>n@pp&A z5p(oa@;7=d3x)TBG$zp`ec_2dJ^5!;#nB^t98SgMPI29W5lax_YF+KYycUX~(t%=f z#kE%5GS3HpH2tq+A}p-n=%ar1Jep_+>E5^>*uTmF+%YINb0+SO zg82P@sDujS^)t+mFEf801;*X;H|ANFD2(wrQTQFnSFl(GxjQ0zmJK*$@JM844lzRp zuQcZVh}vU~6=0jl-&^Ju6jma|sxaqax5R0zuCn@9u&P@4yk~f_Zhw zv)z#=39sQ`t6hlm#ih$sYvb%e7`++yTUD^bQeszW<$bDyNBP^727O(J?83pxs3XR= zB9-gijKn!rAFvO4mtfccd8d&(#EBUU$n;CokkpOl_R+Z7*4fzg&nBKJxdFPY41BZ= z56jxOjw{J|k~#vCfYA=OWhQnfveG_9#bBEmL4x&>7VWiWjF!)-EGqbU3IvT}&JOJg z;wRg7z{n5U>dGH`JSP-~9Y7t={~5;;XqXF+{*l2YeV!qnGfvJSq>upX>Ym&CZgVd@ zNU_jdYT<13oNiW!H{KH>GM@3=^DPyQD8g@$NjC$)({fHXPwGKJf_fCD2B(}MPxcQ4 zR)0iS0^y1jD~dSY{gI;_LcDYO-Uh~>29uB3!M(0hn9uYq!Cb}=YJL+H{1hLOg$!Uz zL7Suv!m7}xng(Q&VXwgy2A~{UghTm4x0E;u)V}k^Ib}w*AXgbIh#(4;L=qaUe@O1A z@le3pGn6bPsQghS>{dCW;LnWac%T?O#?S#}EG?z_KyD}c6EVZ(8*tMOoQd@GCSrU? ze!98-c|Ijv*BP)eBRFx^iDuy1TPr zkNb8(dIwNom@x3k9vg^5zX&aN;KF@*xOqILp$Nk;DiG6%2x`fGUC@0?&Abrd48n71RcEm)&J7f;KJ_#)BiA;MD>G zb-Yq(3fiNp2CiMF`S7%I8Vh+Xg#qgHk2n2jX37tlS_Kb07npuVE^6B}fY=(?y zBX27Xa6Rx>GU0~fD3(8)d<1#<#Xz5UED$pkP9lS#DclqLxv0N{2MK~HD%@Ep1-n7` z2CFzs`u9B~5MZClSw;{qLzrEJ=|&K4LGtieK~ISPD66W?!-aPxX}F=y$~SkhsK?+R zLv`=`!my2h`TD(o9Codxt!dQt`Ts--P_ZU8O@hu#yd^Q_R_57yWI>oPpx^HKE?uc!Vl51+I>>}<*GVvBeFS>znVgOULQ`(sDY+$)?$yBZKa;w$Et2y$^n zJaV-``O>764R&~|IgHKFm?thf=7m?VgcA#YB+UFe0at>w52g&_FHmyGan(4dm!(ZR zeL1FPhl<351{a_OB#+`C*n@U~jv4cfXZu-;a&2>zg^#n@iVjjCTSmT;2Hke6TsM(f zP|#UTsjl}#pJvi_ma_tL+k{m8oT+WxCA0B2F85LiK4S0Y%NwkuLe9qWKlN|sIaON5 z#Kv-h$9bv&kx~1Sjw@B}GBcu-+f80Fi6Dt|b5$qNx0AHBLOus&`?ySP`qF@nNpJF1 zru8}1Ya+&~gsf`)T#JAudc*YC-Sfzb z(OafEY+AF6HA@oJCZoP;%EWfgaL26HZ#JWf4lB!bOfn8uZf#n2Eqc09OUX!mE;C*; z51;~aC{BjYE~j^$(h4ThRaeDVP*0UGAA=j0DEKyz6G4~J<$B0vepyQ>(gyu-IxX%k zZtP5MyfLtl-Ep4WVBrG)GR{-A)E2$V&4S`>O3F=c>ngQsHOFf+!)Y_cTJ7y&WvJd# zNS6^}3-}D5B)rb#YKK3yoDcsg zg$#O|+;I|*WG=IE84qk8yXQ1J!R%_lp{LEVu{p7r+R;j@RvB06SGtPVt$u5*AqR*9 zhwxiX(rTTd+%ikHWtqffnY>Cek@R(=T>ngsfA)9@y_c z5u=ZHT4et&D>!wP{1D}TXs$DOzn-cs5Teyg(alUYIeHJ_g8T(Q+3=ec!sO(qW+RL<^Q)eL3-*u@6 z=fiPJ!wxPpUmv6j6Z8A5L89mPIrBGReLCB2>6Ev%(XuHo_LkMQ*vw!*0=ch+`)8e&tF--N*fTu@Ez?jWx`Es zC&C=@wQfn6LjGxHy$;lxoKUL9dJ>JOJQed+rcxO3~T9Vx)($ajG*qZra1>8hk^i4PVIEd(@sIKRfy z&-0X)G^y0v#+Ira=uApbd=d_XeXEpdXU}d+rYIDk$Jo+o$cmUkRsa|(0uJ<#gEUDv z*t@@DGAghQSI{n?YY+t4lhDasqX784z}YOQ(a(oW#5wQa*FXjcq%IZdeC%;vQQ z?@J%L>P3tkC+umw}`D8R89& z@O}stH#zs(7xbOSbA;vP_housr916Y?SVmXFY^`WOt*dvX?INqzc}2Z?JUXKfcJYD z>~rqz6zE+WScrd$I7SDodG0~>Em zfi#+!QejNV&%|)yPOWX5m)YaSmG<>79J`RJfw5_j?zd}(ke8iZ9)drObVK)?8=Kkf zd2OdWq$XE7N7v-2otk?}_q=1}gy8Qjz1$4i2dIhaIYt_~n>p*bTE-oTZu1#%RE=95 zcsAchIoqQ$Pgk58c*nHn41%kNoC*cYHQ=&ioe!2raUL|PcQTfIX?tMTy|>9})_r2x zKFxjU(~N{U4j9)g&+p8}#YQJK#l=pLGgfY(E@D%Q`v%YpwIu33Xu-o3q;wHBsyiLC zpf+a(jXjeV>zl-WE^$jm+Z|$V)j^YWA3F#arKn6ZbZ&>LH3t!USl?&|a?Ax;H*n)L zx_6UuiPc!JD0XCfjv4%nK&Q3b=1XNSTFb&c5Y!GFX4->zvdaLrD8V(7&z*!#dH|#% zJ{&=`Fc~w7$C_B7V-h5ijc`c=Sw*Uizx>?jj@YunaQUOBnw43F2Tr`T8f7zdp);lD zTL2r8*#S96-0e9*OPFBVzSZpzd5@YD19qcGbvM*3gY=vH50NF(`K3fiC4hn&18x1% z5wqAPE+ zaU5M*6=R;?kfosd{@*fyIa>Ye=d7L+o>4Do$NaPS>j+pu%BTr(C2V6$qyOaIFHKD3 zI(6?G$bW>Y_XKRC=Ba1@-DSNWF{q)+uhJ-8*#wrBB1V#zE*>ksFko0^CJ`(CKNcPu z^dIUg(dUm|_6gKkh3XOnE*vIK*(Yjft;bU)6}|o&`+XiU>&v~e1(HGuHxpr6w4DOi zI|ODJOnT2C(_6yJF7=4}p;#{Mqs*vkJ6Mk97;UHectQVl@r6 zL21&zp4Y{1o&g%{FfWP!-QkW*yNJyd!yD;0} ziQ;o;cy2_!9CE1*X7jgRrXJh!W%UMskfc*w|5O47%Q9zd_c9qQQ$1BaPzP9VS4ZG# z?^W!A*W2omQ6;I!sj0KDQxP{AHOY8%?Os&~M_J_wa-*EW*@y%`WCBlZEjS^q%k~>F zj^v~HR^H^?T@hT=TRLsUq%{vJj&tCwvX%^?o`}L(q-%?3aJwo zOZ4?Dhz+csk-}@@E6Xx6+wx4dpo%9>(Nyn$A=f=U+&dIhJt>Zf9Ud_a3Ej7F{09q3 zulnMpPVB8VSXpkn^3}rRT#A)SJa=&-Qk%TY*k82XCZx64GbMZA;ErYj_~^~X>4TjQ z3vrr|wAwy!-w%os^`OYs#GxuSgPjTUsKsLTi)GtOc+(Nn%!G2c^727CJGC56!p0L}AJbK-q;%WN!69&~C9@Fnw)XhsiO2Ym{WI z_XxC8#d(me3xy9je0gyv@i)hYjGd#Y&+;o;{+*v{b{$F|Bs3smpvT3G6n)YXY~8xS z#AtusDq@7gb5=(pX6*y71Fac4ro4M_+C-JL>hPvtku&k#9wjgIS$#iW+>&+Za_)6)0Fu}YMzwLZSNQEE1_V@zmMs9KZlL|Z9eSZsI zXz0xDREPa^y8k=+M`68US2|HEYw(|bBNscBO)RK%uHBz#MfQDx7iuoMw%l^26J2N- z3|F)#&(>7r26>LZ+*dJIO|lDbFQ%7qE=SZ)R4{wZn3T8+yzbgi6{s$hFTKEGyIX72 zm6Exo>-}Rihr7+uC}n?do-<^8D{45sm)2v%)^nojaA2EL&~yw`5}x%(R`39o?o_3_ z`l3B89$q>NPwbyhBH&gkN-j&%Y3>Gb#OHA;U)|E+-_}~k*UcCl_Iv`ZBh&tIe@{Q8 zwTPLgyA&rEMwK_@OMJR8sP1&Kb%}OV|7klDkSve>J&v{Xi4zmz-Peu+)RmTd5Dc=T zA{jty=|qKeA+>rd-IGNHzS4l~cD=nym+P(;T#xkZjNd3uZ!Mw;=mFf_sWxr@HMuL6v>`0D)Y|E~M~ zIc5L(aI}87!pFeyvUhH{(if`*_#S%Hh+zY?(`rwr#i~~#*zG%<7cLhKQ;An>M=Gw? z*8$4z)Z#lmP_CBTa$;pTQF3cD6(yW<{pTGLAl6D3b|b}~1RyfwvP|ahGUDdG~@ z;s^JQx3~NAIv?ZcK%v1mquQIY1%XD+k3wQ*@ZD5SIE{oA3u7ph=$fpF*I{LWp4B%(?s2CEA%yh zCR~IZMl#;FP`ui*hPzRjt0el5wMpB+#AjDjcih;O96t(2P+?^?$Idp*gh~#r%>zQS z)^D|1HR?pND0e4;@e{^hvq_j|N${qTc4k+tz!XUvzsSieyC3M4j;=gm*PS1zwAI?+ zK9T2(!&k)|?oWZ^vYX8vzG_n`C0gqdtRWfC<|*)VYzK(U6xyV`eGl8lR@wsC`p?W) zm;iE($0XAJ4wYa|ON<*gu^t7%I-sb3eaOeo5$42nRy9GEt2%orl;wmsw{g?HHjNc( zC9Zhoi!1EpdwKm-aW0dMp<)-&wIKRc|D8bk(RD zfpuev{p$F8cyY$r_Ya(7^5_8_@b^5I@8TRGRLY>)5);-y35r1664y}>Qicd8Z2QzfAgLs7)#JT&v}ojk|~yWA*-CLeFNl3>MK zo-jo?24MdPe?Lda3>{o7>_&;T{lPM@_wpndK$E8oGIfX#8K@{pqDT6C{Y-JvPcMcn zyA4tN{~pX4${&gO;SbbCkq}@!Gsr>x6+Gpjb%Gl6!vW8$HE~6$ig;MW#mPA~B;2KS zLfiMt8g*W_rdxa9X>zqm`(-;WeYyXtrYD?iZP&tMG04s0WO*p%wHcUB|7zI=s_QT9 zxG#OGG#V52%KC+F>b_6!-+5nxGSCa2Ox&pKxSsBY9eX2xDm|&aKg3Q#)rJ^}VbG9= zJ(h&5pGIa>yiNt06OPwpO9le5d9V9Q*T(_D`(bmD$lY&P!Q;?&x1lv?S;6a4W#7Gw z)!A{Z;$hxN$n*K%S*n1}j*{TI;f~U8WjK-L(%bZuQnAc(5#yftf5t(ii2YIlMWHCN zWv`B7;*W~{W*I0QgOxpe9#@Uh{X7}eYQ5Db9jLSPN@nMAEBKV-QLpR|L4aPHZvJ_O z&EAQ#Ti~PXD&<-B@^H;=Q@h)C10>S)j_4xbyG#EXzYky@Wwrk2#rYo#w~gws!zD zw!;&@SCJ?CESS6#`^Fe$Z(I;9s2Y5j;U3g)6p10f^=)8BxT>%)1XcnI&`gc|nP*Nn zNhmq`MY*wh#dt#V@*xoI4eq#uI!#Km`UT}r<3=S| z5xceaKj|tpeE36xq=i9!1W^2RQbD@G+=f-j15fphAkCnotDs}hp>puUs5rEY6TtXw zTD{3=8ZAfh@_|8zl9-1}@!;NG2Z+NU*RuKf5ur!2*~aR0%CHDz>&6?z!_z8<|0%x+ zv;&=-Iu;lh6j&Lry8$(4q!bEBv!iW*h$_Y-hC?17 z$vZTNy>a(j<3LiGqDjr{cP{ASZQOq@XG97L1k?zd7>9L4X3z+MDq$9n!Gnotwqckx zfNX?_+^9Cu3T6kZhc*+0=FD&I%Og(OJ5(W^3#(=L{v+Uon0_yy%nOFNC^~ZGSEY&y`QSi41~D!3|a>w3{O z=(UPo_*0d{5|kL)3U`4+FVG)|Y#k$u>U0J<*M6ZE)b3h;d zK9P{58A_FGEL>MKOi$n&(#)_JCawmNIe93nM{EE-{>>eNhr3Bwe&(GT&1iWR zN+UKrwH~z_4&xfFn8F<2x=guGl7BG?04h2P7584gU6;w+s9qKp9_Y8R2_#pXVlBUc zn+=xSm0-7@h5LJf{a;fdDm)0aRdi%IoF9?@_!s8u(wgJ3bR`pq*_-h$WoA@?>I#6= z*6?xO2&{&i!d522D8$)6^uF5(29}@iz5U-`0!0~M5LBT5``pWaR$CxoAj1C%|E>Sa s6wLp-$^V~O_kX_rKTYEQ8>#vKSa%g=z#;yp1mwRR@?U&m{-4|b0^}W?<^TWy literal 0 HcmV?d00001 diff --git a/Solutions/Sophos Endpoint Protection/Package/createUiDefinition.json b/Solutions/Sophos Endpoint Protection/Package/createUiDefinition.json index 8fe85c3d0b..e00d805481 100644 --- a/Solutions/Sophos Endpoint Protection/Package/createUiDefinition.json +++ b/Solutions/Sophos Endpoint Protection/Package/createUiDefinition.json @@ -57,14 +57,14 @@ "bladeTitle": "Data Connectors", "elements": [ { - "name": "dataconnectors-text1", + "name": "dataconnectors1-text", "type": "Microsoft.Common.TextBlock", "options": { "text": "This Solution installs the data connector for Sophos Endpoint Protection. You can get Sophos Endpoint Protection custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." } }, { - "name": "dataconnectors-text2", + "name": "dataconnectors2-text", "type": "Microsoft.Common.TextBlock", "options": { "text": "This Solution installs the data connector for Sophos Endpoint Protection. You can get Sophos Endpoint Protection data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." diff --git a/Solutions/Sophos Endpoint Protection/Package/mainTemplate.json b/Solutions/Sophos Endpoint Protection/Package/mainTemplate.json index ca56cb8220..e78c03cbff 100644 --- a/Solutions/Sophos Endpoint Protection/Package/mainTemplate.json +++ b/Solutions/Sophos Endpoint Protection/Package/mainTemplate.json @@ -47,7 +47,7 @@ "email": "support@microsoft.com", "_email": "[variables('email')]", "_solutionName": "Sophos Endpoint Protection", - "_solutionVersion": "3.0.3", + "_solutionVersion": "3.0.4", "solutionId": "azuresentinel.azure-sentinel-solution-sophosep", "_solutionId": "[variables('solutionId')]", "parserObject1": { @@ -66,12 +66,14 @@ "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]", "dataConnectorVersion1": "1.0.0", "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]", + "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", "dataConnectorCCPVersion": "1.0.0", "_dataConnectorContentIdConnectorDefinition2": "SophosEndpointProtectionCCPDefinition", "dataConnectorTemplateNameConnectorDefinition2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition2')))]", "_dataConnectorContentIdConnections2": "SophosEndpointProtectionCCPDefinitionConnections", "dataConnectorTemplateNameConnections2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections2')))]", "dataCollectionEndpointId2": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]", + "blanks": "[replace('b', 'b', '')]", "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" }, "resources": [ @@ -84,7 +86,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SophosEPEvent Data Parser with template version 3.0.3", + "description": "SophosEPEvent Data Parser with template version 3.0.4", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('parserObject1').parserVersion1]", @@ -216,7 +218,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Sophos Endpoint Protection data connector with template version 3.0.3", + "description": "Sophos Endpoint Protection data connector with template version 3.0.4", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -625,6 +627,7 @@ "apiVersion": "2022-09-01-preview", "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", "location": "[parameters('workspace-location')]", + "kind": "Customizable", "properties": { "connectorUiConfig": { "id": "SophosEndpointProtectionCCPDefinition", @@ -741,8 +744,7 @@ } ] } - }, - "kind": "Customizable" + } }, { "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]", @@ -784,6 +786,7 @@ "apiVersion": "2022-06-01", "type": "Microsoft.Insights/dataCollectionRules", "location": "[parameters('workspace-location')]", + "kind": "[variables('blanks')]", "properties": { "dataCollectionEndpointId": "[variables('dataCollectionEndpointId2')]", "streamDeclarations": { @@ -947,7 +950,7 @@ "destinations": { "logAnalytics": [ { - "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", + "workspaceResourceId": "[variables('workspaceResourceId')]", "name": "clv2ws1" } ] @@ -975,6 +978,220 @@ } ] } + }, + { + "name": "SophosEPAlerts_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "properties": { + "schema": { + "name": "SophosEPAlerts_CL", + "columns": [ + { + "name": "TimeGenerated", + "type": "Datetime", + "isDefaultDisplay": true, + "description": "The timestamp (UTC) reflecting the time in which the event was generated." + }, + { + "name": "CustomerId", + "type": "string" + }, + { + "name": "EventSeverity", + "type": "string" + }, + { + "name": "EventVendor", + "type": "string" + }, + { + "name": "EventType", + "type": "string" + }, + { + "name": "EventProduct", + "type": "string" + }, + { + "name": "event_service_event_id", + "type": "string" + }, + { + "name": "EventEndTime", + "type": "datetime" + }, + { + "name": "DvcAction", + "type": "string" + }, + { + "name": "description", + "type": "string" + }, + { + "name": "DvcHostname", + "type": "string" + }, + { + "name": "EventOriginalUid", + "type": "string" + }, + { + "name": "data", + "type": "dynamic" + }, + { + "name": "Source", + "type": "string" + }, + { + "name": "info", + "type": "dynamic" + }, + { + "name": "ThreatName", + "type": "string" + }, + { + "name": "threat_cleanable", + "type": "boolean" + } + ] + } + } + }, + { + "name": "SophosEPEvents_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "properties": { + "schema": { + "name": "SophosEPEvents_CL", + "columns": [ + { + "name": "TimeGenerated", + "type": "Datetime", + "isDefaultDisplay": true, + "description": "The timestamp (UTC) reflecting the time in which the event was generated." + }, + { + "name": "EventVendor", + "type": "string" + }, + { + "name": "EventProduct", + "type": "string" + }, + { + "name": "EventType", + "type": "string" + }, + { + "name": "amsi_threat_data", + "type": "dynamic" + }, + { + "name": "appCerts", + "type": "dynamic" + }, + { + "name": "AppSha256", + "type": "string" + }, + { + "name": "CoreRemedyItems", + "type": "string" + }, + { + "name": "CoreRemedyTotalItems", + "type": "int" + }, + { + "name": "Created", + "type": "datetime" + }, + { + "name": "CustomerId", + "type": "string" + }, + { + "name": "details", + "type": "dynamic" + }, + { + "name": "EndpointId", + "type": "string" + }, + { + "name": "SrcDvcType", + "type": "string" + }, + { + "name": "ThreatCategory", + "type": "string" + }, + { + "name": "EventOriginalUid", + "type": "string" + }, + { + "name": "ips_threat_data", + "type": "dynamic" + }, + { + "name": "DvcHostname", + "type": "string" + }, + { + "name": "EventMessage", + "type": "string" + }, + { + "name": "EventSubType", + "type": "string" + }, + { + "name": "EventSeverity", + "type": "string" + }, + { + "name": "Source", + "type": "string" + }, + { + "name": "source_info", + "type": "dynamic" + }, + { + "name": "SrcIpAddr", + "type": "string" + }, + { + "name": "ThreatName", + "type": "string" + }, + { + "name": "DvcAction", + "type": "string" + }, + { + "name": "DstUserSid", + "type": "string" + }, + { + "name": "EventEndTime", + "type": "datetime" + }, + { + "name": "whitelist_properties", + "type": "dynamic" + } + ] + } + } } ] }, @@ -992,6 +1209,7 @@ "apiVersion": "2022-09-01-preview", "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", "location": "[parameters('workspace-location')]", + "kind": "Customizable", "properties": { "connectorUiConfig": { "id": "SophosEndpointProtectionCCPDefinition", @@ -1108,8 +1326,7 @@ } ] } - }, - "kind": "Customizable" + } }, { "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]", @@ -1177,11 +1394,6 @@ "type": "string", "minLength": 1 }, - "sophosTenantId": { - "defaultValue": "Enter sophosTenantId value", - "type": "string", - "minLength": 1 - }, "connectorDefinitionName": { "defaultValue": "Sophos Endpoint Protection (using REST API) (Preview)", "type": "string", @@ -1198,6 +1410,11 @@ }, "type": "object" }, + "sophosTenantId": { + "defaultValue": "sophosTenantId", + "type": "string", + "minLength": 1 + }, "AuthorizationCode": { "defaultValue": "-NA-", "type": "securestring", @@ -1239,6 +1456,7 @@ "apiVersion": "2023-02-01-preview", "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", "properties": { "connectorDefinitionName": "SophosEndpointProtectionCCPDefinition", "dataType": "SophosEPAlerts_CL", @@ -1251,13 +1469,14 @@ "type": "OAuth2", "ClientSecret": "[[parameters('ClientSecret')]", "ClientId": "[[parameters('ClientId')]", - "GrantType": "client_credentials", "TokenEndpoint": "https://id.sophos.com/api/v2/oauth2/token", "tokenEndpointHeaders": { "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded" }, - "scope": "token" + "TokenEndpointQueryParameters": {}, + "scope": "token", + "grantType": "client_credentials" }, "request": { "apiEndpoint": "[[concat('https://api-', parameters('sophosRegion'), '.central.sophos.com/siem/v1/alerts')]", @@ -1284,8 +1503,61 @@ "$.items" ] } - }, - "kind": "RestApiPoller" + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', 'SophosEndpointProtectionCCPEventsPolling')]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "connectorDefinitionName": "SophosEndpointProtectionCCPDefinition", + "dataType": "SophosEPEvents_CL", + "dcrConfig": { + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]", + "streamName": "Custom-SophosEPEvents_CL" + }, + "auth": { + "type": "OAuth2", + "ClientSecret": "[[parameters('ClientSecret')]", + "ClientId": "[[parameters('ClientId')]", + "TokenEndpoint": "https://id.sophos.com/api/v2/oauth2/token", + "tokenEndpointHeaders": { + "Accept": "application/json", + "Content-Type": "application/x-www-form-urlencoded" + }, + "TokenEndpointQueryParameters": {}, + "scope": "token", + "grantType": "client_credentials" + }, + "request": { + "apiEndpoint": "[[concat('https://api-', parameters('sophosRegion'), '.central.sophos.com/siem/v1/events')]", + "rateLimitQPS": 10, + "queryWindowInMin": 5, + "httpMethod": "GET", + "retryCount": 3, + "timeoutInSeconds": 60, + "queryTimeFormat": "UnixTimestamp", + "startTimeAttributeName": "from_date", + "headers": { + "Accept": "application/json", + "X-Tenant-ID": "[[parameters('sophosTenantId')]" + } + }, + "paging": { + "pagingType": "NextPageToken", + "nextPageTokenJsonPath": "$.next_cursor", + "hasNextFlagJsonPath": "$.has_more", + "nextPageParaName": "cursor" + }, + "response": { + "eventsJsonPaths": [ + "$.items" + ] + } + } } ] }, @@ -1303,7 +1575,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.3", + "version": "3.0.4", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Sophos Endpoint Protection", From 089f4f342e7d93d61582ed9097f2540c9978f28c Mon Sep 17 00:00:00 2001 From: v-sabiraj Date: Mon, 1 Jul 2024 14:35:53 +0530 Subject: [PATCH 25/33] Update ReleaseNotes.md --- Solutions/Sophos Endpoint Protection/ReleaseNotes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Solutions/Sophos Endpoint Protection/ReleaseNotes.md b/Solutions/Sophos Endpoint Protection/ReleaseNotes.md index 0eba3c66a3..bf55b4f929 100644 --- a/Solutions/Sophos Endpoint Protection/ReleaseNotes.md +++ b/Solutions/Sophos Endpoint Protection/ReleaseNotes.md @@ -1,5 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------------------| +| 3.0.4 | 01-07-2024 | Updated files for CCP connector to fix the connectivity | | 3.0.3 | 25-04-2024 | Repackaged for parser issue with old names | | 3.0.2 | 12-04-2024 | Repackaged for parser fix in solution package | | 3.0.1 | 12-03-2024 | Updated Sophos Endpoint **Function App** and **Parser**
Added new CCP **Data Connector** | From 606338fe224b1e17b1ed032ad7fc7e24ffa19ee9 Mon Sep 17 00:00:00 2001 From: Niklas Logren Date: Tue, 2 Jul 2024 09:19:39 +0200 Subject: [PATCH 26/33] rename security key to apiKey-auth Apparently there's some weird Microsoft translation that auto-renames the security field to apiKey-auth when you instantiate the connector, but it _doesn't_ rename the references to it. So we avoid this weirdness by using the "apiKey-auth" name to begin with. --- .../Recorded Future Identity/Package/mainTemplate.json | 10 +++++----- .../RFI-CustomConnector-0-1-0/azuredeploy.json | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Solutions/Recorded Future Identity/Package/mainTemplate.json b/Solutions/Recorded Future Identity/Package/mainTemplate.json index dad3ec8bc8..9230f39e25 100644 --- a/Solutions/Recorded Future Identity/Package/mainTemplate.json +++ b/Solutions/Recorded Future Identity/Package/mainTemplate.json @@ -393,7 +393,7 @@ }, "security": [ { - "ApiKeyAuth": "[variables('TemplateEmptyArray')]" + "apiKey-auth": "[variables('TemplateEmptyArray')]" } ], "x-ms-api-annotation": { @@ -562,7 +562,7 @@ }, "security": [ { - "ApiKeyAuth": "[variables('TemplateEmptyArray')]" + "apiKey-auth": "[variables('TemplateEmptyArray')]" } ], "x-ms-visibility": "important" @@ -601,7 +601,7 @@ }, "security": [ { - "ApiKeyAuth": "[variables('TemplateEmptyArray')]" + "apiKey-auth": "[variables('TemplateEmptyArray')]" } ], "x-ms-api-annotation": { @@ -1914,7 +1914,7 @@ } }, "securityDefinitions": { - "ApiKeyAuth": { + "apiKey-auth": { "type": "apiKey", "in": "header", "name": "X-RFToken" @@ -1922,7 +1922,7 @@ }, "security": [ { - "ApiKeyAuth": "[variables('TemplateEmptyArray')]" + "apiKey-auth": "[variables('TemplateEmptyArray')]" } ], "tags": "[variables('TemplateEmptyArray')]", diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json index 55b8df9385..81bdb63047 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json @@ -279,7 +279,7 @@ }, "security": [ { - "ApiKeyAuth": [] + "apiKey-auth": [] } ], "deprecated": true, @@ -449,7 +449,7 @@ }, "security": [ { - "ApiKeyAuth": [] + "apiKey-auth": [] } ], "x-ms-visibility": "important" @@ -488,7 +488,7 @@ }, "security": [ { - "ApiKeyAuth": [] + "apiKey-auth": [] } ], "x-ms-api-annotation": { @@ -1803,7 +1803,7 @@ "parameters": {}, "responses": {}, "securityDefinitions": { - "ApiKeyAuth": { + "apiKey-auth": { "type": "apiKey", "name": "X-RFToken", "in": "header", @@ -1812,7 +1812,7 @@ }, "security": [ { - "ApiKeyAuth": [] + "apiKey-auth": [] } ], "tags": [], From 8291039fa0c9d8fe4b96f7eeac4bc88ce07637d9 Mon Sep 17 00:00:00 2001 From: PrasadBoke Date: Thu, 4 Jul 2024 17:12:47 +0530 Subject: [PATCH 27/33] Minor changes --- .../Package/3.0.0.zip | Bin 23575 -> 25666 bytes .../Package/mainTemplate.json | 12 +++++++----- .../Recorded Future Identity/ReleaseNotes.md | 2 +- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/Solutions/Recorded Future Identity/Package/3.0.0.zip b/Solutions/Recorded Future Identity/Package/3.0.0.zip index 2aff1591b2c9cea6c9ee28af6e1fc870ce0e904f..7400ddb50f65afd495965ef1a3cb5a9977d3b7c6 100644 GIT binary patch literal 25666 zcmV)DK*7IIO9KQH0000808okKSP1~1@sbDt0B{!o02crN0Aq4xVRU6xX+&jaX>MtB zX>V>WYIARHwOH$JBexa)U!d=BFl}MUkVam&K?}E=z_B-}0dHe?o$L?GSWq*R#CV3B zkQ^!6je$H%AFWT)?{F@fk>uT^7r-zi^6*^0bJK_4{)Q;}y-Sud7tt9-OYaMJHkni> zaW1r2$Xse4i}$6KaboiN&P`6@7xC%1uyUp3dU9c<@bcTMOF36sd1Z9`y3D-#E|0%= zM*l7v1zAg>(@a{H^;#v?I5YS0dEnjQP!q4DbzsEAJz@2AA*{%y2N5Vf@DUCZqvvX| zJ;0H2Z`FHYQyk7k=H#fonF*&7*CobbDqUh#;cLl%Q~83NOeI15TnuFb-@$*oL`O=bF3>Dg$vT1+EatJE(c;Lo2GKjQ0B zs>RZ`-#?$~sXjjbhw<|4_?T`oDV!uL=hBil4>Cd^T?+*nCUJ1??~Px#)M ztYm}EhYL1S-a>+=SBD`jKlo0{3y(m$M@RL0`NRmyMt zW>QNEg5o?KvRcG?-7O{5&&39o(EXz}YfZ|zva64H1T@{m)$$wtU7)Urhg3-G1)#_t zU?(X@jcy|<_I;S|yDny}?i)L(vSO>odcBTqeL1hf$u1gFV#I*}x`m}SzD zlSyg$7O6m2cjTqW9V?Ln%ZVq|yauzvnp`>QMu@Pbnej`Kd6Aio1S5W*l+K$RDG<{g zI8=s?Xh&xfC8&^HE(AOQS|BNS0vVod9KT_9ke8O>hRl4ciR#)hhfXADg?N({dLfzA znbIZ*C4FNTLL=QmKqwK2o`x=ku@L_ZM|?4@iYcv)eVhZ%tgL_xxhOMXvkm12l?8ra zUu>NNCs-NyBDsSVUOa+np379RP*EAQ28u}(MW&KkJ69$+aTMT8=O9~2x>SfMq*U=~ zixf3z2Pi6xihxtSp|#jJGJAFdYMFX3_hNAn9e)jhDKfE{8T07il0IaEwC@pYc>ae{ zC6Da1ZLr`!2N-Z9{L%o~tWyjLgd*ux!VVm<2-g>qWMzs1AW>;WRy(S8JDV_LtU!6C zIWQv_NhLenNv^%neiL)TZW>N!Q~e^wt+413ZZA$Dum(6`M)F6L3xKbMFtfI9s!wCe zpdKe~S%6GAA3pPKh=~)crml6lGXbT-3-*Q}lv|psOiuM5V+vit=KO4l+DcZr$LGR6 zI6uD}Hp=`dCXuH6PV5U~IhsJe&FO_TWx-|RE0~y9mh z)eHCkwf5dL02qb>ch>{nQmjHkRYl^Hqyp$ z-}n`MbydBvXk5a?jNf->P|KqwqPhg0fuoGP&;6zMRYN3Y>f0b|<{uRvGFUgqSbUtDj zR0%8!qXW-J7om>SSzU=a2OV7)twU-%o}ONe==iwJ06zIFbop!6p~_e>Go?RJ`S%8p zpj|VC4CyD@=hCL+#~-&NOlp#0H0n&FuAFtp(axZXOE3t1_r{tPT5A}D@4FP#9kah_ zBJN(dbN!^1+?D#=Ly=u+$N1_**G-B>`b1!~_qQdcoR4tpu?SK42yuwxq@4(&F5$!W z%Tw27nW-B5p1ZIt2yPI&7rd9K6e-5@{@+z7_YIQ~ttBlaQps1750`JCuo|2=NvL&2 zPrIj{QPD~{h4HW1L7q{)3Fy~cANTYZJmkNs8zOGKExU}GkM)O!@pj8;q0wD;G~Cx>tmAW=pBD-_hG``0zcMDfQ*1>PiXoaY?`kyLY&}-b8llNo zGY`*8l@BO50WFhfRhjm9qcc=hjk(`1!sciPnbZrv9Q2$x7{+YjaC9CrXF=BW-?>)!)U;)kjSOU(rS%=6XJvM=o!&F zC`chO<)v<|vWzm0yU|$(5*Q8CWBox!#mX`8`s;!C&+ejlT1 z6zFPWzvOO)@wPVoi??@ip1f1(%NxWFgsrjfg4^G9e>dIL=&66ukHGdzJ4x*(KStQ1 z>=)E+iy3zYt>_+`n)8GIu&x4Lga4woj!^Fa-R4Coj*a;BR`N~}4u!O_p;ttso@LFK zL62nH?wIC)w5EFppW+|>{tZw|0|XQR000O8af#$u_t2?YvRVKDF`@$i5dZ)HZDDC{ zRAp^&Y+-a|E^2dcZp>SGlj69N|9>O)J2>jSi0TfCGCpv@yx52}x4AJlJsmy57GQj0 z*<2I--B+@?F-P~zd)w}*39vF#nW_9qsg(HhzyFJ(UjB)c88pGmZ`8}o^BnXWO^0vZ zO<;j3G@<3agRSqvcf~e$ZHQ(QOgf(6;|YdVp<~z^Lf3(&V*n4n&yj8YrK(Q?k zxAmZlG}|KmFz*TSZ`W=@52(N+8vIFK;8(!+X0}U6WvJM$3RSA$dsqdk=|WS3E+t`^ zQx|wxBBJ6H@*T%^z5jK0(YYs9_Qn5s})q4WF=5-cDg^V!PC3Uy_RHHE;7m zBzzB*b$|=7!q}D*bq!kyG&#P)FTITeNnglwHEX(8gV?KCRcKAU8E$2cuT?k!zTx$N z;Rk$QT!?JnRbbJzedp8X_kAy4Pi0;CZYK*VuIB7?da2tU6Te5_dUqZ8IRRiqwJOWv}=5@Wc20fL)7x&cBzA{9$)} z!4Zo){PZfrX%Hkf6^1y4_HnZx8ytH$_#lZ25=6wly|VbV0TuG;_3aonpI-Ovub)4E zeQf)g$#*Qf9c@pU+~4;{Sy<5k4OM$ei54(6o~9r?mJlPNrYWwC?1@LU2{bHdkl{tp z^PMYGPC&B+t_H>iJjD#2L^LDN_%U?99f-diM16V&OU+q`;*Fo=v8N_kG*9u<@I=>+Boax$4l_b@!q4Q{#>;rxwZu zDW3I_XPa5uvT$_SZafiZ;)%f8n~jJ5?(&~@f0OW3oBeE`Hyv*yx-QrRV#wV8>GjLk zQ&LQ~8QZqL^E0zs1+Ln&;aVZ7%##*HGoG4qO%bKo-j=ol6%szo=|pe}-vcsVKfk@w z2SB{Hq2jxExFri|)0v0p*SAO9aYKo}zWJ86@L`DCPbYdun1-i}&nLPcgvqV}@D0NbmyThg1Zt@_Hr={tKppu;mmPGk8knIM+G zzP%dCYw&>z9ncOPu#<6xIF?Z z7;KsZZ>BU(pu-^CCYjUn!D!w~lrhPYo4 zL)^0%;(l2SagQ-{X(fp@12^Ld8dz!^fh9acPh{H}Zf%qJ;ltQNlk)$)%Mf$`AyuGK&X8Y~%4igGqGb8BT8U zUjikP@aEpBF`nc6HINf-p8ouPN;@`yrK4ToVlD-KdL3ii!~fmEU-IEvm3-3pXvVt$ zOhyAR`L_Wu`4j+?zaRjU&jRpF`Ckfv$;SY^wDKg(;2L`oZ$zW;cit8Szboz==sTmk z0~6sPOoZojjOM$G5+NET!rz7x;VF~|zaUD4XHg>jvM3QAqvXoUeTSD;{)Ca}=Z)N- zkX##iMN37s?yTDxM{L{Gf)AB*Y|od_=IfgNG0vi@R)?rUwBy=KO~rlDJ9q5^8|@v6 zr2 zY2klo^4aOb%{ni&#~QWLyxH-zZW#_IbylknB%469_5*d^DfRC^>O6F`bKFVPMFrHc z-uU%`KkAh6(0K6C?wI4Eow`0JdRRw4;oU>9eQ}UuoFS?4tP6u4f$^iXrS^S?cm@#Qq`?^0iZ;I@kGAPKur zarg3B6^}BWQ8A?c0Tn}=zV+BhN0Rr?DtadA8C?$yQR-f=MRCnCGz*?)7q7Rj9+2&( z^)*WFRp#^D`P~)&{wV22>f487S_uS-j&`}Ooz07Ii z&uBTf5{v_Z66%8GH18~_J7R44Hyv(nwV${%I2PM&Vy@Z;*i@zHyO#LFvHNM&{E(#)xo67LDUS8dq}E=qY86^ zASO_7(Iwo|Q`ibBtU^=vgxatDlmUT`-lOf&5Sh2?KZyb?LBslWU5#*)WZ^f>#91gk zci{A2V}PK*ztQPA&5L5It&hs`RLqF2e5NYqktpV9c9qGAVl699gTI`(s^!UFrZp{O zT9~k9molrNloM^-h$`6?s^?}>E7#)X+!R&wnPDq0*SZC{+slcmK`}Gz7Bdq5-U(&5 zuq?5Q<>*+R-p#d89e?QlwZ9I%5=A*Hinf@;|Jsr$&Tu#De1=Z7#1d{4Tiw7;{3jlt zd{$hw3Yn=QWm|TY(0Vd{JI!n=j^>!Ys2XuM4?K zMhAIGN>tV>xz|oiM7_qAH`A$JDa@2%QMQdT9+FDiPSiU?u94G)Rzfbwx+=B1PN!Gs z^?S^0)Hmz;s6Vnm(O4*)%&3;i!@&Z(wqKm_T3K@{9i!au8%b?sE-G`U(l;GJa~5u8 z>s9-#_n{?yRL!kxgW@_hFK@hRhp7+xOnN?I{gTGVI!4l;*aCFdsbw>fo{YIz(-K1e zV4tk=d;f$c-}FzO_$P~rav4zx{nILQ0qr`U&$RRF%&eU0w$zy-*R-0QmkRlcY>!Ks zY`eDYF2&x^s><2fP_H-gMoJERWMYpwm3fz~Z>PzIUeC+jQK_9bDqTkI^$c~`?>X~P zv1g9hnFFkPLLH1aSTcmE-N?^|prlD=MRyuqV+00f*#!2Yp*sLri;B5GZX@B10q0ju zVTGFcwK6VkYE~uTHM@*D92AXwBvANse8$8@xB9vkR_nWr}uRb}T73X|x;maGv4$0-#sh)Ci{r z)mYh|Ls6AMqq0JijN!ue3fVP{lPdPQnoJgJ^91j1=j)^sGh;Yk6Llsq$ksQPQEZZRl0s zW@DpOyVata`OG9>?4g({?jP zuF~pBn`{G*=Z4PGGj^MjVkNbn=yVKqTS=RvgJT&OlSbIpls= z)^h6dNmy!@dP&FgfDEjmx6nInVNzbywNzf^7p_0vSj`P;`JH(~5iM^pvIbsl&`FL{ z!W?ARS~+hpNg>vqWmbx3iAguvDSb4S+C-jY8uMyh*=EP|tW-7EX3+tQT*fxo4WDA0 z)sNQP?rV*0gHv@S&rA{}e!!XTpjJd+5n51%QEv8KhN@=!T z*ZGN_nD@tv#H8aXS{=Ju(P~@;HT1DK)l;eQr0*7ut&ro@#HQ5wXn&v&z$93%FG|eH zsny!URz~Ysq9kr$deUUQNv5;TD6(KDCeulKFlXj6n}}@@|G{LxD1nJ7>DflBHn&W) zTrfEu39OO!nkm{K6F3t?j1L7{U^xbVUt094!!27)EoV=(3b%AVK&oG?Y?cv2-{t;(r!Wnq{Nb2Ai+9oE(OBGcq$ zSZQWbKC)!Bk{EQ$)kP(xry4>(z066gX~ttrkt>+oIKA}SjdY?m0pLur{`xG+}kxIS`tZQ0C9epQC4k2R-E^u&Xx89z0{Ezw~=6+1v$sn1dMM)Jtcqi43)unowp?gl*H2tw( z>Zt|aDXBI;+|YUrwb@m^oasxkVZzBz%Yre@q|1G8SsJmaZod67w3%$Brl)dTy-=9c zlLn}_E1FwjwnDQy-Z&e@QaLXs(`o&GB2z200@G=5Jai+aKD58E?-7NtfJn0@_PyEGaHg?*5Y!Klg@|^Ja z0=N8bou<{=sZqhbd4RXX$fNLXVhTwHzT4%JJl?ha=`2v>ck7VRzfrb31(vqm{Rl(> z7M6;&bnM_Vesov(3pQ)7y-FR9(Wp=Gefs_u{3ZgwRLK>8=%LSHa3HR4%17=Yf?y!kVxUCUE)O*Ot@h_@MB(#}jAt(EM>9ulJjwI2Jk}VP$jUEyqPbsYHVSS_L>F*xV3};FnjrYq&C4@2 z-he4M0*ETL94G?6Mk@a`S|lEA_?QxPCB}n!}o&W8hZi*G^ztYAqOhjL{rF*W`bGH5AOcl@9Ct{`*K+^ zyI(iHIs7}xC&74sR8A&9nw)t3?C6|C?tiGm)4Jc?F7HGxd2lj7oIkeJo6GuvbU#}^ zMSM7ve4qd({ih2jL6wbG;Y72vU_GLbqmIH+mtk6T~O*0pNcp0%y0U{|raXtBsL$?8_yI}z_&-lx4Uc}RfZi6g%d{AIovp0xi0KVZbJXYohf$!veJZWc(LUjUK(-`FAe#Km(f+^I#m8P zXlg)@=$P*1e74(5FOUFjb`yls93#9m!wWC1u)|9$9PuJBHEY^ID>+jvMVXUdQNKMr z{EGeebK`zHkx0dYmrlh}A?w{)>}NM&a0k0=%2Ti`?u_cBcs-xH)GVlQ9hHmUt?8Bu z&O=Vu*K5j|fUAdaw6gXS3K3MvG#$uH%DLf<8 znC!l^_xM5ot$PIkgPdmH$n)oC4^!)R=H9q|NbTXPD7$G;9E`r8t`8u-1?T>J|z zh^$mp3vwzF5*ysAaVOMcfwno^$5EuYmPV3Z1?Klcpar2dhygE9Ebx*V(UZBe^n6YHoUG&?3olYrJnaQNyhKW}9zaS8^L`!k+dnGwB4?U# zr&U`=23|Ts@*8*d91g=S`9{R5n@!_4RbZe~Y%dR0_p|QLw( z^P?|6cc+h@e1780j;Dw2A^kROFiMwrwyADW8C?}mXhIt_l|EHUd7bqm^gv4wwoS|K zCRAFa(C5tS&$4|-w1-D~S7YKw6oeKz!FxO8R7vbKV8KtzFv!Du@{lEdvzdMHV#q22 zMv4teT2Mpj@H$)_9Ui_vW5B*nL9#PXH;yH-f3n0;rf~8O(1X@doVvV&_1LJpZqRr5 zByz8Re|md+yMG;q*S;aHs$M$69|e(y-r_z zI(>a%+*)<9QYYcz z(c0BjWy<6uS^%{@O+Ckd)mw^cK&k*%tMl1AD!JY-dDrnpOOe%^{$ zL@1brgu!1{xiy%Ug3a-YP>bvP>z%($?@UQ=gez?xy2tIe|7xDe;hvk>O_%S zOIF&lJQOtcJ0;ZIz_TY;Of^I$%*02&xAf31XvO?y5U|-$x4&>ccKNm$ z7BTmf4{bVXB1lT1sCVD}G5hJe-+%t;<>AF|tM%-s5ApM}@8YZD+3L!>cyjUE563Ug z|LgX}Z~yi9#cw}+xbSYh|NiHXhtA)>ymS7!TFn0L-(2}${_*oazdLq*dg)*M7J5G) ze|hus@dy9;^5xCd<#%5qp=ya+Q+xQSTj@vx! z){y`UNypVKa^@LpW`u_|s=DeIBq*$Pt8_dKW#cifK}%JRl8yP?CsvtVqz5y+2gI;- zw20knk-+1l7poRL0S?QOJE82o+YW$^bwef)I% zeHyX2wMWd&@kf~@{Kw-@E>XDry~tAMgG)?aOfp~xTw+WY6(4=B@XIxOHL(9R6${B{ z)6+_RVybH!-lxY6SHDwTEBjeK`lvvI>IE8Q#-~m#W6yKYCpaV5G$yNs9hX(cj?F5^ zlycUHiUlCB2jYcY9bMd>*xiQEwLg({SdR7T;>&ON)NekW;r!l+=2PoonO5 zu)4PA4aKvDmvkEkn_duv-09yyrA8fT&rMC>p2IU!JI+v2R}UR?Rg+UNmos>*q+s|L zs7TFx$b)^%VSW{;f>}tGkf_@Wrv7@SJwru#|DvK>(|b)rrOUhJRp=Wk{jj3zc;>{0 z(_gv?yG7M|;eBvthoKIY6HjKodWxb&T=UGBX6!c81FB-=3m zV&6TncL=svNgdA0>bxu5X-C|oNW-K$?Pw_UTL&ofhgQ2o&ag1INi}uk@%WJb z_r=?zClG{j^7;OkkB`zojE3~nMEas3KJ$`8yVOwAp1B_u zltj}Em&G(x$SHKW*}&N|1b3vvDq@axSVhdy4y%Yf-eGl-M?9=9@|cI!wLR)7Haa?N z)Czq_RBDAjC@Qup9Tu5eorU3h?Wtu}^M}Cwu<|0h%;+Yilbgb>*W5C7&W0Cr4d=;v zo7qNMG~aP!GTha}$e|UuF;XeM2yaD#yJW!<*k#G=Oqv+Q^bPaUL9-Y98OLf%UBk|{ zF{)3tmMR6FO8cc3Yjso)O5dRts&b{GK%mocU7-C}Gk^DMHqPw$j z=Du)ND>}y)^q<;0jvjcx@mCAy_{_#FrX51qfF~OqaGJ04hDMxu@yd7ZUT%)cJ7%cP zNW2gPzG1R1ZqX*O`F5SP!otBSV_{*Hao19;DjH2tbW{Nab?eS5b~`Nk2AMoUvqDj0M?2Gg&%BdnRr`|>)*C?9 z%GzFJt#)C_`EeU|y%8LOgtg*P) zY6uB`HWB}dusuWJnMn(1E$!dVLTdM}UXK#fGp-SIp14M+0f z@CE}yH?jIi{lw~`$&VKkhmwY&Z@id#ub?cm_fh!n0&Ara%}X&LE-lS+7o+jTl2WD) zx$tzClL#-06pNTxnru`XiNhM$&5Gds%(BYXmPXdnl0?jCgo4(=tg<}_rYdF_dnM!s z39aqOm_L0o&~Vz)o`4Yje&RG-JM6$FId6u?Zv0yguvY0ypBkhc`6v&JsOb+~toboQTCC+RXxpC~W2lafOchb#AJWh0UFLUvedtZed|h=$-SHGf798yix6{Mzw6P4g z)6&|X>g{w(F*aN;W5pQekP^x^u&n#s^fb`-mL5JJ%L@|sTJutYVKCeyxA$U>u!Sqm&8{aduSQj_VqYz{x~S{rh8B0rUYXuA zsvX>jDvs4U$@N1RWjC3)r^t6?_PERG`@965v0*W)f3tijHd{tKSr{HzqeJ0$QF)m| z*GE%jz7uIf(8)MiZHx71^^rJWb2{IK`z}?QgA84?%NH>jg7$dpfewU}lwj z8Txn&Lr=N6z42jrYEi3^F~r6i*bp3RfKTO`HL+R_D5fQWVv*uCYtj!O7O7veHvK?i zkrFm*(+?zA1Bg|&2f<|)-ZTK(je5%F@Bw@9fJd;Nrn|)cYZQulKsn|RqQOR{lXMkTMCmKv z>$d~{d3m|-#RN!!Q0R{uNgXvg*vIWCsr7>0C?|K@c{>mvdiwFp4S|VNSA1&>8tDNa z4Fg4*cr7#v64_-s&R^RSh-IG)hH0dev$hNz`(Deb{(1oU39z*O`{4r zT7gCZ79ZCV*alOe#cSh0iu-E);AK0G9=Zya=w&^zp2g_k2y|csIw-;>Ai^dX!X^-+ zQ4mD40ElM656uD}ngu=J10EU#J2Ve;un2N^XR?AeAZ8i_G&GUf*1-(h6*HLNg-u~k z^~w4mDwukJnl~3-5X{ ziM;r|-C0#fV5A9|AWq{tG&@&xgmaMw3jKUzN8_@LVv{h!=F{tBP+{S1csQIVKYq-9 zMBaApLeO5^7VD#Dc9iQ4T^B*?r2D}3wLJ&q20DS z8qvbTsG||F&fy&mhj0kD7)kZ1oe8fYtBF;@POD&PNgxtQ$2B*U{9S z2(d^ls}2Y5i{9f^7;HQonOOno#c4@-Q`}yX)$L zv&v{glhsD^1r*)PpcLWfc|XYsG_m6BLPv zukC>rk+zcsi|WvVjic>$IAiQ=N5f&_WxE;*XY->8hE>KA4XbPy7mJ@Z6r(L-7Yp0* z;Fj^P9gl7q^V;#~JsI7)&rMZ;g`tjzR)0c#zg~R`$8M>C zVT7tMV*gfE#j5RttNPhnbwz)v``5R|(pNa-WjyPOT%G=D%i%2W9DmZ!rTUFp|t$FLJM2f*K}*P_O}$L zEXUC$6_vhQTO11I)-fh>UTg(Z8?~(1V3Wx8jmIIZI$qJ;J9Dm#^H12UQ!Io96Ic&8 zjodByEN=fYd+O8mo+LmL3(w5>tW6~>;aiADB*|?^rdd=8L_sABm$2@k_bes~5!ity zIw;0tjKU0W9Di*zr&%M(OU7aX#EJQ|2=uw}>DXYmK9Sd1YY~;^&dAjr!&L(eA><;f zkCct9E;e?ARmO&?vC7y`HC7oLuEr``gsidp7GZ0wzD4L7tKTGit=P~mgss%lDvYhv z(khg#*wQYXjkQF_r?J}hVQs8g;kZybTC%OXgw3=_Y1op22jo z&}&$o*5?s{Ztc>k;P7Omt?tZw^|pJnrZ<)7VZ4sq3EbqEeL0bmWc1R#aieF@w`(+{ zs9xcc%~+9(6)m0UC5Z*5bwq^@duv7Xoe|qxR4if-#I@nj%TMJxLiV#9-Vqh|>xg;v zWaOs?eB`XW@7=pGL`4f>uWh*O}=yCp9DK^##d2 zt5k;`4OUDoVH%{a^SH2rR*n8_PSCFsg*>aWKoq}H7`|O$?tt54RmPsM`p(-{5aUd7ZpFbk5qAJYSg(IQD!@mB{2x3{SW_&QVgNj(uOsiqnck7tq3=y~^lS<6!HRc0Ua^i3dYix*7qr?v zSsnP(i~l@VU(?B{u>NDMUgd}C>}s>h#K{Y98ijEXR4kMH0veht&zT%$+(OFzY%B0ix&b9l! zhA>5)ALXo(QCIrC!WyErP!`grFPTu2wlk7*u}vyAE~g8Mx&pi>`-l67vYJf(bhsFidHG<2};WtvyHM%;S}a& zL8#P~?aBD?kyP2{N>(xx(e>rZodTkcODj=)kZbe{Rc^Ef9CjC#v#3&TICEESFpFP7 z%Yt1y`o;Y~X9QrsafR%D5as{e!>$rl=2Cd5?tV!2G=_q}J!duON5y9a@S^w&UHzrz3==X#4G<69~>VZeaUI(fMU%L@0JCU+y5;NgMTZ_a>1ht;aFjk z;|gyvF((jL*I*;DCMxH1y3TWF?I)R0jaX=jDW^RwD5;UM1|DTImB5~Ykjl4I$g}kk z_U)d4vO>SbS?@`V&(SpNb9`Lxk*d(EjPk$`F8=-Cv;E?q7c*+!=JF+H6S{Rg5S$Es zNbPV@VeAD|jdPQnlh*8X<;4e#ww$VlV&G5e@E3+Cew4LVg1~wb3-ODPBYy|P)0wB0 z=~C|n@AUm80+G&`S)VOSwZFJ;1GH-T8C<+yOFrM_< zVU!=k%X_icTQc#*iMXKAo{SHlfJPH^or59MXc;JV&2|JjxU7W>^>vyotMu;${HUuH znDdp^pG@|%;%JrXw(Dy>aCC{+j*kLM_*qNGVl~BH{~r{MnrdFKTAO@wM|4>iA?xk+ ztIN0Q-hdDV{pjxpOaxu3oF)*Rc@f*G+#&OrvbN}p2q;Exh8iToz?m=u2a%kKb<-_S zkYn_YrO23w6N9cn(0$g!SG`zM*X{Er$T4yJ=yW!l6c#cGC#M|O=PF#!!-&<5Cr-ke zY8f|L2d8txV^jqAn)|#?#*;TWG`CJX3BrU9xejI%FQ~yLS5$?5FW-BsmGWgXD3Zf% zUex%_a7!)DT(7kiHdo=yd}sRfX$U9Z`}|HCQ{pCk)6 zWsMJBoW!!l+xzT)|FY-J_Ea}gQ1mV;p+4e;Rmv5QsVd2Bx2HwZt*E>9KKo@)nE3C0 zDH!b+`gv%1Sv$#G2SA{$RtKyceg$}NLpAmR7Q-@vAI9Ixi|}#l*p-We~>E0 zzXAFH3ugJc_wKWQ9V}gN;*1ZNhk>owP(VIvNIhL}{l&a4ZPHZA839Z@E(3zK?@t^m z2H+1DE;-H2zn)HAcXmJ6{}W@TYrQ{Og_oGVk+V`^tHCICMfLjBTRHwD-MId%Gfrtu zu4;xcDr#2ilCo+I0?DjFjpugJUYpRr7G~-9xhXl+yem|HngOl)`+WK=kUlLBA@MLs=?o$uI2a zHN{T;ZpD8Pj$M*rmv9i?LEuI08|x%nJpx_qH!?KUq6;g?VPEU`-XCDVVJLKKvfK6b zQH5AuY`~3_50U#6d)BjHzINK7Ew-QU+dHJWy`v~mrzO3`Sh7w8VOp@9@M?95Ax&G^T#hW##Iw?bBk zuM5>KMQvg=P$X)rDuW~I)hta>aKu_6kLimkln1TuPR+Sj+)kwvZ(bAyr# zDw2eR%7wZi$(Ej*le9|hvp_mwNN4eOOlS}%VNLf5TR38-mfR6z->}EdLbgWFq9|;f zeT0Wx7`F?fGkzO6ew#&q(9Jf#1wVjW%%2QE*~&SAcDDQ7B47&@k0-@Z&EMMZxrIPywjrv0oZIWOyUL)Ycv%Qx!AFb_g={ zm+L0ujO}J?92gf1%&OWAtoz*ACAwDEu$iTKj2|5ztE#rx@K|12x8B_}w9Q7QT@1H} zhD}VhS|bBs*u?a{iP`S%;Z43hpj=NV*AvF|#0zShg~6^bRt&RP<7}vxMx7}Kp`WsB>LcuSsg$aH5NL96k3Ej~teQVRY z8;@AMncbIn!(eF-mUd5;_9uK@kelX38AX_kYJEk}R3Z6&d3?GA6~>0rz9_ExQ{{&$Mb^k7V=yJ!>uX=nY4FAP z@N;agx<=^kEXRS#D1x~u`BYF^G3QObQat+xQYuu^JK>h42V|qODfN`PFlAar;t*`s zLXjf_lcn&u%PfVe5u_5!CWn}^4{`b-rYx<5%fO`^V@OIkBqfBFyO)%(1i`3~{?a#=SOBVDKICOdenTNg~-jeky8#E?i#C$O+8P=|2MiF?jhlfAcnx*M}YUjNp!JvdrFyR`gg1C3pz9QFmo!EUDCi1`n znIJ6)sUvxgm>i2~9E3>jCaoN(24`QZJ=81Jj;-sAYMh2V2U0c-jwPuiF@P^*Eu{+R z0{nBGfD%+OI~2v2JNG^SB~q%FozK;$Six)Y&%(FjN(>o5?X`C`1E@@S%QAji2(IS2 zKWo5RL+wXi%ytCY?Jjb%L6##)_jJoo3xko&X4+@Ex;xfd-n;%DcmpHAA(lL}jr zKGJ@w*SM~q^ap+=EmGE++sgQvwiBkz>&%it4Cbw@hbx`}l>6Mt)2J%=?GlU@zMt&) zS*ZGnR`BjJfs>rj)A-`(#8-!Lvn6$u<)OASenpYW;y2>lJa1F7%FV@Tq zN+YidOAvIQJG-)0eX_a~l+(FmVy;o<>UMfQ5dw0OOUQyJX*}`0H~}Lmq4&_;HOM@<$rxO-7@KMkH-kow1%9|UeeKAv>v=?fo?!oO>8I!MAn+8kESf8Byz^5~= z3Xmyh&9ed7K*GU9aO%2Aib>Vu8k@qv;msX;nCg{2CB^kBiP#j;-HX7U|xCB^Sf-X*Q4J=M@cXww=aCZ&5 z!C`TCcXti$9syqy1&^VIf#jzonYTpte_ZMP zx;V5#Nb)_r9)FH)cH;PTM1$eJaN#qAvW#Of#(da@xoYui@eiD*xO0+M$Ez$82?Jw| zKk4b~;Wb|W;}Hi-3yACi8Yl=N2F6i=$DZscNJ+|g&$Bvd!7rA_4T94S_7r*F#cvLb z43{1#0;HDz_*(G^P7SUUT|S~vKn@rGq{k~XNVu|c$XOmLAp9}Hrv{s2{6-<{N9KwA zhKCChv!=6s|CLlAaQR=N373&JE#9-x#}TLd@yL%V|7-Py8pnNDbbCk|jMgeo&mV8* z5LSo*@ESBkM+mK)ddg1F?0}AlLwLd!zx@fkMdrbBol=?P?7F74C>2rvQ8N22#tR4) zC@?<27p~zNCzbJ_{?SEvByvpfk`{6j0GLk46v=2`qwhG}Pc^?VQ7FD2hl~mfjE_}( zG94Zh+S?CJr2rZHVHAKX6sGn3tu#}X7X0tJr8XVyp>bp*5S88|u~nw>k0j&|WqPBY zJo-p|nAz{PMESN-%uKquLD|d$?|NG&oxPdLclUtz?jHK#z0J=S23xZn1mkY=XXVhn z>(z!`X^m54R*OHk8^mNA@x*46-p!5Vyp;4ROZuIyG6yxC zN_XJt8%C{`TfN*)`|~s&zwo()h5xoi+*#gHwePcbbAQ-#e!q6b@Hc-k2f__EF^0=Y ziR#5to`2fSdX+)f9^Sv&3sOG4#fDi-FkFo!mmTwSUxxc+sPnmp+IrtKjEo`})E+zS z=K7Kth4{}fIw9yYjMBgA?riEAII+Or*j1*#;@5)$l>fF><|Kqk53mUwv_3=+7do?fI; zKhSZqK^0NY*Nd_+h}xnf6tN8Ik{uETvl_B3R;2A0P6l*yf$qCL+bkg&s6;pO{9V>oK}g#F9o2w3W08pnZOKb-vJ{q0w| z!^FP4)i@5XK$ITc>?gn8!j-+D-I25xu=rcr!LObZyvG-S% z%5&E#-cZZ}{CvLj@!r*LEHb7O`X#+Skr!MKRYeyFxu%GdMV;$t6xQO%wYk@mzfR=F zGt5+z`q&wRsmbskWbHxW&zb82$Cw8Um9`%2E;3{H15uZDjZ3T)G!4}O4k^X$A*J@~ zODUB2K7gi_Xr5J?i1UvkjGJCAI=+yD%-x`@xLr6!;l)V-rd7!dmDAq}!GatQG5JBh ztqI?BY{;p4@fS|0=Na>GxwW;YC-RE&bR`)^RqNuEfD^_?`Ld&Hk5J|^Vs-LhSA3X1#6V)aGVOC3 z=h^jl_a&N(jja%|Plq09&4ygaT7K@&;V>_0{UJKx?p*ZTW1S>IX=66gCWlLS9edy^ zSpsidRrDCaRr#z22?4_+X%1V3Brp^j8q@`Yn^BsE)JQr%zZu_@r~DUGrWsM#j^9xL z9BV4yG6h6?2V?d)=&JJrjha^qsO(CNu8npXdOlShaIp@$m#7Bi4=Z+YvD!-(Xx90QZ8y z1bvRwyOSQngC(UrXZB$o73ze@XE~3=w~fP?%Gl={8$6qV1UD$F8>Mav#grVQn-m4tACq}-FxJCv^m6>(K}kpaw~_jFq43lr;V_5m*o(4yFG$3 z9-qE>Bx2xzOFa@RZk;PU6K0>5ThVHayOvKCtSGk8@{9dETKpbdmq>~6W+a`?#ENn%1#5mi1-+PI3M?NtA9JSm?nR^Lfu113aJ z1J(?mR{c!{k)5g=pLiqkt8qCpJ;&F0sz#%1lKpO}eLbs87()K=ALyp9x~_r#R#D!# zBu8YpV-A7Bb~sk`w76|GKE!hLlp$XyGM8(D6&awn~d3>C$b)hETUrjMq%hn{hj zmgz{u2m6uil`GEqeJw=|$E#83Z$eB}R6-g~PjPp_QF;EIl<5mn*FM1dc$g*G|HvRc9bYzty+29GVf4qRr3%R->sS zhw=u@c0l&@R!c-8{W?FxL{GBCt?(anjv2PeGM2S3_r((<^!(f9B7};Uu*cqfzsSIe z12GVdD^XfJsKERHVo?JPWv(y6oo@PVI20(r?tZ?d*lWWt-_HjiR9*Zbo3ziLO5(lL zWzo%GoMB|YRx(I3W3UN+k%J1Ehz=&tfMh-C>a$ z{?m)=K6CSIi^T#m>;%<{HuDSLH%WPYQS9ZAdT5T1E_y6EZ6lHE<>Q|M5`mn19n!u+ z4(=&)ZL+5*^SL5}7-<-~Eb0o&)Y!9#Rg~w4IH+?NG<||tua_&@3Al! zBXawMZdH;51_cV8|& zSwc_d=mvUN)SZ3L;43V=y(s+<%zU#y#gg2too;~jgcZt+HH{U7; zA-m2CU}s3pI&Vw^@AZPV{TXHSd8KT?hJ2Y*o-V?19bw2toQFHU8MBd2giLEneD)X? zmVdIDk5qWnCC!u8IBnVrOQDCgoI=@95lHQeV|t~7)VYwM+y>LtTvCiz+4T-%;QY4G zeI!GQN0X_sTjLrQkVdTf0GAXRaAMLlgS)Zcj?WE8`}+Yjfms$j-zYMN$G?f z>pn}8MEEh`pEpr9#%^&#ZqHL|5o`GB(yKW$BZ@KV*0KNA{@Um46|A^Hv>@skX!fxA zSV~gC7Y26Li3_R7{(>3?sRv5J$?%?;S5d2T@s|v=8s){F&@$-5aR=B+ zxXDAAt&4fBz+H-33tkp5mNkCxiYPVeaQ~`2D|Hrl?cPu za;sa>Vy@GCQEPn%gJ9qlpsm#eQ&)}N17jpn`oXuMUY=>YBe7!3U?HJY@8s#tq^B!+ zh_#YbI7Krnz%IXe=^W1Ey{NU@@T^8aHn20!9>EqgmFCGS+O{?B**)_+o#r8RG{h1U z7r=Hz?uyggBO(Cl5n|)$~A|RdONz5*^#WF|JzZ_u8~kjK2-yY#Lc>UT$-ZH zy)`gtRu+d}3|&y#yRslY=H%y1B1qxr+};bdV*D|xVc@H>hDyBW$3-h)XAMY4VZQ*E z^pqv{zh`TM9acuohFr2B_JymTkcZ@~+#;NU%j8F0A3sqX{Lpn-J~kDM^6o#sk2Z^# zSM(&=Eop=&vc!ly<-2)@`24b(8O~mo0xSq~K=cv&&*|jWf`286_G7zScAxg8*g2*x zLf{Z4x-#$2rsJnRupybPt)rgHTba%>IfOx3id!;C3n!c!ZT`fxv^HX##^;-NW3H{C zE`S9;&U3%dq@o{NaK&gzLh{8BX}i-~ZD|}JNg=B~9?+|B?I0?$*uh>CEiZ~kSwV)v zPqP9hPb^=Wu#w7zG-#?v#hI-XsQ=~YP#P;AABygS@mDr36}B*8Qsi2~K1Zc@FnaC$Und9L2=qD+ZaNZ2^&1g;(-E z+po4A9;sHvLn=}-@tCoBB?ielm81(1SD8?79#+L4k6MH4R%K&MQmKO+q}5ZgG6j+8+sGQeocSdT=_c3s1B^4Ss>)_50&srwGGFxf3djTIlr70^+d*5oW z*Bx9CigEM>{xvefSBq2q_^-t+uwj=v)u7+d2$3?I#v)dy@bZU2>}%=4Wn(14lEp1S zVM@Zf_@0UBAP57A|8rG%Y8~pYm)iLxb@37YF)yU!l9E9ND@14+L(sfEt-E=mZL!q( zJkyI5^a0?sk3R$Ji5q$jIKnf>cB_ET)^V^?UxNxah+x;b{ab#~r8K3e=-TzOIkX( z5s+^OmQ*1eey`KCtw0lUf(M@|%M=RiO0)`Joz}#;*y}hsDNY__iX^Y7j>oGu6xg6 zc=d3P$c9$?V_yL#?hYo8u&|qyG!h77IJ1;*_+$wbdoTI}SQsX-*~fOm_B^%~ z2=^8X+ZsE9zx)br5kcKWA5NHZ-G%GovvEvDET7HnJ))t2Pt|q;M>>4`fu(&S{5dt* zfRB1zfWrx-R>cAmu8HtJ4{)3x!iT$4$1_Ok-3?OX;lL ztB6BS$+^7cP3=+RHA=709Y6SSw0>Aa zEc8<6b)lT=y?g%F^#kJ-i98?HQKB~%@;Vx%b^{G(UlJ4A13}H{HrMqSyWn)QK!zGD z-@dTg^t_?3ThAWDl{dws$@pKH zFWd^mJi`;^=q|4DnaTo5nPi(dO$23*0}wdeo~a&Zx=sB~AAS^XgZsE|qoJqpCnC$X zZK9%@I?j>*;$g|h1@j?|96vw$^1MR_FYJNrm_x|vKjm-{1V`%!GfnQWDqjj~&ztbN zD@@S^Mwk=HdoI_WBdxzyy#+|QrcHbuXrD;)U9ow7l~-Gr@wH(Cn}b<&3F$4j69WSU z;v40Tmr+eUREu5h&JQ4+EJbF-M0i?>{}UkR+M#9G`=Wf1)kxjZ&zaNCfNnfN(!qJ# zzAj;dV-$Sqcl^M2&Hkto?eL}xW}SVGw}P95LRRep0U1Ir^Z{aWNJSeL+>f6fi+Dtv znJJ&?;$wfJX&J!XM{VQy3o6-u4=YH&ih+cz~7CS!WA zy)73Ai*`}uQGg);R#~`bqRXzBg~blmBI>+mum5zT3N}3$_`KO-TgG$2Eykscb{B}L zD3AyD?{UrcnpXqkE)bdAT@rp-{UiX-%+c5K^C!Z3rgc7k&f|0a7_Hd209B{{#1rrU z?!hTf~SvLSgkyl;`e z=4sSo0Df#fqoysV_Vjs|=_R>m5;U~9YN;BnBQun690RE?=nm#gE#m%8#E-Uvd8&P^ zeKk1_y(5{(j~ZN`JLC=Z^7+UVUxix&&$HZXl`oo7*gK1Ox(=oH0`qn=IKy{*`1~4* z;Fa8WE<4;bLfBgjQMdK@UHKk+4Dk{^MRz+gF-zV z!Ja*9zx4C+tfW~xFZBDO^7f?obf3n{lDr+Hw`ZfQGiT9URodTd|Jo{(+a8E(tfmF` zXm%l*1`c=9mnx(jBTHgvTM+pBx9bPjWcGBcp$Af&q=4E1il1yClf#Cuy>r6%o_-H# zFR(4-1Db!u_G>O=7sr0s$B6O0Rc91pqC#7};IVor$U204t`{zMt1z+rD!D;fw#STz z47%P4#rdh&yZQ}P!#Dc$9)`1zv%==UE`UwakaE}kYZLEU&|eetEEBRN2`f%m2eF#*=DT(5y)9m9YS*h zcJ4tpe4tZM%N@*#ifZZu=h9N4IQoDH+GgaK4F2=A(E5vC)r?EtWSomoCbaY#EHxFm zn9jmr%TyCB^(Ehdxlz_W7R1z^stB`@^wI~UZK_d}T)p5PlwE+8MzNT=JPk*kgJL$? z43LByL^TrJCR?Sb{>&+lCR<(JV$7oYWf#DI%5(o;RmVKyl)dAKyyVi)&z`8^KB_tq zS4HwRb(Wd6E`8q$J5WbeO|Q{FRB%RJBU3#4Ls^gNrDn&BXO!K!3Uv|K&4=ac{6Z|3 z>M$)Wsw#g7OAjOi){G}VW+Ud`%J*J+#nMRmW4{(m7H`Ec{r%S9EB!{!Db2QGdiL}C zkD`_W*L6$F-{XMY%^kSbzPCi&aTuu-iVYStw?-`QqSuOY6nIl68lwtNB?HOe%b;7ZbJ@M5qje)q;smff4=wP~3 zu;7etz-PJla@D!zX}tvqG$huv?D*o;E*pSX{DSAXq!pNe^!fKL)$ohny~vCGE-=sN$TTkAZ6ermE8eg&v2JzL_k2ha zjVmLfP)DCwBQTu^4h>P9MBoiSGcxsSaC8NQEs+Yi|0xJ1L~x+ir@l1({D)Hs^0Xdd zwFc}UDBYeV5=UD5YX(OAe?i)5R@l>qzAtyHqGjy4^i$fM!)qL0#@66=j9qTqoA#T$ z4RfL*UOx~5rdDzsXE~mJ>AUU-cwa4}>%yI=(u>OUX$bhXTxD-{jCZrvJ2oXB$oP4D z@LHL=B92%)5MX>6+;7r70Xu83h^y!0A0|9K2`JzR33%c)ZCjhim1Z9e2I%UU=UK)4 zgQC5jI4uQc_J`);E;D~vBF`VZ+ie|*E24zga|^Q{M2@J?J*v16jeEy$ESBmR;Jlru z{>5T3llorW(&s|`GAXmTlUi~vXNyK-{Sb!IgB9(GR6~l7sToXwQtzuM=Gib}7zau6 za8r-JCV+QDrl1lt%v@i9Bgep@i=hNvyki;wW`H{rShS@)22!Uv{yX8!pr%my@WW!) zo4~Cd#e5G8!txCxrywsqJ$_u)Feg=F69S7|Sl4_UglkMB$(aC)tmOgFjR&hyG$Ln9C$?baFzaS{F&>0Vtmtt9# zkZrT+r=G|_REn`%s{J_C!?pkWR&Yci{WcUnKYAx%0OIgD#B?vJB`d6hh|Xb$Vh!*P zY>3{0jW2t!K_=LNol{-#VEY_VfFW*I|=`| z_P7xS3GRS6Oq}FDe`|fd{sHa0yktBJICpKFQ)xY}#{;sA7=h%pO!?A-0MJ$2B zA#Fe7LtJ-pBJErdj*BvjeudUL?>Ds_ljH%1sQYOA2*I_~7al{% zgoH{t$qS&my2_B`7P=}sZ$JKrG7Jj&qq#D&+-cE_o3Hwg!8^`zKRl)1VFm~XhpC}^ z>Tj@~lw!9yX}iBjyy!>J2eM!X?Hj>@RW9S_HTkkQQ$CG`K=phx8E5=tR+>$vZJFmr zrW0T{yIuu~&EB@Urj!`jVRd9*StadH(&Wqwjb9$z5o^#CPW$&Qzx_VGr`&H$pppt= z`jXrMbbnAW>WiJ71aup4w1+L0^o#ij@?`VUn%cm zuRdS;A38YQ=^dl-RS9g0QUjjb_-F9JDZKMd2Zwb!nEQWgnM+dn8%yQ6PY2=KR`t<2 zW@miM5!|+QiYgY~m6(+aTUoBT&Rc@)zzBb5;XBOi(6N0%_QyRExRK7i+v4b=yE`=T z5$af7LQz7G^Yer6U-?_q=m@LMHs>Jxx=u>yw)4)w1)HUMMDXh_T$AL9`wY9O;Cl8V zYEYwdMBhmk7a_#_eFHxG&Ug5iX6t|DK!4%OD%hhL%Z^1=R~Y7>irmt+dgZ&AtQ2e< zJ*cyOA^9WTohBsK#3~)i3$fvTf0Xte$#85;*|D%B@f&NxO%iW-F?n|G9#L#~&E}Hx z4t}Tg-;SY=;?@6c6*LL_NnEGY;I(M(wL20EASnp}iy`%qDlz<@E!ev{t*X1zm}2^l zuFG#zR*?6wt)YtY?aVf*(kRFK*LTU;m$@BG;(6-g5>{oG4^t8}Z%H7RpYxUdg%KxI z=ws@227Pw-IrU?k zB?npkn^)Vt%Sf&wSw9Mwv*gm5wn*{7ZrrzO=)CIi+Lk_id@qJBwIX?@)&}aHoG$Ph z4$0ynE^Ye5KAfBeU9&Njh?Ze9<(7Em7km&wSf3Z>ULLanQ4RN zkV|225O_XaH{y?_(LK}_etew zgCCH@7OokizrUYdx8S5x3o~KNsa7@!prO1X-)0qrY%(w!*r2qK9*v_o{JF1UQvbH%si13G|Q5VR_I3Qv29sWSv* z$3>EmXF(u-8gS7LH8~Ax6hwpQ$o9#cf~!6egGjy!8k?f2S+s;wYeTV@=4Y*T;-m@N zy;ra^KIDo^e{m3lg0?Fp!vR|^vJZ`t^~_KL&<@7%9;xa(=lDaC?jX=}J3})sDhbs< z3}`C`y!xjwXVB=6BZYLLU)fS&_m;WsoV|1DD4%O|Nd3KL9zA0GcD*W~R}m4&2@oL$ z*hXSA$!gol(5;j#YQs}D(*=F#8s9@kj>5swm-9}pRa;k(nzwaez_}GibGpJoSLrn^ z%7v{);#EC1oPXTQprtZ)=un-ENNRr1thW}+3BKngerEf_toc`d=<+yx`=aO$?|M3l zvBS|Y+J5Sv=s8lCN=mH3>U^iJS}*L8fj2k|C>u*hN>2h@4Mh>(Cl6s2wtINXA|6d`%a(RScBf2#u> z8@I{~QPaLl|27&UvEHfNgrU- z9{2@+3Gc?3wUqz#Vu&|6vE&8_B5?DcqNoy{79nJH(z(6k9TsZw8LDc9PID#vdL~tT zW>I=PSGork1Fvvj22gwkIXuHdIg+DGcmbJ9dB8bUOs zi*?QA?#Z)8H75~H2@?aW)BNEdh6gO@XvXyG=xh}Ig9_xHF1PQkd>Oik2gwdTEwDL{ z-<2PL1p2t5wFfhlzV7tY2B1I{8hBh2yo~LPSg+1LO;}PoQ!jTj7cAOjS_^I*aLFyY zW@-y2jOX23ZXe{(urs<3joAK}^@0dH4C_;NexeX&WYlhc>RlL*^)0KdFV#oICcJ2o zR{QMtB zX>V>WYIARHwOH$J8^;y?@25CmTZk06OIdBuLah@hl9LLM8$nj$AEICkcZcLeyEB`a zSu(UMpwH4r>yz|5vls4?l%4eQMW4i3(HZ@l z!I(uYg-$bRS=1YqSmVsx$LE1{he1WVlGcF@)AmGFw}r4GmmV}A_=ppnB}UKHqWz8& z<=&|e!lpQzi_FP!b1@T6C9Xq?vsAjos>0Vo|Dy5*Ih(wiwr;Uv9WRt$mb21H3vr%Z z!%hh{RDYwlI8<6@6L<*wbBck$+@wTly+WZ8K3aIGg-+7 zoe}f;*FXMAx50_MOS-?66>k>h9)^v*m95Vk=&h8Em2YciTT6d;dQusS4_7I_@ta94 zDF}-5bi`^A>vgx3P(K$NSVH%Y+N?Dx=gO`=;t`m16IaV`^ml=}A|6p8trx%`dw`v! z95uR)so3{nzVEu2wYqQYpvsD^8te5sw)N$_3Mad0M2(en1!REJLh3}4)MA!NM@}ZC zruUrUt0<=I<@B~sj+c>w{K!ws4FRuk2=V-B52&#}{VxgikXblvTD2hxawRWydaN;Pyna)ABl60vMQ%I@e)0QV{ z&<;>k7!?7hdP8fmab))F2Glb3LGH!kAUggW0#jsSGc)GV!6kjj25CPc*zo*MrAi*z zY1?4Ie-1FH=<3t?t$-Bh2(ltDdC z+_C_faz1?K+Yl2cR!v>&a%Tccg%|7%K`6I0SDBpZ-^UbMg3bBa61A1Aa*xl2eRzI; zIck*oLrfw~`JLDo#&R@)e4En?Ys!Ml#y2oAugVEb&PA1NPRgM7{iR7tZm8irII0)! z|7-2NX#g+^1@5i~yro!$gsftd%0gdaiHPRxuFM18E zimS`0aZ?oB6a^=K;%ObV_Blsw^VwGn9xw+|A|ORJ^i%zHsPCUtwt{Zd0`;@P>IV&& z1AXmPgtP6el^;8aDYa2e?*nIsiq-9 zAbiNHoM#6VO^30I2^hYt1EL9;(pAOXl0kzM^+jTwcSzo2y63bx=bnJ7(P_EpmsZDl zJFGDtrG~kaFcDUNqq;y(V2GQr6I~(TL`+m_p+^mWm2esU70lT$NyKkDA2A221QvzS zf#;)(P)F*luEd;!jxLPWA+;S(PcO%GeB5RLpL`Lz{59)PWvrN)(jTb&djm+&u9-qc z^mp3l(x&96AGae+YLd}lyd6eeIqOcN+c6b)cpkd$jWsJY)-VF!cL=CEU4Pev+r4S0 z`AI9bBl5X-BD>O#vDJyJn-q=giNHYbZ%a%#&ok?B2myGWHbijJ&H{rD-9!8NspG25 zRDFHdO;`^Ew}qW^UPDxhyy7AMuPW5|hQ*lHk`@yAR;Cl5SQMT9WF1r|7)Jxg{A>QXR*=Pl-O7pc76V? z)xV>S-xRXHl(qPc&uxBQC?pfcj;!~{nCwom@`F(H&~$kpquFNbq6bwqgaZx3ZU#b%O2KbFacmHaR*aGray=bVGd!-MKP=(IINOkc+>~{(I{Rq`Iu_D z5xx47Cq!Ns-O!tBaJ2Ou;yuFPT%R3;+z13ij<9Ea?o8()e^icb z+SdzF*lICAJ?`wmp>6H`48YqH+FJOz1B>r157gfWKFG$y`%paSY5dgr)@yg4^<<{> zo?rf_o(ux^&%3zY&SyJ(0~vOc?ysMi#oW$RTFs-bUA{_q2=0zh7z*^N$S=7^VK%L; z{_5RboG0&9`sxND17U0E`{3>O-Jd&m6nc8z@9pP@gXxXIvnYGDa@#ke&X_c~$9m=b z@INe>K-2KQD4S!{G9a~i5$awee!Z2vQ(r@kY;5S($3f4q=F6~4v29{ZazIwyjMif8&FFF1QY-O00;n%aLibwNvb}SQUCx*j{^V^0001OVQFquWo>Y5VRU6KYIARH z?S1KX+c?tb|9%P{&3BKTNo1{d?0hqQBX6<1+wzvA`)DWRjB2!-x#L!Um7QW z3?zMv{b8tJi<8IJcUq-ht?iYo&2qI?;ejH`Gt}-5j1`g9!Pc`TOaCZ+K;v_=q{FWs zfT{_ygr=!&Rnh;Z%5u8-grXgc$sb8CunXDAyYUxr=F`=ETnsyrvdZvWY0m`A_}lBNTeN24?47=29XUQL_k=B7G?tqKNbOpe%tuqBFg55 z{r$$fcYh`<+Pl{1HAP|<%~~JrxflsTi1Geh9xyG56=%A@Y4G#_#Qh6_Q)Nx=>r4j` zfdoW!pc>E(C9npEI3}zrussoYXajNyLByaYl4sXx``sC6a|3_4@$OHjm3<(W5O@-M zaA-Ez!NYqR4(EXl?C;w=`pOSqZKt}u)7af<*0*7-sHtWgq$lBqW#omKoADDMQo3GKWhTPA)jBpDARQ5VL3g8gZ)Vu`m zB~yn8H{N~Ns5tn))d8HL!eeernlKpZT4m!yQtz_Jl{Y>ZlJH^xlSnr`U=vmbS;IRQ zbZ4wvi|JVCqdI?XZj2rHt`uNigRJO)=n%QK@qvi|(?e7?K-M*Vt;)Q?IXiBxR%b`R zw+t@|f7q^~b#Hvw5V;Nf3u7+7V=mtsBeFa03i*)0wG>4QAci?$(hi!l641lOOaCS# z1Y~)>d?e{A+deF7)-jg{=+Z623r@B1G^v@F{wRhFQer}vXiBS_lvazRw0hbVkVlB6 zxjF$pyPp?fU4p{LTtS%F7v-r&J~Z$6$wXaW22m?wDx$9Y@hy_b>KTYk5i=9nwFL$R zQPq=)svagP2t{9jvZal0s-TT#K6;92;U%T`fr3;N-8!0p8c77yNC7grb1dyNh_utl zjdmI|w9{Ba+G$YIPGfCpr;$uMjWF$q@LR}}S&1)e>;(9zhWMSAUZOe&DTUN7nns!? zjnpG)q)7!JxmzrCG>O#F%#AvlG}O^tL+WT!Qb%)bsiT=p9nCOxXn<9@VHuyV3=iK& z9^@~*^by%TNFc<9QL52Z?->fI9^L4#zdcQRA}ftF3uR#^4s34p;JVHKL{r^%(#^C@ zw{CL3ShCwDlHGQ0WVcO2cH3)6cH5L>x4pJxx1CIO+mU1kUf~`>C6h#T{_hAx7wQ~A zbG~-bP&cKC}}E0lvzT18RiiNM2oD%MunD6P5X zYgQ3FM%sF{-Z0;m%8Cjm0+_ljCCm6rqSTPR&m~y@V@>Hh5%*;WE=BXZp03N7IDJp{N2ZgKb>X4V}W4lg2!fW zE!X#E5NWJsZ1Q5JfC6*;j3nWaYc>4S-<|LV z=zQmFkM%s^|C;cqlVk?>bhT-&~3J_Z%zK2%hkVfi3SQ4)NWK290od?eQx+sqkbv(kI?4+GDUQ;ggkiHiw1v9c&pr|2 z>?7z^I6PiU5rX%YkNg2xv-Sv z-@GuB3W`9ropKfaQwz6rw(on){s;FkC;)vY?m+-4iNiz)4$k+S2?!kJI{LbF7u_9! zS;W^~e+MM|SjtF{3!|UEL!bQ}1RR-Upr{08IqQ;&0!lN#zE{QYF1z>JHM-w6{OA%r zGsh}yPY?xb+k9e2__>|5?+ARAmG}c$G`*w#ag2XR4XJN@=c)%128Lldh~66Vf$ z(zb}p5j4c1F0%ylLJZ4z%;5{jWDiw-@)vxAzZ+t=*?D`(N+B?6=|HcjnkPaIDrn9A^Z_ z8{Hq?XqWJp`}zL8t4v$1+k;k1ZXLq^b=s}g5Ki-Yv|ri1X`R3?TQ~Q3o$%k5`*U>A zn%*4m54iThjeL&U>bLOY!4X_{8?GA;-MWDv9PhPm;F4Q6xBIv4;l=&Ym!sP8aDR6C zdVF}cKVpyC?dsX<^!A}s?YBl3_0!p4FgiOPa$mpP%HkEolg zEqoiloINXNk7H#=P+rutANu)YUH>R-8`}Bd>&4TT*WKsSnSOp(yL@`A?LB|18z(~Z z{hhdN^yM9(zV1%0t9$)k!lj)JYKjxAn_vZ-h&jD<7xZmQ;{kb`9;I^+v zNBfPXzZ#d|b{ zJEojH-`6jH47RUEmq)kv-%dJ5;@N%e_TfR~zdk-F&)>d0jK9@~3M*Y!`KNCUa3byu zj^{7Ot;#Jw4pJ-(f$hUzBh4gBN-B z__f(mYG0q8pQlgC_pY-iZy;fX#~>+f$)FWTP@zr1fvzkdD7U%|sZ5jhCv>{R@5 zcFsNUlJNBUxcdN3C&v{*ZOZ+_`m}S^)W22^UK*Fu{ulZ2R*~9={j1KE{PlUi**s<| z(;vIvpcHWa{?vE|E&i6hI-6?!eNhFSsU}|tjrN)RdcM8=<>I;8RDV3bZY%G{@4r+8 ze)r+)xpcSvv2oiwpPu(#``<)~y;Rz@v$L1?y}{^Y8%(Zm_Sow6{$$wbRK8rlj`Y2A z_J^eF2etENuU7Tw_3cE*q^F=j!GwFJ!-57VzS6oZdpT0>?`o+`Tc5ip*nLT(FPLIUe_RjnJ;r^7< zrPj8(eRuNlY9jP+`}+_E{&+?;i_2a6+ zkGP{+zk1SqYK+yVi!U1cO*z(IMCI$#o_YH)jYYmM0 zQ=R+B%RfHu-R*yUfcO8y<+a#&|5&NCTKpIs-n|-U4|0tK>KtEOP{{G$TK6kq#SNns0=jpljd|R)+|DiQM)(*zQ z&X|3uT+Aw8-+xt4W?J*xMeFO7{U%pF!mc~FO;$fu8#leDC;dV1A0HX=lRmjTKRUg9 z&~`75W*<-3{NLQ1`x)-fXkWY^RW57I*P1eUZZrk#xf3^Wpx*cDr%0Kc0+*>*m4xv))1PUcZ^_!t3Gb_M7^Ae|s!z zmp{IWy<2#M-%f9;JNlOw@m4#1I#jhUt=rcJNKU)^*T-Mv_xqLO$LG2<95;4vchr|o z{lb6@|{O;!V_IBE?O(tCXwY{tF9_>GTz3Ol$+jlS8;qaP$ojmN-cXm`m-D$k< zZ$Di~&)mbutB04nZIzemynf!V)ihA=>+Q3uG(FwzoxO>&snT6`Ega*UejS zcD=uAXwofzR(-lZJ%2gd9qnH2Jnl^n+tb0mUK_U>$KytCZ(?+=_KuIgHLn{x9D80L zZ9i3ZTdjNc>yHLIdUi;pk}ezQ$M7lUIoQuRnI5j;rvjj_NYp5o51*FdaM_=ckv_NB!g34!E1m zcKG`9)3(MPas1iY+1`7#Go1Z+d3>l!y<5Ka{$cX^t$BH-UUr6e#>dN-_v**K+JD+U zthCzv&c~**d;k8jeR*1|JSeB*vC%V59{6KJIpO8z*I8wBp>^uhqtpGz_WQ3@{v5h#dX-!m0>w~4ArBtpaJaz7I}NJK4g%5FV6rHui*fu5(s5iC^*Z1NIVj? z1=u_Y9c#d5$V`q!aZVO35AzRj6jq#Rs1F)XF<&0wH-AW8d0Ox;3VW-wQ1R7t25J!l zfJARgn?(Y=DjS0#2ILRP5#>KHvN~WT;fED!!Lbq?6+)@V*aew&JlGY!bBqKE=#&7>JfPtceavi$uawczq5fH@RY43~KjVK;S> z@_=yxnSEJ~WQ}y1*h+Qq6gsB&dc?@EqhYFvj@jC5Pq1W04?*K9PwY$3H1U8F*N{N8 z;YRi?4P^~GG?0z4WCBJi)HRC(TS^q>THFU)@Ck+#7Z9|cB)I=1jt5UzGsf91e(o;4VbjI^fq8&M^{d711`&Mxvx*o<-F6h&i%@=q;x3%1Mt&yJoMRnW(#vkDLTf+XO}rsAHoW}fsdz>W{mdxd_& z7Dt-z;&vHchYExz!mjFRSg%$SR~xngLMARD%bX4`8%R<}>{7>O^csqLgEB^#+TutF z&qBZVwk20Ko#x`lO*S)!+FQVPy};9S^vak=sW-qHA;`W24Kt+l8)`#jZ5E4zuc*2R zIvCTgIQ?;0y;2^E)r%7Wt9Etps&|LvN8y;xfvr6jRJgbLRAxk=BaVdj*^9hTSXY6* z#au}uloKZq*%5cQ?9b>c&1ot~3xxwfXWYC2WU*S(N+ z5~0v^InF+u(0f4}yjyP6?&^(C+k5bzH@?Bv7Ol$$?_&{hZMHOZpR_&FwNH7(b7~4f zt@+UX(>6HGrz2;?8ZW-w4dI;>d>NUtf!u2-X`2Y|qA@E@S*T2i@&Ld10?qs#-e^e0 z=;=@fM+N}vDLC*B`o|vz3bxVEYqO#X05boX^M0Iu75O1+YP682k|?u$COtib73dXw zIs}q~5a#~7bF30S>eYI!T>V(CH|DqzS9nwz^_Ng4M3n1pU1;{H)7gSldx%g4ozGi3 zkBrx4$P)(+vo_~(Adh=8gKVNJJ&6>p>D$t_q<XTW%%_{a{Tq72$@FqC*CP&|dVSw<`slR`9v4U_1I6ES?$Zsr z?C=x}n!-N5r60na7u}N2L}V9zBxr`>MCeb%5{Eq*!c_ zCE@`POSDCHl*bvp%s~#PvYc-EgQj#Tu))pabZ-HFj?7pcQ?*#%gSGA{ba$kD*Nb{J z9Z68OXUqYkZmk1W7k@H?(hQxbn{wx5yL1QF!g8OCP#^Er(zmq}+pO)pxWV<)?G-Sa`X z6x?JrQiaM&qqz{PCEaWT`P}GyA!sPu29iORF7DmQO08NQ9bizeEr3!< zol8C+TN%nI$-Dit3-OionftgGBsek_E77(ounY;ut$w~_bBqanB6Pc(Wa%jLTy@#a0X@w z%Su%7Y?+o37tMm12dfBWR)XgkEayb*;@Dpjlb!`Sq9l=)TUIU8o@e27q(#o4K42}7k*AXRa4?e%)t7*ScH~UTqZcJp zYm0Mhid4$|5)iyEhO7?l28WO43NG@O zS`@H26}{edo%XteP=fN<0US3Nlw1;&bzw|z>v6fqv6{j-6XYIW;ZOPEqI`JBY#Q*^ zhnK$0voqS8GP}ho;2{1HKl<11YI~m=^-uNP_tpBRDmm{HakTj@PPC_YJ*+gM1(7I}QlWw7y#B3M$1^X%(V`I!f`L73sFnEWn>4vj~(d}wA)m?8+m{t<2 z(M>`?QI?;u5(oHv?jX6}*FgHCx-z?EIVsacK{NfuaXJY_;S+gobF{7ol_j@;>^yOH1(zAkzpAT3Fd?hC&63- zrnHXYpsBQgHB#kqbai?q9{0*ZhnF5kiFSFO%rV(`V0}&GaCh0=G^t34mK1Yb1+t_xPi)F#;Uzw9GI%+FIJlB)Zg zbCICnqY_HgmQf42gnd(~5CIf0wHU|aT{YckP(EM|03IdBF|*R9WS>8yf|5q$TAYSb zIK~9OD;#6+PvIC70l*S`O(yl9E!Ffx{TItNO)MYi8@q5eVb@W6VWMX>FmkuarQ-glQ&CGcj(f zK~ynl3_xkE(jFZQZt5avIu|+15rmg`;GE1SIVYsqZQo8eGSTBoQ4q>M8atqI*GOv% z@Y(?`p}vLKGh%bNtZBkMlXT~$rke~f_fbuuwIv;*%R~$rg{lA`KP^SM7k(-8z?JJVCnpx9N%7i8`N~HPepUrY2i#DS zMR|~vHfI5ABP)b=E=0Mn)~xlH55DAbjhb$}7eHr`p=y~_N?Gk9wR3DP1V^9yHJ|C0 z#<3_;V&=rL=n~!21^1L@$w~64^4LQhilyq6D$^B`P*CpdtM+5MM8X-dP3w@aHKQpgk1R`mmbPfI|rIR#5vBKd}j&w zE0yArDRmj@bz#=o3wB(*?vabI3BiWEd@N{7HQcdK?3)N`;>*SxG;=`|RSd{Zy310) z!7B#&$ z%wLid0Yg!N&XZ;plsnY*M9YmmPfwPi5)$Ldw+!fr#-)!Bi}g9}zs z;NmXeuW@e(`CrPSGGyxqDZEDJIR!jhV_CCt?)EOl%r9t)$j&a8gweTDPCn@D2}WKf z3VXGvu9o;Bod$?BfZ(>&A&egiI zrlxMLG74ph*cEe7D^hT6g?WDv+7cyus&tzRLs!3EkxJYRW-XA!neFiHO8_$!^dWi$ z)d1t0jd5qAzWrA&S|?7OJxM_lo%@f<5!30?&&+>Xz6py1OCCE@%3A7k!g&fU2UJuh ziPdel1MBoCB0-!<7oHEEPBXx5vu2V_i5Qe=VCc)Qr=Nd~Q8#_^;&g~>)~zV8w!qpv zu{LClpv+>O%_5Ok`svgGj*HvCpf+0UpZ_Om|FWi0FE-E`*{8!VPO=?)>y#JrEZx}Y z?$6j`apYFH?|8fACJy9(L@BEGq$w6l>rRW?Qo7XQw)AebCdkyTwYWLGdo6CB!Nu0w zFO{3EuVWflTVKaC?zY~Jsa$SxM_MOZ+&H!CtqEI3_gmbV+65Q=P*jR~L(IvM0-S6hhdl zBjo66roO?LsN(VdE!ocIQV5IZci+g%*z)25-C0!e6iJwWp~zP}ffsleG5I{$paV=qn7(0p?A%=N4s zJ!Ql<>CF9y0Oe0cbwXB?h-;0KN9D7ho>#=BznCQLU4Us))_7jAqXX63bzo&jkm~~# zUI>bzyL?|(oyS6|!p-ZjaH?nDH@o_LNX{F8zC@a{)uZJ?{N0o|mVRx+QJ-2L{wx&%Ibr&^n zecAJJrj)$gIn5lDX{KG&gEe)k&k#g;zCKf@09_~)^r=A?3I=`3(1n8Wc0B?VS<_ju zOHuV0H_wx@QI+1MPx|96T&GLRjBbvxPL^GdS!89N+{?4)ql12{p3AwNcTuyAywab# zX4_Mzvn6N@I)4U2UR%rJZEgG_tIt+YvyD1Z@+W2v_V!y>z;RMM#DWu}Q&*W@QvAcZ zo_!2M$sFgf#2AM+xUFep8I~T$u()agZ^gdJBxlD@lQgvmOG7no0GumR> zGUuYpP`1=JP(Mps!P`UXI`cWym|Y4+rw!Z5#febq(s`%luYN9NQ;QPyd2l0YFPwb* zKInX)bD1mI?|G%{bp`GvmL}2V6FIwY`niObB1AQpDK*(pIncFv9+ZsM8@Dw@mX;eD zi?8#gAR0%d>-pwebTC`AGMc+pBPH`#i=eg@xr47Ps4PzasKv^2+51{!33{*cX>jUE}K}8>n)y>Y(p81m%qTC6f&@6DeoMxBf#6&$bmq)^U$Osy37wE~lF?z%~uFwK19a?^xn zEXZ$R!(hX~HUVnJ77wa@lf`ERPK3=eBxTazcv7?nR450crG2C_uTO zo8V?{qA+91$mV7WB$OlCb+7<}nDv!xdrSLOLMtG*K z3dB^IsOEC*Svy(Gf6l+4Oct>L3%Zv&fK$OLJoHxl`pb!Mo4Yzff}xN|-WJ3@m-=HA zA;;)bncqI618I>mwQmo1&5veGC6GiouYBZLl@`Ie^)Cy&P{tp^J6 zby%%H5%EUNHcEH0Qma-+2Y9AyM+KzVP}uWA5Jd=kuyaD+#M4@JaDTrKaIBFy>*7m| zRs@;Ldli>;PaCy&CdpIDtO&0$eOWb8MZ+T7vP1J0ro_j2a;#l)zZl(kiLx_f*Rp1) zpo<<#l4D$`*hT3QOn`cXMg~bT5xg->-j&qOWF2vc5z8%>8j>{+g6D%=cQnCq`I|SE z7zOy#oBau&5+N-?CT^(M-NnJRNRUe{MK}X9ByiCn28&xqBL{OrL}`Ab7xSF}%+%5*y2 zQUM3q7~uN`@;$`Gr_wMdYACN&VZw4V=2{j7E(Qxz0$WkcamxxGx3U=E4@_Pdrvrrn zZ?*sXF!BY9h<2gRg01|22UZnajYIes0;kHF+}F3RAcR;iW5u?l34@`oRp2c)(iD~h z8r(~HB0%cbDh_rAmy5W_18iYQqGo2+8u~|3!9)Pla1WbfeE$xyAKogP9{O=6FQZl) z?>=l)TxdHMXK+B>_+X8&feN~DEk)4|3{98E2M$?nd|*VV8ESY!H35kS;1GYeucvF*?t5Ujh#CT_iMV&v`bm8z?s1Xe zwN5i?Ml&uf;(l@9>BypiwG$%ivoYY-B46eh(=X!~vB?($o|&*)nl)LQCvtTHv0G^@ zqE-j1R;2~9V|HWi086eL=mKZW@R`8# z$v2*WlhT&1Syh)Jgo2VNV5^72r>#jyyqd5N@eI!Mm&+VIdk3kJ8?gg$7LA5>lLs;t zILKsu@23L0vwaT`dtPGBMe3G_yPhr zal0I3xz#e{|Ac9-Rhc)qI6#99gYXL3yQW}zzj=|(LN1#E=ea{I5N#3Bp{yJ!f%%6%SV!~ zvhBmNt(=qxs%$7_6v4(^Tl;V2$g)m>u`rGa5iCk@W1m%kxtIP+!}RXspZJrlF)P7k zj^T>8*dI0nHNVp;^=fU;M41XaFHxS2J&3mTtjW?pe9YP=$p|JGpo)4>6ezhT7P_5E z_I5;gNy8oPvxcZUVll-Qho!POwcLA4`0mw`v&1me*6bD+v$(iVO5Lyl3}CExy&GW> zvcx$>q9Y(N_ z=&ml;G8g4#UE^5R_2^|?F{+DS%=06nJ)0KN_9>J$d`)8x+85<%SO5)OCx|y}L*5Xl zibZ2IK_~LvCEw{Vjxda6Kp`kqLxG2?K)Hj|0SSmUC-bbTwiRAZxTAAc1pSPF3Ix$S zB$!8Bh|br3RPxiQOD+N2A#$G}3Zb8nB`Q%rwPPe8heMN*O!g($kR7FLq`a3%jLJk? z&yBTHuI`{4%f@6E3c`)$KoY*WYUqOXU9sNniN2}a#d*$!#&CKS=RZYl=Y%)cU=Rxz z+**SbX&|!wgd>enwqAY$4=>K*s~8FXr6stTLm7{Cebu>(dDtmAC=+X7PZjQF=6>V_ z6>AzZy8M&4Yp$_xK`?BQrHe(Dp&Tu}3uC3fJFH(%^WiHO=Fm8r<-%r>C zvM#lFzU$dOUGBEb<2{Tz-oC8jwpy3fao0EsRSl`tkFVv!Ao?}EIJ@QUtqaSP)w+_b z!wC(E?+Q`~vV_OlQfDM6N>n8%^b@u)n?KP7r|k2DVxxOo&BsxCGN1UU`1!Mp%+Fh< z1>iI4vbpgE=-qp?QRVKz5OAZe(C_L)V9~*=py?WE*EZh$@9!G|zY*~O6uW*TV#u)p z8Muvmp(HakTL$~=6~Vk$(#E^*8@7P{=Xa0H-Hu&DR%Z&A!J}x-I0mn<=1W^;0_JKTxSPd`hP3x}PN5_VCKbeDW{Q2(h$`~N`M6H6K+|x0Lh^O<6 zC^J8WxBFqfV&%GZ&b=#`^e!2q*kvKfqdx$8NlYYkgW~|;*PhgW9oiYhdR_%c2j3=S z%JC=(7)KR&S#yHIid{>~{5v1Qm>WMM=_Ba|#*I3VE<^JZ7L4v^SIpUPb4YdHcUy-k z^O3_zAFS<7aD7WgZQRaAM*`qU9#FRXed+UGmR-bru?%v~prp6)=LcrvGeq;M`O60; zk=L4=gcxir0mSY|z)T8RD)Sv1L#=ahiv+x9%yVU&b7f2b{zTCNq3`e@&ekz#h^-7# zVs;H7igYb0tQX8OR300wLaYQ!Io{LSNg*&EVt4QDB%yFszQdZZUY*m}ES0y&JaT z)nX^AsC1;Na>iU1W_&@SiemY&mG7M31*jgIPs|ncT9`3`T<%X)RQxC1m}dJ794pI2 zxKH+XHfM-*akl190-uNmFU$MeQXtLnE;k=s6s@RWr+&9fF=_&zr^4p6n?em1wX8lL zI0-Eh!A*58iLb`?)w9&MYN}Y&^s{EZfT>@oCMzXvvtG|zVM+NYJg0V&{gEtI z3o+%JLJ6^36-r3N!{<2kMr>uU7bHyAuSiua$&NcLuPlyYcE4$FhiQ# zOkW7=g|O}nQ3&fyA*=_+EUf73r9S-hf_%MNO()0`J`I0H%6O9)tVtKDSxU-fUa~?0 z;$>HFus|skBtCa!Z_M^{ge(NfW5y0?rA}Gz+yje1v)|(WPMV_q*llN6LI? zS9Q1!=g$AkRyx*s5v_(4pw5USpvq5E#?kl!vMe*JOhyl@B+pnMjOh8$TK~_4B=PE z=TVTDzATFJlra=%QjL*S#)@DHK6sW8Tf0}_E`U41L=DJin<%45t#(&yeyVSOs#d=R zds!K0g0|O^O^Xa%oo)r6`q~8Yu9Q?D0#*Z;vQG4^CveJ%FJTFZ**J%1MFH3u#7J$W zh>6YB1p0^C1Z~G5f=q&+n0v>8-#ix*vxtY==A#e^&;ZC|m6ag=c=Hj#69RqV6(JtP zae}ohw6@=(zIDGTGDv2;ih~&>2{$n*VdMw zk-6lKgcJ1zb?jg}Hf8=IX(Jm8Pa7G%yKg#Uq}9z9O0FH5gkmm1De_ZN=cn|1-B|Ob z3rfP`8*z&dks?zh=ZvKJA~`4Hs!9Y+ph(UcZNi^xh9rhxBm^ZvQX~W=KvX0IjqRBB zF*eDAv`D|1HT|aJ7uGuL+WfEUGC+@`rPdV%O-CY+4v$!K9LeIyp~$|u)+za*P`j2% z`FcQSD;V?cqcij6NpPyE8q1V;6GeoHJqs#*CwO{&_t0gIkMAkVZzle%o zheWm(qcCMcE5e--G_N1|76Y-e2SJ)KGucoX9Z0OCqedtLmMCyQLf+;mP(CDTI&Rx8 zVl#cfVwZd7t86eFi=2rED$4_Nbg$nIc3#I^jnR>_yWO+Mt;M8#hFw&+{(P)3RqSz| z5!ywT0e9>ocHcW@5xc)$vHL~pFDAu~78!7h47jIi^ zJ9Z&)ddDn8yF#?fRkT}hR@aoK<$1jsX}u;_=fw0jCA-3i{kCP$U)6~13atk=BMKR> zO$On!VHd(}VFeB?vyjQ1u?v~pJ7!@8UN2SQrx)6b46a26*VSfljZ{mV_@3pRBvqLG z+-I9S%iBI}Ga<<$*vfBle-{~honeZMy(>B3EQG!ON8ZTu$Z57HXC(O5(l$31oVJ;e zF$(ugkt;H4i2TwvN6k>AZ7$L_zuC0S)JYBFGd5epcztadxo;Jl;sHv>%xnxH3&M8I z4W>7<(>NEomi=vuT+2nSumZNgo16M0qP2R#6zvhJl$51#ZYdbnVMX<_gNY2l9Aq zNYp%qCz__+_)-fI0o)=; z7UE17I1TMFCyOHP6PLj{zUKndS~KysRA!^%OM;BM1k)lTu8&$qnO!-&ci4a$SV#;- zkk+-VgxATNLStbj=U@(-m>Iu~IUW^?OxWv}2|Ll^gpdVYT96la>@%aQtf^QFa}w?3!E+e~3M_tm`@sme7rEU6tld>3I3!YgY#(b zMkifQ%)@-b3eo@dprqR6*_oDMCFNQ(5xllkWQksWmT1xer}6d>kSP_!M6jTrBqx(J zbd(0TB7b$<42#cStpd!lSg~tztL{U+TgJb4;UAp)H4kPv~!& zDV{>90!j3W(gmWFR`2}6a~$tRVkOora3JE>P(vehak%H)%*l$gqC0CbyoB)Cx1Mz!R_lZsGg+=edTCCpeX zM);=rU{aKZU#Ka0B6o5?!L-vS%2cJ#iF-{oRQwsF(v)J(h7y#;1UN;A%;7tWj7Z6$ zO{tG=zFk^XtW{<)f|N}QUKET;O?8}QP#i#$hH=-$H47}Ri)&yPcPF^J6C`MG*8stF z@!;;k-3dX01PH<1C4nRN)&04vo2iMjg&`Z_6O*4Z6n~UVhP_$IsxY zWcf{b^;^s6ObV{TB^`uegkWDhh5}}cD9*N@i)xtPL5nqY3RZ>c?u})V=az;hec{fj z9*b*j4Lw4CFmzWawWlwq1F@1~h!zjMN1ZD|k`ggX6d=LSw$9lv^w)zsB&5pqz&UZH zeg|zq(}?&!i?Zy=JDR;2wlKp>6=#sefK^;~O+n3<>U39>=_KF}x6}1nA*I+8n>M(O zaP`<6VO1>Na`{fJRBYP+YFE1KR&ogue!IAd&TTAa50CkBrkV;=$tN4*!@24?68{h$ z{m0#HFOIfHfB1MegvUCv;X+SL)ACOoIc-neiaHM=Sz~P63g%>n@-nLCJtBbQuf0|X z3y~!@w8@Hpp48leZINC-28Nt^XiMS1+b&Zo5%-OO`JjQgqUF;df72~4HOleVP&Csjd6#7_DnwI zOHz2ZS)A)*qbcwLxTgsElxebtYHzuCR!mDnn79F7q{pD)QiR^6p6d~&aY0fWs>D_w zW!0|XYW5SXpQa~rf*Ur?hVS-Dl{aZkwe2RRz)?&TheZ)OZUwU}9}n{vSYJrTzcp~A zZ~3H)$!j4H35Akve7d-u9ZOUc#{Dxm&?e*|&UN0wPqMj5x)zvo>>HGh(K<{AXWw+KRW6S;)jn=TSpA6u4t)Ph%Lm^QIxct02OmWtVxkT=5*ND3)F^tU#X86K zhZ%SF%3cUoDu6#-Z1z4ZV^ratj(H!hfzn?R1+)rG4f?)=?%Mz+a?OI?Bm4;e5gc0< z^g(g|vT9I}XDue#cy|Lv-yFb(I@{?}y8Ms!(UrPi*4LG$rN-U8`skJHBH7KLURq50 zDlb{lwzLm=NHa@Qp6iH!TgGEa9_Ke`w-+$cFcJ6NOFXhJQ7C7sn*9$I??R>DJ`F4a z$&pePBLIJK;w?Xj&%3>|0DK>zJz=7$btR8;xxdT0sc-dS=NTI?O0c(3cj1hTWjajP zv>+>FT@6W_MQ=9z&#jmZ&F#$>XtW-P*`kBSC{#`3J|EX>Hier{!;2tvQT#6OT>ps+ zMvDDH!DBtdT#3+>q0M&HpF<7qmQEke6u>!+C;TffDH5N1@+TTqn<6uagR}hpM~;=L zu<=R(W5aw@0WqG$R6{t8trM#viGf}R)bP)~1{|Y*R&)70yMA`eM*c72lKG~PlgIrV zGX8;2`jKoae8cv!2!`L$Irg<;ZHcH5;MA7Ud@*1lftg9|(JGX^yP|`G`eN*PvU6cZ zs!@e6Er%iRq!)p*{e4l7coN=5}!NH3; zcH68HFBM$$0%+=imcWV62{fizL4ikj{?oFRwX%~6&WiD!e0MAb6AU*IKoyh50pp8P zBdJlUGqc;%VJI7Mn`p~izE2BHd|m^Sv{o}_Zn*Q>W=&{W3V(D+2MID|B4}O zJm{h{OJq#=F5!Qhm)yA^xMPKI@dfF`>6a0&F~POR&*dhfxpO+V;bdFmbNTUgnY{4v z*YYT!N#)7t`77)M8so8oDaL2+uMY1ALJOYP zCGVz5PwZ6VJ{!?^AqZAQ3Qf=Ca*beRA(>yQ(T}^fsVhQSCTeOLk|S&}<}=P}lsoh; zfE?~pq3dJp3(OZE`;C}M>78vXnn=`|e_9dIG+&2~C}O~WAn&N?M52nLA)5;2xlrPv z(Uj+{FCnJeAEcQOQ@;<^2-xH~84q~#rJ%XCtT@0?-BiabDA#Wix#K!0x-fRl2=Gp2 zh+NdZgJvk|66}M?T#=I~&dPJzpH{8+RIaCfeb!43MnFp!Jc?OPwFyyGz5;3F9d&^n zO67jG`U6zj`)@Qo(jX)1mD36XH0&$_kMt1zS?67z4X!Hyb^(8*wTI$YUrC!E>%1S% z)+tKox?D8$(cPS3j(0_8nh?n&1zMpjJ6Fl<=iCc+`^0q-mK7@8{M>7|4+@tfPEN#l ztY;tUQOPfJLZ|EPRIZm8kK&8ELf8RR$ckCped<+?zK1+I$eWflhOkgW(EMS=h(mGaV znC#RwToNfIHw^{3!fD*|>69xe;8xrW7(G(rY<%c>+i0KYK9Sm<71vcmeKB|fy?viMU@gj+GeQ~OD;eEwxlL6brmXf-I5PKVI@{m8tITc!YbiuGW3XtVlx zvgvT!^8w#UO%hdBMXL8>h@frIuw|q@VYxMRp2Q7uDxgaNEV%?7j8v3 zt@REuGBsm@F|smAG5jxc^iT`h3}x0O(#T|4%(A=?6uT z#EV4!=fXh!vgjLV0Okehj(?+4)6B6}w!Y^mK;T`0ziEbOm-!OHMJNvCW77920UIe~ zCKKW0+9upd4<=VhYm9=d=ECf+lnqB4!RYY6)djA~=q^p^az*AfheK*Y4K+x2DzN`_ zAYIG2U}H)uHDorB!{XyOR1eB&mDOxcwUWW^N)YD3e0o%kTEwkh5ymRZI_vg)a3x)^ zVmet6fdqFJhs6q}c0ITRa7`lBSf4pcE%k*xB&=4*d97A#T{4DwSM#~AUeGk0Ma_z#i$;~e?tpM;1OV+Km;Z7uxLX9k@&B$9U zSNGr(Da-te6-MP-H#2{g)OE z9irn;%*z&i)ZhH6hp62@hUcdEZLGu~DqpvwW37sv7#ew5@wnWpjwo44%1#Lg?5>lC zDY_Y^jCZ5W<^0mQ_Mx5=$gCSj1Qz;|265gY1GB*Jfh&WAvZM|^LQ?62dNY*>EGI-B zDZf*&IAzl#4E2z|97!o`*yn7S8wyd{qa@%{(r>98gP z|0#}{m>#yz%LcHBv#I(DVA9BSC)9;vK&mK2VOhLghDH)1I$rpwX@y#F4e5x^*ZD8h2@e? z7;{ui4T_-w{1=6!r%cCV)h$hDetwdsn@2dxsg9qCi=K^(pW8A1y1luvK36psH3S>e z8YX|_($Gu@J0r(9`G;FY!-M4kJ4?E)*3r0XjS}$eaan~-4dhnK(MbP;To;c1A=eeo zWSO*kc1ZC%uvh&Tjy{vD0?7ukT=?C%cF~q0q+IIvvG`Ji;qWX-V}_$$H0G*u$0z0E7Ld>Y z|L_4Vrz6}0+%fTV?e96CN>l^otRiTCX0Njehiy1R6evP~rl%1ND3qj=sa~TW8c|6h z^B%-8nW9%SfmzWQgDc`M=sgfU+YzQAA$#lA=Y-8x;#@Oc!H!tOlMYbwT1 zHM0|}6+3RmXs0JZ)vYtbdrRZDM3_A1VjR|xG*;T_BV~&zCBjpo7-5Fr@sCo|Hn9p5 z{12tJ8RF!yCgPh~oA0S#3-?J=P-3z+0$Bto~cL)rrg_6JixylD>^VuHJk z&MqdbvwYki71P{ni2~e&0zy!G=0ddFP~tXlNO%UwJsgglrl-To0qssdPzjSP6<$ir zV7Kx*_bKe(+5{se*807y*z_}h+7XqMe2dx;&=l;nZhF`Td$vE*X&6a&C8usX`GsYQ)ymoJ!N80UHlS{! z;@s~J7$!>sSv%<~y|9igZ65|4{gAYToU;g7z9eyqotVjkr^7 z0k!~PS?I6kaA(1@7OzXON-$^$`(S3-jB1MuS`c%3IPSXD`pc~fc(+fq6J@};GD(~4 zwAvVcql$s)1$+SxA)*jwwG_@0-nrsWT@&9y%`zp>$e-1M9$U3efyJpowz1y0(J_Gq zuORy5JQf9>NNxt3rhM!$`0573Fez>Su)&lww%5Nf&L{eeD9hQNqJ)kzR~cg$lAHxZ z2OGEBeNWj36;cmbp^_mLZkvCr#zcm=xdG8xx%i50@T#6e}NUFi?9Bs zYBM>ZiF2X4rd-RY5T)k!v0|dX{o!>MS}Tc{k+MlAZC(ObXXwBX@;y!Cl&pKkFRL1q zVthwgM(>fEp1Z~!Mc{!uP11P6?7lS9IqG*!=$5e8)m&oD6{7bsD=*@L71h+J|&5uQw!AkeUxRSnhJ!ho+wRxKssu zDQ!%CZ)H_46dOVIU)Be{t6reZxoICjGvANhWis{rej`Onab^A6!4<*iyc$Q#`df=H z9WH!?1z!?gyKMS=D!SApK4|8CI~}aoj{gFX`U0i8_fd>|RliiXra|{aeN@mu0ui0# zh1Umlxwce(AGLNMxs_|uuC}QwQf$*7`j-(&j~`;Ve~&H25{$K^*COIO$(kH|oUvA5 zJKDCSQzQV9rhgI9 zYV2jdINdw;3<~t5koLb)zrzXc$xB9hYEAm)5Ke4`^ur8d@^e3t&z(1<;~kZ|VQ7 zgm0+;=&tT{Yf};jJ9g}^l8zRbFOZIIg$){59>E4zYmK+7%ezzC++wX^(kJxpZ(@EZ z>ZNsCH>bxWzxAGl6|0s*)aUogm`>GGubCAd3F!k~9n$jouO9Vzn~#e<&o(Bh*Y$p{ zj()~qR2GHD3^5(uc^jKo#Yt#%U3DJw<*_XGClmSnakS`uyeq@D6#ZQ1GK#Gy{L;KMo{78pp{y)(QNBvgv_bu26|0+KG zHOZNdIQ0``L-x1g(R$U-iekx79rR#s7$P3UOto?YwW0#Tw31_QbA7J zLyxlvh>~eP;HF(_z%7p9E>*WwMUqJKc)Fqz02I3AZle{Ir=aleyeeF>)L>{Hydd78 zi=yujVs}(ouJmUbkSz4K6m?N030>3;FzgPchwxuJxC;1z1WMh02Br00nv3M>%l?2+ zAJ(TLP+p-;X%^dlY3aT|nh;(Fg6IM(3I>UH@aMiYBEqyY0Ygt2r%^1Vq_mYWJj1>l zXy{+_us(Vd35$e;CX57;%obZGW#}PI5L6?p_6H@y6Vh?vbFouu3{(C9_j@x%&T#X` zJJP6=7jnhU>1Kg7y-<)3W;oDo6EkrEH9 zLTqh;RAONJ5@M;a5Z!<*ZFVv8;o#){_+ zfudf)a{!nL)xIJ`JxK1`7)0gS+{*DQCQDzNsNb)vJHsjyVO=a0c5+T21 zi+R3{e<$5(9lkU=oLAZBIHdx-k zq?Bzzw8+Lj0~@BX(IFD>dBT7!UgJ3xZBPa(c(tRGCbokgSqf$8Tq0Fe=91AO0<8!o zN>piu@EJK=<;q%}Y=ual=C^GJ@sAd+jR8f&&n;^T;!$uxNFRFrpZH%4T29f9p})ub zte8HdBcj7vXY{@ks^o~NiZlM;t-<0Xnz~|5%|^!ISjth}oGtm4Jubv(z{0yOz&`y; zaM>ZwDl%PrijHUTEti*gq_dcb%SaSB%{APtm7WcWUcY24bUDv)Kg@(Az^#nhw-C(>E^V zsx}3xP8oMuhEWms$0*+R1Dzx&4TWOe!D7v3Vv7ZNQ%TRQs_mY&p_|)Ec?loBE_8@q z&tPf4HgqFUG@OT1V>MP$6t*K6Yd+=q&fU%xu{N?meIuQZUKn} zGJGwduL6RpbatD=sAP$|)7p*&GSl&IgLSXDN81^=Ie~xDdiIg=hGv9x>bk!W-GjD- zi0cT9gYN8-MzLua93GqPI7OSjEN3R5`TagjxEq#A)X>7Fa(4<+N2$dk(V9WjiVn5F zwS>;^RaOpXtubW8r!0+w-(MKbCDd2S%g%+ zJhk=&KE0?Z!XpqO{{QmZuR50hJ&J?>ng2(O`+tA(zm+im^93ASad5}0viJYd#Z*&7 SM)`LI;dO?++5m%pr~d+CiIl1U diff --git a/Solutions/Recorded Future Identity/Package/mainTemplate.json b/Solutions/Recorded Future Identity/Package/mainTemplate.json index 9230f39e25..16f564f1f8 100644 --- a/Solutions/Recorded Future Identity/Package/mainTemplate.json +++ b/Solutions/Recorded Future Identity/Package/mainTemplate.json @@ -162,7 +162,7 @@ "url": "https://support.recordedfuture.com", "email": "support@recordedfuture.com" }, - "version": "0.1.0" + "version": "1.1.0" }, "host": "api.recordedfuture.com", "basePath": "/gw/azure-identity", @@ -396,6 +396,7 @@ "apiKey-auth": "[variables('TemplateEmptyArray')]" } ], + "deprecated": true, "x-ms-api-annotation": { "family": "Credential_Lookup", "revision": 1 @@ -463,7 +464,7 @@ "title": "From", "description": "YYYY-MM-DD (until today)", "type": "string", - "example": "2017-07-21T19:32:28+02:00", + "example": "2017-07-21T23:02:28+05:30", "x-ms-visibility": "important" }, "properties": { @@ -744,7 +745,7 @@ "format": "date-time", "description": "YYYY-MM-DD (until today)", "type": "string", - "example": "2022-02-08T11:32:37.951+01:00" + "example": "2022-02-08T16:02:37.951+05:30" }, "name": { "type": "string", @@ -1392,7 +1393,7 @@ "format": "date-time", "description": "YYYY-MM-DD (until today)", "type": "string", - "example": "2022-02-08T11:32:37.951+01:00" + "example": "2022-02-08T16:02:37.951+05:30" }, "name": { "type": "string", @@ -1916,8 +1917,9 @@ "securityDefinitions": { "apiKey-auth": { "type": "apiKey", + "name": "X-RFToken", "in": "header", - "name": "X-RFToken" + "description": "API Credential" } }, "security": [ diff --git a/Solutions/Recorded Future Identity/ReleaseNotes.md b/Solutions/Recorded Future Identity/ReleaseNotes.md index 48a7e3470a..a11911dc2c 100644 --- a/Solutions/Recorded Future Identity/ReleaseNotes.md +++ b/Solutions/Recorded Future Identity/ReleaseNotes.md @@ -1,4 +1,4 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|---------------------------------------------| -| 3.0.0 | 15-04-2024 | Fixedhardcoded SubscriptionID.
Entra ID renaming of playbooks and readme.
Using solution format V3
Change prefix on all logic app installation names from RecordedFutureIdentity to RFI due to logic app name size limitation of 64 characters. | +| 3.0.0 | 15-04-2024 | Fixedhardcoded SubscriptionID.
Entra ID renaming of **Playbooks** and readme.
Using solution format V3
Change prefix on all logic app installation names from RecordedFutureIdentity to RFI due to logic app name size limitation of 64 characters. | | 2.0.0 | 14-09-2022 | Initial Solution Release | From 0087b02ded48efb4c1db77ec8b3dedc2384d55ab Mon Sep 17 00:00:00 2001 From: rahul0216 Date: Thu, 4 Jul 2024 20:03:35 +0530 Subject: [PATCH 28/33] Update Analytic rules - Updated rule MalwareAttachmentDelivered.yaml to handle recipient_s column as it is an array. - Updated entity mapping for rules MalwareAttachmentDelivered.yaml and MalwareLinkClicked.yaml --- .../MalwareAttachmentDelivered.yaml | 22 ++++++++++++++---- .../Analytic Rules/MalwareLinkClicked.yaml | 23 +++++++++++++++---- 2 files changed, 36 insertions(+), 9 deletions(-) diff --git a/Solutions/ProofPointTap/Analytic Rules/MalwareAttachmentDelivered.yaml b/Solutions/ProofPointTap/Analytic Rules/MalwareAttachmentDelivered.yaml index ce7533b783..33f7db3e7d 100644 --- a/Solutions/ProofPointTap/Analytic Rules/MalwareAttachmentDelivered.yaml +++ b/Solutions/ProofPointTap/Analytic Rules/MalwareAttachmentDelivered.yaml @@ -24,15 +24,29 @@ query: | | extend filename = tostring(messageParts_s.filename) | where threatType =~ "attachment" and classification =~ "malware" | summarize filenames = make_set(filename), StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), count() by TimeGenerated, Sender = sender_s, SenderIPAddress = senderIP_s, Recipient = recipient_s, threatType, classification, Subject = subject_s - | extend timestamp = StartTime, AccountCustomEntity = Recipient, IPCustomEntity = SenderIPAddress + | mv-expand todynamic(Recipient) + | extend RecipientName = tostring(split(Recipient, "@")[0]), RecipientUPNSuffix = tostring(split(Recipient, "@")[1]) + | extend SenderName = tostring(split(Sender, "@")[0]), SenderUPNSuffix = tostring(split(Sender, "@")[1]) entityMappings: - entityType: Account fieldMappings: - identifier: FullName - columnName: AccountCustomEntity + columnName: Recipient + - identifier: Name + columnName: RecipientName + - identifier: UPNSuffix + columnName: RecipientUPNSuffix + - entityType: Account + fieldMappings: + - identifier: FullName + columnName: Sender + - identifier: Name + columnName: SenderName + - identifier: UPNSuffix + columnName: SenderUPNSuffix - entityType: IP fieldMappings: - identifier: Address - columnName: IPCustomEntity -version: 1.0.3 + columnName: SenderIPAddress +version: 1.0.4 kind: Scheduled \ No newline at end of file diff --git a/Solutions/ProofPointTap/Analytic Rules/MalwareLinkClicked.yaml b/Solutions/ProofPointTap/Analytic Rules/MalwareLinkClicked.yaml index 546571e242..7edba047c2 100644 --- a/Solutions/ProofPointTap/Analytic Rules/MalwareLinkClicked.yaml +++ b/Solutions/ProofPointTap/Analytic Rules/MalwareLinkClicked.yaml @@ -20,19 +20,32 @@ query: | ProofPointTAPClicksPermitted_CL | where classification_s =~ "malware" | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), count() by TimeGenerated, Sender = sender_s, SenderIPAddress = senderIP_s, Recipient = recipient_s, TimeClicked = clickTime_t, URLClicked = url_s - | extend timestamp = StartTime, AccountCustomEntity = Recipient, IPCustomEntity = SenderIPAddress, URLCustomEntity = URLClicked + | extend RecipientName = tostring(split(Recipient, "@")[0]), RecipientUPNSuffix = tostring(split(Recipient, "@")[1]) + | extend SenderName = tostring(split(Sender, "@")[0]), SenderUPNSuffix = tostring(split(Sender, "@")[1]) entityMappings: - entityType: Account fieldMappings: - identifier: FullName - columnName: AccountCustomEntity + columnName: Recipient + - identifier: Name + columnName: RecipientName + - identifier: UPNSuffix + columnName: RecipientUPNSuffix + - entityType: Account + fieldMappings: + - identifier: FullName + columnName: Sender + - identifier: Name + columnName: SenderName + - identifier: UPNSuffix + columnName: SenderUPNSuffix - entityType: IP fieldMappings: - identifier: Address - columnName: IPCustomEntity + columnName: SenderIPAddress - entityType: URL fieldMappings: - identifier: Url - columnName: URLCustomEntity -version: 1.0.3 + columnName: URLClicked +version: 1.0.4 kind: Scheduled \ No newline at end of file From 6b18c463385316046f6061783fb16db450632bd1 Mon Sep 17 00:00:00 2001 From: CyberNinjaCat Date: Fri, 5 Jul 2024 15:32:16 +0100 Subject: [PATCH 29/33] Create New TABL Items.yaml --- .../Email Queries/General/New TABL Items.yaml | 1 + 1 file changed, 1 insertion(+) create mode 100644 Hunting Queries/Microsoft 365 Defender/Email Queries/General/New TABL Items.yaml diff --git a/Hunting Queries/Microsoft 365 Defender/Email Queries/General/New TABL Items.yaml b/Hunting Queries/Microsoft 365 Defender/Email Queries/General/New TABL Items.yaml new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/Hunting Queries/Microsoft 365 Defender/Email Queries/General/New TABL Items.yaml @@ -0,0 +1 @@ + From cf5ab0266fe636b46276487d631361466192c2bb Mon Sep 17 00:00:00 2001 From: CyberNinjaCat Date: Fri, 5 Jul 2024 16:02:07 +0100 Subject: [PATCH 30/33] Update New TABL Items.yaml --- .../Email Queries/General/New TABL Items.yaml | 30 ++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/Hunting Queries/Microsoft 365 Defender/Email Queries/General/New TABL Items.yaml b/Hunting Queries/Microsoft 365 Defender/Email Queries/General/New TABL Items.yaml index 8b13789179..7978073c6b 100644 --- a/Hunting Queries/Microsoft 365 Defender/Email Queries/General/New TABL Items.yaml +++ b/Hunting Queries/Microsoft 365 Defender/Email Queries/General/New TABL Items.yaml @@ -1 +1,29 @@ - +id: 92b76a34-502e-4a53-93ec-9fc37c3b358c +name: New TABL Items +description: | + Identifies new items being added to the Tenant/Allow Block List (TABL). The output includes details about both Allow and Block entries. +requiredDataConnectors: +- connectorId: MicrosoftThreatProtection + dataTypes: + - CloudAppEvents +tactics: +- DefenseEvasion +relevantTechniques: + - T1484 +query: | + CloudAppEvents + | where ActionType == "New-TenantAllowBlockListItems" + | extend Parameters = RawEventData.Parameters + | mv-apply Parameters on ( + extend Out=bag_pack(tostring(Parameters.Name), Parameters.Value) + | summarize Parameters=make_bag(Out) + ) + | extend Allow=Parameters.Allow, Block=Parameters.Block, Entry=Parameters.Entries, ExpirationDate=Parameters.ExpirationDate, ListType=Parameters.ListType,ListSubType=Parameters.ListSubType, ModifiedBy=Parameters.ModifiedBy, NoExpiration=Parameters.NoExpiration, SubmissionID=Parameters.SubmissionID, SubmissionUserId=Parameters.SubmissionUserId, Notes=Parameters.Notes + | extend Action=iff(Allow == "True", "Allow", iff(Block == "True", "Block", "Unknown")), AccountUpn=tostring(coalesce(SubmissionUserId, ModifiedBy)) + | project Timestamp, Action, ListType, ListSubType, Entry, ExpirationDate, NoExpiration, AccountUpn, Notes, SubmissionID, ReportId + | order by Timestamp desc +entityMappings: + - entityType: Account + fieldMappings: + - identifier: FullName + columnName: AccountUpn From 28e68c57dda5146f2036ff583b40843ed5a5fcb2 Mon Sep 17 00:00:00 2001 From: CyberNinjaCat Date: Fri, 5 Jul 2024 16:41:09 +0100 Subject: [PATCH 31/33] Update New TABL Items.yaml Fixed issue with indentation on line 15 --- .../Email Queries/General/New TABL Items.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Hunting Queries/Microsoft 365 Defender/Email Queries/General/New TABL Items.yaml b/Hunting Queries/Microsoft 365 Defender/Email Queries/General/New TABL Items.yaml index 7978073c6b..7a740ed685 100644 --- a/Hunting Queries/Microsoft 365 Defender/Email Queries/General/New TABL Items.yaml +++ b/Hunting Queries/Microsoft 365 Defender/Email Queries/General/New TABL Items.yaml @@ -12,7 +12,7 @@ relevantTechniques: - T1484 query: | CloudAppEvents - | where ActionType == "New-TenantAllowBlockListItems" + | where ActionType == "New-TenantAllowBlockListItems" | extend Parameters = RawEventData.Parameters | mv-apply Parameters on ( extend Out=bag_pack(tostring(Parameters.Name), Parameters.Value) From fe0239a753c975d8a5e199b46ad96ed6589c8c89 Mon Sep 17 00:00:00 2001 From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Sun, 7 Jul 2024 13:49:42 +0530 Subject: [PATCH 32/33] Leaderboard Monthly Update - Update stats.md file with June 2024 Data --- Tools/stats/stats.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tools/stats/stats.md b/Tools/stats/stats.md index c65c3846f3..2ab4650f46 100644 --- a/Tools/stats/stats.md +++ b/Tools/stats/stats.md @@ -1,4 +1,4 @@ # Top Threat Hunters | | | |----|----| -|
RankUserScoreBadges
1 pemontto 2370Check Point 100 BadgeBug Basher Badge
2 9b 1840Check Point 100 Badge
3 ivanovchinnikov 1140Check Point 50 Badge
4 RamboV 1000Check Point 50 Badge
5 samikroy 770Check Point 50 Badge
6 tj-senserva 750Check Point 25 BadgeBug Basher Badge
7 AdrianRecFut 660Check Point 25 Badge
8 ThijsLecomte 550Check Point 25 Badge
9 ep3p 490Check Point 25 BadgeBug Basher Badge
10 0xffhh 410Check Point 10 BadgeBug Basher Badge
|
RankUserScoreBadges
11 danymello 400Check Point 10 BadgeBug Basher Badge
12 javedahmadkhan 400Check Point 10 Badge
13 allenmichael 390Check Point 25 BadgeSoaring In The Cloud Badge
14 keyoke 380Check Point 25 Badge
15 vpaschalidis 380Check Point 10 Badge
16 h-kipple 360Check Point 10 BadgeBug Basher Badge
17 Azomasiel 330Check Point 10 Badge
18 sindhuacc 320Check Point 25 BadgeBug Basher Badge
19 liranylevy 310Check Point 10 Badge
20 nstylepro 280Check Point 10 BadgeBug Basher Badge
| \ No newline at end of file +|
RankUserScoreBadges
1 pemontto 2420Check Point 100 BadgeBug Basher Badge
2 9b 1840Check Point 100 Badge
3 ivanovchinnikov 1140Check Point 50 Badge
4 RamboV 1000Check Point 50 Badge
5 ajaj-shaikh 900Check Point 25 BadgeBug Basher Badge
6 samikroy 770Check Point 50 Badge
7 tj-senserva 750Check Point 25 BadgeBug Basher Badge
8 AdrianRecFut 660Check Point 25 Badge
9 ThijsLecomte 550Check Point 25 Badge
10 damozes1 520Check Point 25 BadgeBug Basher Badge
|
RankUserScoreBadges
11 ep3p 490Check Point 25 BadgeBug Basher Badge
12 0xffhh 410Check Point 10 BadgeBug Basher Badge
13 danymello 400Check Point 10 BadgeBug Basher Badge
14 javedahmadkhan 400Check Point 10 Badge
15 allenmichael 390Check Point 25 BadgeSoaring In The Cloud Badge
16 keyoke 380Check Point 25 Badge
17 vpaschalidis 380Check Point 10 Badge
18 h-kipple 360Check Point 25 BadgeBug Basher Badge
19 jayeshprajapaticrest 350Check Point 10 Badge
20 Azomasiel 330Check Point 10 BadgeBug Basher Badge
| \ No newline at end of file From 1ea8e4d87de0aee798d51886fbdc642115465b6c Mon Sep 17 00:00:00 2001 From: v-sabiraj Date: Mon, 8 Jul 2024 12:17:36 +0530 Subject: [PATCH 33/33] Updated release notes and package to remove unwanted parameters --- .../AtlassianJiraAudit/Package/3.0.3.zip | Bin 47163 -> 47137 bytes .../Package/mainTemplate.json | 10 ---------- Solutions/AtlassianJiraAudit/ReleaseNotes.md | 1 + 3 files changed, 1 insertion(+), 10 deletions(-) diff --git a/Solutions/AtlassianJiraAudit/Package/3.0.3.zip b/Solutions/AtlassianJiraAudit/Package/3.0.3.zip index 0eb188225b4fc46aa52024003df6a37a658719e3..363db42c7cf0ae414521c2aab8ff34e76a8d76c8 100644 GIT binary patch delta 35617 zcmXuK18`*T_dFcicCs66l8tTK_C}j*Z1cw4*tTukwr$(oH=qCe`&P}JJ5^It)2F+i z(`W8|rtKOm=Nhb<77^*d;8??uWHFkx6a)l6wT>Hc6dPE0y%pbW$+Qr)N0TMcwitQb zv~#RiVPDt{k#&}6G$K#?xS)q4CX)a&0zJ2GAX}VV!7uX_%2A-iAi@xELKOw6L|Bkd z7=>8(F2>Au!FXHZGrH@P9o`)hBOY7D*R3sLs$Z9HY|`}(J~*0bxh><)=uHVfdDamK zvQ;)Fxd1-HkeG}pVYdpC_gixc8&1N7J|VaGl<8V$M>7(&=mm7xe|Vbh`%$%&H6=*T zYt201QvN;qNh4trEN<>Z^|$W52x;-K+IeTK)ZMa;vzKgUfrrs%;EbREME7RUFK@_9 zk&vO^W-TaFjz|(KNKjL$F4+1qiQ@jql6#t+ehKjH{F7}Hr=0L_MKDNWczUxWK1ZZN zzGmy1bvM-Y#G$?#*2Hqk0jX2jw(Y8UUk;qEWo{?-v)y*&X;ZclJI|(^-&&^D(!G6m z(k%2!xS!0Wp09n~YxF+HAU4NkkBqOz%!TDfI5qkYm}qB}n)+fUJHm)HXZLrBEpY!b z8!teWi!NkrbBIL9TH#wi*pZx^?f z2$>n%Rt8BVf1Ftk-TY1j6E9mkDvzoVjdQU|=G?bfNOzQwe4(`iekT-d?T`urh8TT= z7L>KfS=`-kY@*Ow!j^wx;_FaC5OGKB8wr8_#H2HlMkK?sd5e0*mPsKJwsK`N_!?GA zBbsg2jD6g2C1{50RH`Y?XW5>M&OVDa#OqaS=&BcofF&-43QODe-OK+9hgfiK&~5vF zh5MSb%pgaz!qIOuhcf3^hbSg)c_?NrsjB^gsT{;t0W%MLyU2>%^0pj(SN;RMCd`3K z7i*Kws+9xm$=XQ=OF7omY>@MaW3_#=VGZ0g7c=^12OOdOFk=I=&Ixo#Q3X_7(|FR% z@Y(5s`ewr*iFFs%_3b*r1x^}T1-f|=qfS_U1qK8 zr0>z$7IClyYUu#F98Z&2+;I77nf7a_ub*^mha9#dFd0F;Q<#S5(a# zF8a4_;0!PA;1nM%pmBj~b>c==WcHC9$Jfm}Bel4$bp2XjIUUbf8#x{y%i1Bz@ z{F2PT>75FVYBNFEp8<{puv7?*n;-NLMf(xy0M{jl)|xk)mdz-7yZ>9$%Mb2;@kXD% zSAK7J%nxem3BIaX`4GVPa}<{;_(8iWP@*RunmFUllc1(i}(0Eol+PhXOeDR>4qls}$ z13@Dqwv%oJjrGMtbu~Er|9GfI`QpJZ@U9D{JdWp!1rR8T|5)hykA>uGQE-{(Tz}Y) zm!1HY@RQ#n$u8U3z0a-#*hS=>$fyLKIS<jq5rIQ-|yV9ymF;m&hg2|$;_h*k2&t}ohnZ4Xl~^FJ%%+!p-L zia7RaqyBmF7`387Rp7ZLN+bX#y)9(dHBpLpTTt4*^ zNXG_X`3J5^{qAFs5_;6?5Ih2<#{w2U^E4>VSYXlL*}s3O8vUiJPd&KA|5OEhFur63 z%RhXRgzr~bO8F~VB9GHQAAdxkQ?l*6g*tbIhcb7?)jyy0!|-(`O=M~Fc!(qQ9fF;Q znEj7dBcJX~+Z@_fa7c=G(ZlKgQy7ie>8`4!-_nr5GG5o4El>!PCZ6E%uh%21RZ~l> zRrK@7B{!+SSeq|JTmJ+Skgig5g2qk^MprWJ{31^{y@+M{6Izl?K!a}jF=MuE$M?UU z32yagCaw-88xgnTt7lGswM?HzB-8)3OrNionF2k%Sgl=I)26y3`C1G!&{@i~jr~u9I8PNMak>$}GG+6Y+@M^EBdu!JK*{`(&lctGq zKm%bQJXrnJL#huBxB@DKm#P1+hXf#=sT@XCQ#sRM;iSoZevyoi^LOHlkY(YoiUw%!*vL8dA_xb~$t`mMMij&Bw#(5p;9(Q42lxxtT zbsN{3-vACbiK8Ic{>Os;KsyDdWcJQNYb~gyS~@x?edW$yl&h8^o2}yTKMS~xtQ%rl zJ}5~#W0ANLNue^LXyJ23D|Nl3=XtvTpTS<@b61&uPH zew)UdVTn-B2-HtK<^?xd&q;M_L0ULhn2_oa!%sM)fmrD0PHb%cbH_FVHa{Phbwl|C z25yn+kP!}#`F@FA?oJM~-S|@k&Re#(^&CSs$r75JkpE zD?-TZZn9i^vZrcrP`)wC>z`LJU%e=CzUXx$1mAX^kDmn{9k6}ca3u5TKqOQ}kJCX( zcLR5H8DAaFt>F9Z*`U9j=rvk4rw8}Dh(G}Lm#;kb54hIz`gs3;Uok_k_iYx%DaPy0s*;fTI5Q-*;I5v#RwBfGBMQGNeY%^n+f z*l6P%{qN~!(3&2r?eG)Z0^0+Iv~!_C9}~Qp6!{?=em1WOwG>b_IdtZa)C(_hdm#gG zp(Pi;LjqsFdScXS>rI$hMZh-O-%*WVc4Y=C2;d$Ibj0x9(nQKvF7jK9mP5QV7UUWp z_OH7j$!OPsK5>ke`@a?rcB1bkB`qP2yR}KrQ6#4Pgg04px#S<{;EcbWzJWA(a|C%r zP$T=DxO+bj+tqqEf{3|QnT=o9?&&}9dE9MZ;OiK_z+=}4x-`eYO9w)?CIcyDE)Xu^ zkMRK$MgzaOtb7T2PCf-Wls5#nVB;NzLOG}Oc&-%E--36~&G&jX4sto*{$0{Q50oei zT3{3fz0@iY7zOmKI8(~$Rtnp3VH7D<&4?Xv!3)||^A(VX`G@_!!Y)o~DQ^+tOEZv)eUwG-ab^+qMGlmdO<13=nJ)O07-uSlVw1gZBMnoPcKFlAJWoJQh*sC+xDE-yS~%CKS*0-h9~~Hz|bKvq>NBD|^y5E{ZmUIiE0k-Etzp z^k}eq6**i@I8o#>05~mS4%YD`$Q=@4gvmyK+gp3WfH^^q1osFw>LpE>0RIOn2S3}( zm*1SMtF24V5l&r1G~Rc$pj~b&JM5q7H)-^!Zi-Y z$W9$P?>yVHN&D+GF3kEt8}np(_%1;xtgqF-^|kun3;S&Tmn!d2XUc~GTl0ZcPw=B9 zit8Og_T_I6`Z?)Wc-iS!T$Dq4DDij2g6XvzUupN>Ozn(v#Qg=!>_1p>P?64UPIlJB$@1)kY z{9o)kHy?U@0a;061WeccHF{X1EmvKTq6l1AzOTxwecu?A?}edIbZ<)pr8~`n{3`^= z{)vNStmKynJ<;6$QF6DM5-mz|qZAtD;Qcd)9vQo^B=S51gjGB{_p)racsfVef_f~1 zYxB*!#WbQfi+fDa;=dv){wty$3Rm%~2(7Oorc;qBfd5r7jaM#j7QQ$?RPh8~RWh^E zF=+80nK!9l(cJy#E1E6e-M+EyCTCf`wa-X8_9HzLGy5pl@axv;JICMs4z_JZ;xE6GSChGu{)kX}Rosi6$IQ9m1W6xVc zVt15gwMUn2wifxO1zEA^)Fm_4JRL?HIAjR=Qyv3Z>tDlfL^2WQQP7)##IMsMR=rx< zF2Fy^J3+|dVP~5+oEi$C;y2IFQ!NZ-j{pNBGYm0y4--s8iZ{A)v4B?42QP{ENAjel;|#;{liK?-co^8Ef9$gh?JKJaWd?F=S$zTBFA!4mQT9OBKXq)bkN^SAU5 z49reGs(oG{CtI zg7$;FJ@|5-_X)gvN@8DBWtY6Os#|Ue;QM91;WPy9%J9t|#o(59tOj}~2pc7I&y=k* zKQ=rE9|e`Z9jE`F)aOa`rdj}jcx{GJ~S8XEe)Nl+rE=!D#g+d=VDZ@P^G+?ctLj6h6TG`yuW2UC8 zm0H}FXHSDwH2!6atPub0LFW&>oD$)`1N(Ak`&7l4fam~O##-~ac zWUdNgKe&ukfE3r=Hs*OCPheBK^Iv_}kDcad8O)m3R)PF}R6`#cwf?Op)BTR>Wnbq3 z#lmxA?}jk6C2XfyHbnG$2gm9=zWyo7W3_}WkkOnmjv>0-zaIn$-v6Mzte&kAxL&>! zId4rDxVA|pUKAYfcG!y+4JBhsD^Rg+jzz z#riV@Z-AS#LAjzzbT6c@gSei>C5(2U=c~4k`b_*IY{*)o(U(TQnLCy;vsl@7K zMDaXs`W~x}WN!IsJ#Q%9qrYHyaMp+tjm1cdIVA&|dMVkGw924z5dC0Z^lW8#?5-H%=Y_#=;!mMOlK`bs%GTxuVCUeJ+cFi+~+JKgpdjHqoYszyOpNd6XqI;}^1~kf)@CsVf2(2&t3{)g$qE3eu1%v}BQNw-;UQ zU+9bYIGC5{1pQ6A85#4+%5@DGSpr+zB-bAsLVPj*<8HgOZQ zW}-x6cio6pXk*d_qAidJs;oG_I4g#JctB1883e9<-Nwv%{Ms5&lVS&ydcgPqL&Ks8 z>Vt$4+qzS8x;L>Os!xXJV$jt=#FHU}0VSgxVLwLud{%MRI;c5SSTlD>jB$=sjv3<+ zO>DD+LGC%lcd5h~+LGh5*zc=w%<)^KdZ2FWyA9)*(UgxAil-Mf&}0g?H1qBnAS*rq z28}X?_pe8kBl}bcrGMFcS>>OK=ttxw#BAj{f-IZ<1RU-z3*Q&V5kqK)va5H;;Que4SN*wlJO8d;N@r2kF8u_ zLKyDFr7^KHaZ&ZtV&@I33cd`UUa{5nU+ex2ywWuYSY)*>_xE&Lf?O^>mX`{^JGa); zfY505r|w%)xX<9v!0ZD1p7?(iO3xvE()I?RoMv!IZt`_qv*|*rRkI;4zdKG^&(1Vy@+UDM4%-%b^Lg4Ig}-u?W_o?9wQkXxh}FMUO!hkZPAhIToM{C z44fT^n;P1e>Z;Lb3|^@el024XC?F2_w0}mmp=N-i-0(dh__J@ENhVtX{wN=9Rf!|) zKFD>!fg7y3;ZIBcOxYka10EbRRfp|Mc;t-ZDThS5jhyc)hFmV&3@6GP7 z^Moz5#t?hO*1Io?gQ9O=e;K25$~ej_*nvzcCF+OUx;K>mwFWfM*JbM(DW0nxK7x(; z>FUEKUEe@}v}Io*+) zkEW6|&=>*1{`Z4uw{{$+q$D8}BBr9&lxdy{hteJJ_z3P> za*+9B>4BrC-Jx~8R{`O5O-R({l8{?jz8e25GamjcT0H{^xGZ{kv>D)8+*yhk{;j|mg z9D?M$`UMg#14i^}%eod-A7WyA@R(RfhW1tu;TUT4iu-pEZsw=+oji&hFREQEF%8As zIf7j@il#Dmu_6tuAMj{m^x`ZXI0o-ZB020%^uqJ)Fp8p}TDW*e2Arav7h}kO==qkb zKxuUjf$L6hgHQ{?6hx9L(M6NtjiiKCnNUb?MM>t4eLUpnIVn;4+;vUrUchjI<$&71 zdNat!^QSqww%>QvtHt`43)%PUjIYbT(n{uS`{z;xcOv0Do7;)AH16=qy97t836`6= z0qSie5AI56b%K#IC=`Wfxv%*co*KxBSvYOex_?uK4|2 z`Yn$0Fpk)IA^44(BzKuk^1PGGw^XLs z;3ds?9o9#TU(>}U^KTNj7)P5^;Vs_4J5%TV*AV=Kpz#)g-~l^|!-LS*VwT?}NZegm zEQxlfRmk&Bj+sS_-v`)KN=q&1b8O0CfQ#KN&6!sIipzkL&uxm%Lu@r>(FyA=fjir0mHz2xu zqBa)t=_-OCD}lOz`6IpK_djHLpc3U7y{m+Ws;Q%)A@H1t@q`MN zxpKZCQtz4MZ=StLI;F>;rh_+e|^XsEC5QTTt6(;Du8^xeceO!)wlZudRzQ_BgPdBSaBOz$>Y z(vGyyLKh~s@pr?&W&522ekCkla_{G++r;xpqszv|(&gpZ#-`VV`_nl`hHN+=$!tE56${N^hwBvP^A=tJcG|f3pc(dr zE0jRVh6QCwTHp0#1C0{$mkj+!z)~AZ-J~6OmWuZ+nKnTd&$qsun6sZI88v}13N;@l z)=Za}nxJtL0ouf@8s;$i*yZYHT$qb`&{+8^_grdA{&lSb7QF}Gi$1^mR!ULPSO-HFhYZAEUE0ZZX<2z7$wM-wTDo;vy5CO*gJfH*Y%*K` zf;)b7tql_D{KHJ}mi*uy%;w9`JkWoC0rhlF^@0nV;Sme(&?uf&)hIcodL3^Ie25KUS zj?LmCOf`y?-OFLXYg!QT&Fb4VxK!3DCATg4)gSimPPMELOyZhf84c~qJ<1-)v1xuc z03A=Y#iKVny3o{FoTT2PvoaY#q_Z(`!lSn{Ay1=oFoDDe=$znZH?tJ*iKg3WjhS1> zNI72z+N_LOYD=QK0~wtvVbt*w7Lz0IFzJkieTDv(w-aa7flMml$mYK6)|^p@LM{L6 zVhk0^>hE-;yZ}S!vJ+#EuDv3NQUX6!XB{+}Ws$QN~O>R0; z^Rwt1l@&lu52g;hr=2ZegFvjjK<60MNIE^-J#el zu-qgk4N%w6FKjC!dE&wFtDMN`AJR4wjb3E>|L~50Ht9yaHvKdf>H^QTrVNHu7g_=C z@o%7oq`ZK_Z-ms6uQ`Jvw?{8X%qHaXWq;%i`G<{O%nZLTp%s!~bcaK3I#4dM0~$51 zGD2L$%*4Zoi}9Kn3>AS}y+~0#iJB(;M-cAqihxHSUoD8rw*WDZOf~>CA7hz1l#Sd& z7Y700FpPiP!EmRW{H+_i42~@hFa&x7uT1SJ?hOa1oA@e)?4DlSS=5qQ}v=BGtKf&Gv9FcuabY#AQ z{U7LfDASEOq8ukrBc8rN8bUlXpGyS4CF|q#WX{-&<`8$yD?bc&x(q%xo1u1wMY>4V zdZV91Em zp`E*HiL_xARQ!;Sl;0%cT$>Dvla=5kesaqGx7|6LHars5pKhAUsr#r-;rPd!LH)!- zWThxHu0VqJSDpR}@$(+JV{Ikk2mvoNXAxgNT7vbW=sA>)(>(N&(^3$1;7&;%J>LXN znOQXUq1S@jhv>D7;xIQB#J!jNwJLM_{)1O8fPgf20)cGeQGy@Pc1;QkWj29&*DHm z%J=U~P1eO2tkK3e?7l;+;pb9bXUk`{?*(tkXZqBBp6r7{%iwg%ksFnAf|WZSe;!j2 z9C7w9JSw9}0;C00N z5d4GjU~^oQOU287yKKjCNyz})-FBSXiUz;!h`bz%`?B}Mg)Z$7)^rWn4831zoiy6Ub*0pibz-Dn#E?Xm_41cF+JmR!F8O1C|`j>3U{LvghS7 zoGq6|nw;sXkduCliK3t~vdh(gT|Kdq)?aL}jJ&0Q4XJZ}S@r7okxd@zy6@>@Rnjp(+zJ;HN_ zh{oQf(qVP@9QcUQKO%U>iOK?GjsG?D9G(vb68|t$)Bo)*edzYgK8q5lOc_1&*exTN zo88xElR7bwjBh3r8Dx#=QDawI?#{HX4>=|qcd zh^!YHGZFNOE<*MZQcbiYdpDP;m;4y@;ga`8QorR^D*d|`R*;C`o!V}=6UYrhwcK5k z>SkPbD)_uEVLN<|M1O z!~l`bC59-wgsJrDG?NN6SxCDxI3NIyFX z?x75HB&G1vgR&WJOyjdVGCJ=62c>mneoMyNCdUK6;~kp6PkP#$zR}~--YZ(DzJzKP zSU+Xo9xKp^g6m2TDJt8MoT@&&!)EBXUxi^Gk10o5TtyR5DvqOx+l{VS=>MH?LO$7X zGi3C`kfaJwa3tjTAtO=Tcod*`s%QHQc6t*mN^;o@a`Te{F7UZ%f!RkO?A?usJ3g1n zQ6(S=9F6Ko@eUQXbDg9v!A}*7sShitjn_>`r?oq}Jq*JVl>BVkK;z}2#P$Mn=38^T z7k`Soy@>>jxO!~g_}u|jP`(sg4U=ovJTH)1XS)fYkJ*=zQ?b`(c7vB@a<^k>SFTr3 zQ46N?e$R9j$;&TV$s6-V800P(p#?$fy?{j;2V0MI#fK$p?5jGf(w|EBOdR!f{=}vt zn)*j6zI9&3IcTTw3cey#*99@-ii`%Y3?zGod704e7C&+Yu;C;1M;$P28&!>9Nj|&Y za*qLW0bm%%kI$?ekpoelT+#$#_cdl?E+Fz|u&GqsM*RGNdz473iW?j(9mm8<62guC zS&^D%FR&I&=^{;^0~IPsRltjF4eN2j9nio2kKVaqCLCG(AAv}o5sIvrx9e2grpd@Z z1F>sgE^MZXgx_+YjSf*Xtwhb%He|Yo6rI3Sfi`^Je(@Q$s zLRQ99bpM)j=?g#Xr%g(IYV>>JKkcfg^%Shjud-K2VGQA1v73sB#7JvFshv59nPZ{do%_L0BXxa)?7q( zj5Mex#SIyjj+kbcJ&R_y#vQ%k$JYsPhw{)ss@cE~n-zwi!YLtEi$o`!uO zQSJH=-zOqR-enKjYp?1>p}lRT={?PhE${Z)<{H=Hz;|Q5?gDTjl?O|_$E5D&wagoI{TA4fVZ+C zaAuwD#6CUGK7Cq?i_n!lb(ai~xu7`RG zp797p{9O1wKMH$(QBi+N?Xob%=&7I9sLZU@1*p<3@J0f`!OCckg9~9sR#8gG-lXNM z3j@#|WeqEeoUs4Q&57Pfe~F^G_6}Jfi>IE}PdScB%YfW+mi>LcJfK-%<|wqz)mj(> z=If_C`@Y?b1&8s8tW=qFRzh<^H-M27ZRg^(bT78WD38LMHDBnp?kwYb6>38ohU96_ z*7KL+?I{3sl*tJ#7sf}W)6TT~O&Tggj8_+^UBc>XYgF{}#oU7xiXL<28WpPcNl@TQ z#y`A`A2c7jK5w)&oTa(vnL8#wly1bYWfZKigjhfr!L)C6pHfybyQLO?tlfpL5CiL- zLGwM|;d`G-as{tlzVo&(Hwn$&D|fJ$-vH*p>U+S1(D4TZP_c{7}EJ^;tL);{KUO_11sbGj%nK^E7k-Z!y6%LK^#`;m99!0 zO)9XbTjQxvuyW23Ueo6NPcqSu#&w~?jcI0PwyT`yArwQs!Xxqw4pVvY{HtL@G8_SyJZ@83iIkiaN&q$aypqZ@a6;zr6|kmm-+cZJ@r3;8J}MGH+bYxz56I1EfP zKASIuDq>exU~u(Y`{3_g_R)j0>z!7Bpf(oI6sj6T_3=g97NM^I4m(CP3&}JQMk^Jp zmPxhhTDdwelAA0MkD2ff0()clIom-S8Oja@T~c`k@;(qNv2r4vNuSky4HkXP7$0ur ztx8|N6Ws4#hhq>Y8#uE$FV6;Fs!ZVdFj>kQqZJFNEF^wyZZc-=#$kW(E~*5cN|DL$ z>%s2xo13!+0`9pOPB`fiJg%{JX#q_fI7;3bPR@zxpD`#l)@e zjSlZk81GXTVg}LNRnOY8!xB&TL#b;x=D;@2{OkJ2%rHEAe>+xA3C^C)aVyQ=+6^D`fT7z;I_88p9FJ0040Wy5!=%mA*Z=$JrTw^dewZGId zY*Ub?0$4L!<{|YV$U$uZYwdmn`p`OMi!imjz7v`XRZuENq6iiT4Qdug|Lt``-HZvt zFy)RH=Ic1etbY&61mzX~3TB9-wSN6|Pf}D`^U$Iso-NFsJ-rswB`_*Gt^#N;Mc#_^ z3TVM@d`ndse-y}GXPvgfHN6Nj)Z}q3dF|?~1%$G;$}0O9fScggovCAj0c;{@G9~N> z7Ze}KLCH|(#=|hW`C|Z*Zl>{uibZ%3ekMcrLQV71v|aW-P8Bj^6oJl08v!u zGL7y_zRDh_XzP`M| zwX*6i`tRvVs)4ljX=V7}jA}ZL$U}}TD`m+Cxp~{!ytlJ6wan`v-#TxFsWdVkCb2&2NxZM zVHlOE9C@uz(ZKeqbiOmJSypm3ElUg#B?7#zeVlf2Wkr*WHSudjlgM>9b3OVBpCZOD z3{r2^B3H@7TPmE7U{kW~Pl}~dIEuiHv{rbd(-8mSU78w_)9$n$@=p0Eq6l4HuZe1O zW9$_5JKcxcFlHv;%w8t@J9X5_TvS4NGOu`~MrA8kO;UwU16Ae*hqAR&@SNP-F0J)w zWo2N$jgC7_dehh>k0M|UnM1p5`q_MNe>r|^#i zoBI&w>f=hyuhhoMY7J5~I%#(KyxqJ>zQg06z6N4qMUUovmU2sMGICxVp_vEodXE8E z6SORnxBYcy64(9Atx+Qx&znx683K*G=V;t*{c<9I%TV;?OhpIX8ki4LZ5M>p?a9C1 zZy(k{Xp#obEt%%%YVHh*#@YEtq^u)uijIBwUm1og#6Ks1$4&@sY19vPhbET1bho2F<_l#Z zK2n;g16x)OlxeZ}|BU0-lUHadIO~*_n_GCCwJykd0a~(9g;y_^1dlG0SjkrHqM*}q z$5x%umjflXJyCtKZK6|`CP{f~*83M`f@P6UJ z(h4E~79vOID}%Uig&Ud}SreuLfpxQkY^GFoj+j~l490-wa}ee1N8@e zd?&X2vRdAx&UIr56seEq73=AnK74SX5h5(-gLOGl0pHD5s2r<$Al#ZH}f9EPp zMtS&!y}2#8Km!!m{9?j-4Y<|Ue|#ELefMQepe9xN!9tzp%ic;TeTZkp|FIxJ>3jOkrMKSJTDQ={qAo;4n5}jOlySum1D#=asebPl~?)r)i^R(G!XR2l=WaM>c!XhmgZX_C5G>RVO zHR{_~^31pvW9A)YEkwVlR@hkjmHNBdPao9m@*8oK*np3=zeC0<<@RFwgR02X6qsy#2O%>bn9leF|l> z#*WyG*8qGKKC-`HMZ~zu80=d;AnG7P5f|YL9%Bn~%P={6{Fl&s%&uP4#5Z37+%-#N zDE`i5ayegH0IMcAdwjq|&2Y6jP7nUHV@Ev0`&2gMpoB*FffM|-PcU;kJ`m5;!8pLa z#18>(?}tB2J->b0pql8Yf5O0M7nVHJvONVYITYPuZ^!pvKea$No6OG1fl!0>IS1js z%3MwGnKr|*ZYYR{N7+FVmR{SPl(pGhkOd^lKzbuc@;F8H-emB@uEWpF6w`z*ig6Gs?GO?l zMuvx$akv$%F#aqUWMfA30RiT+YeT_?xIv1DgA_&+jzhl?)PyxO%ik@pmZgpNpaOQz zue-;Gw4T-TZA70s;JXlhkw$9>w}K!HG@iEHp zA)omQ<^?)I1GR(OZg3#iNw;#j+|ZHmCeVM(>+PQeC_R{*)DM4x04VmW;5!LiO)ziZ z$3m!j;r>L9>M@D_7r6_=*y-x0k=)q@zSHHtYTgA!jem)lN%osTzg^&eu>l{hcQ}x9 zwNZ61goYmUvuW8RgTZvkzGDi#Sh2AO#%hE^8EkaXbquuL?omMF_y7NODE5coJF47G z3A%DK^t6vkivVg_r*arV4oJTc zaBY~h$tW6CsJQ*ki@u?m|Dexp#`;{q%R2#aq4we~R0lw5eW+$mSjTA%`+^Ita-{xP z#lh+tRR04%OIMEdqEy=`xzWQngAdX!}-NJ&-QfqMy)kyM67lEiu>KoFg;Z?WDg9vGXp;*u3 zOjyO>0A;zqoq1t5O3k3e+yC0}F zgU;X)i;(}TlT@WA|K$=-lZyd*@F%k!t{7|djSsqXrh8w34wreiTxdiXPFn#9bn!b8 z{6526Dl0?sSqi2a7*b_uo1JCm;K{3G!!&9R;Ff=-h+8VMeYf+iD&*<2HNvw3!VEV= zC^@Fi7V(cY=m6UAEaCkoOEEEjEz&L&LCdt~o(-`u6O@3-jqStGaWEk3Tv< zO!Eek&Ha5J+qX=teV9feE2KKucW7Yng6bB%&FiZw)bl>X@aGm5+LQb>e%`V%BTa-u z0Op#M?KvBx3JB`)<n!Y^`dabmaq8=6Ap%xc5_-In-V9Wd|1LT^2ewAeY9?yhKkzbE4q}u# z7Y54uUY3uMC0uzgtM%KfCIiH(zkQ#<;BMc3;5L`CFB*FZ zwZDFpH)f%z+m)L%uV$fO>vhy7Hzqt4Co$$C64P67w?~{`-D$9U?UhX@=qQRK>ZQk0 z_pn#{0*``26kXKs`&BaIzv(+4dx(4_`$VJhx=KDuDz<3;m2h$2A{%%w0OayH-(Gak z3*-$#uXL$;lXsJtyLSHyt+2hVRvA{iCw+z>3y8|~ zk+S-;J6xIYW0|Ph4UMDDcPtZ0eiX&NK$Dr{=H|Q@6sm~+mBP4cNJE7as+;`d0#RB;hoBJ%e3UGxZA>#y}OurkzJO+>1eM>&~>pV!I9a z(b@$uxcd05;BmoOSSfe=>E=vM-CzR5zYH;T5mv=x809;0H0D`{&WImnl8!sjn}2$j zd}V7dEvHvQOFK4v@2GAJgJt7(r;0E?L?zv~W&Mu*0^BhT&HIy3l|wS{BSMev4C8T)wUR}wg;JEL(i{=snbYci@ZCAnsJOP& z)H&4x4G&?TS6i5Khi`YMJ_K7q!lEvB@>R8I{)kEgy4x+GPkgg71gbD3v{h@ZQ|4`$V+rf8($?Gtj3wltU(K8(H#cst8$xFQkqtd_q59iT2pNMs2r^X~VFtdiyctW4 zAKESYq9R?Qzx<1p=64s#X?~{3SUG>!k@L-#eA_yeGjjQTmSX=S_DTSQ7qvX9XcGnM zR8tUrAfnR#DAvj`9FrA9{i^IK;vS}d(yon_6-%{>y!K<}JRbzPYDFrv#zeUc!VdEg zNMLDhpw z(}Ooc^_}wB?oj%OVVyS_Iha_ydHkVD%cFrqi9q;_6WQ4c%hVc|h&cNx8){OJvOiDE z@h8%sJM@&#d;eE+9mxj`oxRF@sRp(MAa6XDmbe*;-D-rW`h)ezmSIoTN``oJE^ExU z#q_TjDOoaZj6@Pq5XT(OZfr?e^WeOX_r3Rxb(NrWq*{c-B~<;M2sX|2b4EuH@FHPOtn2cpeJt>t(Huy&&lsj^o!3)&_mw8ZnuB? zQ=qPIit4_9_*MUR2c-ApOKR)T{z*P%&@!`fP_;A-_}qUEcv^G}O$w$iRj#W`^UyC@ z14x*+ETfq|rP0Ny=B*)WN?CD)jY?V01GL_G^+*`V+ojp^@)5z*S}4%PgR~OIht4rq z=7i{Nh(rAy{~u-l6rI`kh2es+ZQHg}v29jt+sPN(wv&o&RmHY#+fF*a|LN{=#^^q$ zNAHWhZ`Qt9V`)C~edlVlQYcP6AXIBU1O)`CsRz{+Q@~#=SQ<#E>Cl25k~Jmd41A(V zG*X}PGs^NTAS#@{nkD2=pjDJ-h3Qx6JHc_3$Mp7$FsCaY7gTb=)3t-l<{CYR0pDW+ zm`ofTSX%G%#YKCZ4vdq1b~bu}r=RW+JTUB0*{v6h;Ef$2LrQ-)v=)3k7lDBK5&%dZ z$E|c2MY|yWpwiQMMhtIFQVT(}Qxqr%#7r64wRG0`;J&+1tcZS{-|Xvs{!*ScS5wZw zNEBB+M`mN_tsqWfBY~}jYy~;7_zPdqo1lD?@E_9PbZ*vR0@GG4pvjs>0qbARv57o3 zDkDmlO{PH;5%O$?=6RfvQHM&q1kg_|AU>2E%gvSY3@g(U{0-En#8bMRsGj7S8hAVT zl*dTQq-|ZLd1J*M$}}pYh0IV|Koi!qEV#LugCEvID#+btF_NQ|-LN0%kC%$6B0627 zbmJ8FEfLF;%te)*70r0|nAcvJr zo17fSk2AKH^7PF<}lBl(RxNF;f(50Wpl+E#_clB7)l{_>Rv( ziB?yyYXElViZ=TIL)DTvW8RxnmrvINh0b_sv2ZOe#AU?|7-1m3(Oo?4jJ!el-D!gU zf(8izYG+9)*nNq)-J+kq2&l(LC#oXw_u`%Ix#ZJPT6J^pxxA_>vzhLBf4b--9}A_A zybf-E2k*OMBo?q>UoD5CSK9-}q$QI-Q|JOn?6R;0Q->z4Z#Xddc-v)m{KPcNelTh$ zS$->XO9WlSqgryQw!o`{7||EeLC9vwP7N^}SoCW0^DjXOrf7X509EnI@L(la8PJ9( zd8}q^F(Ov_pXRjDSAyD=P@%Ky_w@BuSf<>TsV6i)Tl2&qmP1uEi!z5Ho29+?b6#$PZr*1~2* zo@K3IrWx<`rcj4~Z^KIJedYo5A5CWw=Y~;Ztwx=YV9P%^JbkXL(ia+^{?J+?AG96_ zd_$jGo41`xC_rqbL!^mKBhs!7<^IJ`ebj3oOQ&F+usfNJ|88 zz*h8iKmGI7%&ghiGJ?Wg;hX+j&i28aDj!`N#H2d_j0J5DEgwj`)W=Q5JECY}>wV>1 z*bC2448E>`@~ zNAX$D;|I*b7YNM46AH}oO9R+QhoOvxsn_5`)CLv0^ApP%z^)W3l52^?L&` zvqw;o>;fAx{t|2exAN8#5h<15cX-A`T1R}s!gB&(Uk9w!fz_lM+PdnGL9gtN9D$lm zBR~3P=TKw8SK{E5E+mbyAAkvp=&or?d6^I2sR=W0Nu+aQw5y!ahZ^Np?*1*oxM6j#83|4UiT3aB z6H_-~s_J3YoCZj!>GMZgMFf#k5Ql4UC_?q@~o+7 zis(;1ndo&8D`qOm-$0JLPn!$467{$60VOb=`7dM|s9JG2iql!*{p0$dL^t$SGHbnr zRO2RvB>7un7v8&6Oax*??+IWm7>f!&xk^17+ig%OL-Gz#X1U0$$I+=?kb;mtSQARP zRDn%~c&a|Mm4+vrZr1Dd1$f74{&AB?As8!TQ%!mn7KB>x3^rrrZxF3G%y=~>$OZ9d zh$QF{(Xf^zn33X~If;wt1@l@SQt06u&sveF)iyMpzYl?@5zn@2&s<+KM!GrxInmBh z#D$9AL~Awx6u%7Jl8iFrZ&=Qi;>FNzTu#q0km~#OYM#km#|AyA;+aZ;^F8+* zkfuwo=DSk(GPNQHnoPt+4444_cT=5Rm%q$d8DHssN@4%!>jod19T3ccc=G(wCAsz$c;&pY@pmFEFD(GSkG$m{ugB19%y;-6-2P0eIminyiDebr8wQz2wykcFDig zE#*`FQjyhDqP_HX`}ekJ!j=YtSv3UoCwBU092^)t(%=yJENiyX8y5e zG)NUV%Es3d(a%F#ye8Lt7* z+QjO2eEQ6uH;{JfNoFN@e@>C70|(pPg0wizD>+_$29GYBKeE~RP8u>*h8oAj6{4Be zj7<1iQ%RBmw{X_P=ru&@9+f$; zL?mas$}D9Gjf< znpE?XhlPU$_M7Pwa#3oKP>iz|e6C5fv;hQ}t?(PphybY#4_!qTS!037T~KXJ>MA_H zV{L0dxpVbo6Wwy;&mqE7NH0kCA2W2>?EJLdP-Y8A(}~ucFIo(0G=gc^LP!qu3cs}7 zB1ZhCH@RCQ9#oNqkehu1ofJozmy-7dDpnIPW1gPO_ttOt+VF9QRQD=a# zOrwz!vU>+*ae}_Ow1P}z^vvE%lI4#6i`g;&hwy@d@u^fP+iR1O*ReU3DCLyXz(x+0 zUJ26z`V6ExJKE$Nq}oe+ws-|yr^B}A*oYdX6ieRDxxe@3GNZf6{xGI9h)K5{eVx2| zrN?B@C;U@_sOktw(H;w2$>wY=;KBtsco8zb;1fh^jVV6CB$U@LpZs*fB^8)n>c_%_ z4Y?r9_A_k>C(>kz{#z0LTM!O=%tw5u|2tuBjqJ!U9t8!XM&WxEb!$@$>Be~_t(xrZ z@!tiy027vM3p|N%dSu0OL?GjNlhrVL|J|O0HAVwY-nRH{h;8^U z_Rmd5<>6>3b?EuOK)gvC7(4K8K!wf;F!|7h+T@`O=PMpI6`sXxU5+K1 z!Ifgb%pO(@NPLJANcGo2m*e~{xgMq)#wn$KK6a2A+)2VJ8GeK>7g!z2SueI3nm#!4 zn!yDes{<;pE#n9o2h@*2e0GHDy7}!O? zjKTL3q7pW$-f}^>vDmEJelIMz8m@C~g$5;&MW+KtXRszabaLraml4&Et~tiSPw`8O z9*&>BcGKYDX|#04o~PI1NJPfBaJ_<60Pl@-;CX-*{Zh`CMEnFkYrBXqDl`H`>=c;iJNLAIlahCa|}+)LvYcu>VlI3-+#X z{1y`-o2VltXo$Ccsh#W>EBX6&^VhaBhZNw`di&ED!y6hKN#G$6@I^iA`Seb#BvV9d z=P(enN$K=kd;uxEggr*c{;V`j(d|AyOG%m5AjZK$2Vi7K=_3qzjr>)tkJm|QEjjluLo_1NX=uFC6> zI|6B1R28k%6Mu{X%=t*jd7Sja#&DmUJ^9_uH4fko>0K(OGXPUP$2l2@Pr)9yNgg;~ zCgvm-OjkHVvmcSYme*^X|6w6~e56ITJ}I^Sl;dCFV$1Q98iy?Ln_=aKH^4_6sZ^`b`rk;y%>GmCIp% zs8um){W=tTE6R+Ty{f~A{eF%sbY3niPeDG`iV|*aAG36O)5C|k86ZDzxsH7~H764e z6$*u0Feve>-g@nW-13)ab31qJ=INoq9^yV#1jAe}Qzlz*X1_m^A$PmU*~q7y7gRKE}Mf-_dTEPU-&+|o`;QBB&m#QNyT=|pDgmb(ce#SyV{N4T^E zc_)A19zgc%b9F`Yy`Kb67ofU9G|PL-YdQZd|@Alu`ME3AY!N{iQR7B^B9_?;x{GA4r; zo2%4f5=isMVjlxneHV{;p*f$;E+9_zJU3$Oy)Za+I7MN4%BygEOnCX#p-l9ksKhqN zQ`k11Sd=R^Fyq$+U~+lc#lB}zsKj95Y7@IzTHN5FX zhvK)HK28B&2Y^aO^xKL^mL;nX71hHs`;&@--Kqt>-6Z=J7wl@2G!);s1HP6>gd2GO zjzfB-BP1^ITWdq?fdx}#76loX!^gn6b$13>#A$8>c{ZmJuv=FJWq;s9vYzXdC!OZu zO_}Dm7Y==}@glTC_Ajl9AeI)Z_iMC0yeQ(n_Qy5+qtoOn+!ZPz-@7~c#e1vrn4xO# zy>l^~o8=|nmx^mn<7O$E{E+x$a5L*H5yVfD&P!esO>cqVD2tkxTT4lV_~@SySQ z1U>$j1u zKXtzOqAP^T(oH^2>qM~b8z928&4*a%jFLcJyqwh+K$)dR*iC&T(I8dj%61EpH0x#A zm!<>+$XuB~8FlfEN_21Ki?t=; zPDVF2LBdzoqb7lNbuHxKk5avLy0jI=mbn(g0t2RZd`IZI@N}4|k3_f=v zJ?baJ;oj2n*Sw`+w9r4o#3<;SOz8#CS{R4nti1mqowVm^$-w=X{u3>@n9GXRVj_8j zyXUJ#ss$r8n=6Ja7PO_En)0iRRETSr3$svF`0LswPpDp1!Td@hDu}rx*G+&)Z zUGyYJB8C_)XqH(hATt@x)S+xtrt=;)o4yYYVZ3g)6k3#ukAp_+!Q7*pN2|xHQ^QbG z=I050SJ3$aQ&zqD>H_pIxAfm#8MV!v1#^Q-KWmQS>;Jfi}r{!C7=7?FbR*c zyY0}K9m#Tj6x|oY%Vy?zCYk1whEsBIgN*_+Rt8KFbbr%ARZ!**S`C0ss0yKnX^6w{ z>D<7pVj5HauVbaC;d#CDU{adg#clEbG0|W5iJ7oq*rft-qE})jE)8LY@tpTDn)5J6 zoICKf3n1*2ZCpdGTbSgbvvTgZ|Kptz({sR9d&|ZSoTcMOM~AV)^_&#H+^t?FG4@OS zI~e=fkmapdK|uk1H<#^}X9$d^TX^LN^SU;)m5!OQvWq6GKd1hvmuMRlOK?MRYRYxa zJM8};qQ*V8DM@BGL;uJRMs$C`Zmwe^>g0UH{(o`A?uO|TgyLo|_q_i=;vW6_E1^L?q zU~~02aLC=Ny@bN+3%yYJ!1MII?5#fZY9N2%X%xV?SB{zy_pQngVLJn0;i39lI1h#& zM@CJWu~A~MR2`#xA&F>Dv9tn^1nJkntU$$qR(W)Uut=$uc@02Lw`ClpCVeCN6=#p{Pn#^luk?T?1bF2pt z2-+@M6F0sN3C-X`StBxq0ySf-R0UdouVGbb>71lFMlFZ~LP4|($OV^hC5c3c<$z)G zO~=eRo71?)E=c*3{Oo7|ET8#?@|Psa{~=gS{J%ih1ie7m`29fGd6hu*^l4ftD?!#@ zTPKkB6(J*QRTa0yNQ!2DX3aI90|L)MrOU~Y!TkHc4LSZE#_YeYf%_V+d%%}fA#+O7ZwmDA-xR|7F&)5g$p zHJhTEL5Zp^z(x>k>Tv(Zwl8*q|AT>8KcOP6WPXUv4}OtPXA~FI{AyYE;zchgVcBeB z)WplGZZDBcH{xoagoo^J)%Z9g{r@C^9;9<+k*+#|L(X9duO|n=EZXAf0Ah3#yMNI) zwpfI^YgVIz#pGuB`!GhPt$`KMOn-6>*BJ9W+wL@(28U=IX>@1oY7YqA>xY`@zAc)? ztPLNbN|+lq%jl&z<}WkJQddJKWf>~vvYH=(R&6&fB%q;ck%>Al*MC;twE=oH;mT@V z8R**(IUeK2V4&Ugy3M6kK;^g~$32iMwD79Utu|CBZFtHy!vhO1aq^O75YMZXf33-f zB^y!w|1T8y{}%~#=Kp__K*0Yc3iMd%jHr@;FFTei+C8lGLwdnzCcoT4Og3dvLRP#c zdFpmR!-^w`|C9v5jyj{9b!Tj8xeh3Srx=`kGdVU0m=WFuZ$O0@&$GjnL^Fi3 z(ejSj%6PUt3vDweHDwtj0&lJduvB4SV}~sV%4XJw0|KgsVMl1vL9L3sgGRwj3PskX zz)j}lPe}>H&l)vy5`v9imU;^YZFD26^}Tu@2HsmLyzu}Q%r(^%g_{SER*MWsm(|?q zc`DY>{x-m0*%!7V6sWujqZnV)r?H2ve0U@O`|yld%HOT4Hl8F(n#4zM<50->hhX1=V@vqi=8e>tttR0{egGnHNO13^V_}xWSi8}KDvIeBBXph ztPpz%KN!OO*OT@LfEJlu30D5rfDDRzSA{b-#}b$#>~5XdZ8uY%$j>0}K49r6P`524 z)6p41>zA^tL5JIpG=C+iM0ZZAPcVnQUDId#t=Uu0EHUQ+cJRfTEM;BMo7tPT}*-pB--=G7oTx!p@*ft=+tm) zz4?l3s2y0DKtMLGG;j_%>i*(W3MI~YJ?xy zV|G6~d_x~JJ3VV1szzksUA?6I4h0VM2*Qasy-^QnC5%ZW#`tOXRDw15#Ci{k+9X_c z;Mrqzm#;#bMm8!-XvTGX@4Mci*^Q7pp|0v;7^YM%8 z47Z{*Y zXrG=n)OL`0MD2#pMePfa%jKDSOSULFOTO!_1^E>d(`58X~vjlIyUbLgNA6i9ZX#l&L( zm7Ah#1|3i)2}#-AZpP%ZYT>v?sNOI+(AW8bSDmgb5 z4f{u2N;&`U@6BY*+OL)0dKYp zroxCd+7_2}pZgJIGFj&Ajib<@U74jzG8i)ob5(T$Pc_8;3y=u#OBr<=%9-6F_z*=F zMxU)%xSk**!(J-Oi5|=Qd_GC{BNd6tqxsZ>Uo(4}0J~8u1mMR|C8WVpV3PP82LHM@ zAeJV5A{kr=mc$7pPOu;Q!<4K!_DrHEYmTEJz32}CeeU%Eh7^VlMD5cBg44h94&8W$ zW88GO&>BQJ5$cN=R5qW{qenHafhHZbVR5`A@D%FskFol{BZ=?Iu_c&8R3KD)e=)-r7ZAppPRCBl+3jdAn9*(Bc~zp4=y z$PV={Bv|JHJCOP}LFRB2Ujp@qbka|LV^6K2;3XR(#n@!8ru~){8ak;JN zebC*sm7&Fy+$BU&D<@74e9>s|1=94~$pm897u1*c<^7dcje; z`F5`Venr^0A`|}NcLM&YQdoTP+>bn~a4Fh+L6dOEQdqs_2W*hPiheT$dpiVV!ieyfB26xOzrm49#7_(;*!^N1KyTTwI4C7AMI@I zXa6?XLjq>MyKbkT(_CYW7PhM2BvNv{+QCm%=ab+ohv+$a`sZmiO@iX$V^U7B5ys7L zXL#|d9|4bHj>)2!r~g%rpvL`DIbMtLeHkLiKpF0;-f-mQDIEd*; z0bvMO>tIwl4$RR#6iE3}%=JmxI{us-dIFuLUrfct3yl!yA^XLGJ1@!t$r7-cAduCu zsC3@0lJ}Pyq|3d<&5fg_Wfw5N()rYlD~4X*0i}|HnNj6wB)5j3Qt!x!Mw`Uw53t(Itu2?!zxZr6rvaK%o22GA zMgXDe8i`$8PePdhxGB&sL*=XZ@orHq9|{ zLm_40Up#1 zp0ivT;`(5wrv49^P%Yv2Fcg;x%HkEZ)zn9TJCPot=R>aS{V6;G32Ra!{|W@9fAkM- zlOBtdj5xxPhIe~w8u~>SAmfwblRx;61 zjD(V})E5(-2i8p0l2bDEk3p%TLh~{_olG!IJrvH}&{)LA1>+6yce=}XEyt$k<410F zy7u;uklHQZX!YgcHpd1}*+l|0#YxkhK=hcT3f0=6L2J`9#rRi9iG68*4D8o*%x-+_ z;tnFrWHy(?r&9iWOjul4 zYcI3K+N}9tb9G?#0M#PycXX}I+JTtjllEMf3S>dZ<8`GnF?y5oAZ2@Ixlbn9vZJ&c zr5zuS_w#Mr*uT-|^+E&k6ZWB-vCM71p8Cfe?R)9Vl#itHqz3>*7sbNv1>n|B>h+(( z&R>+tU*mlglBln-jemc&k!<|6%Rwk3NY>*4k?F6??M5%3o< zZo>cS@$y9(?U4hRr5msqKxOuwRxs3D9+seVxntWR7Gubn9{wts)rR{hjUxKZZ^sjTT@_omMe73tdtg<&e=%?Z)KHv1D^VbRMirk;%X%c*z} zw~tPnB5y8I(6KR?%qXlL2Yj|AlZ043T!gh=e^xVgtqc(m;`oYp2pT`+(G4!yo$rId zY{pIn#!(&=ifE+EoPp1Hl(AYMe_2LS+*Q--8J!xoQh>%&Ll?n&GQ+WO=zeh6@evDt zy#pW zl;U1I@t2fBH%xL)T@ z0RE25LR6?YU-*Ky=1;gU_M?M_t_E%ixzH2CSdr7?B!(F5UTL@^Y=89q(2pAOvjcIS zxAF-fY9;lhq^9%cYo4-5L{}~a%Ik`=Qa)Lg?yNVqKmMecw{rBRAqI{vdNVk*6jj=2 zQqBvZv2zq+!XYABGO2cZ(|MAy@S`To4b`CBJ9Ccjdz1S+kY6F@QjRe)%J?}7?7GUS zO3QJzFJn{{Dz{Lj6vYk)9O0`TVP(fo-(do<7kRyw0Ec+fXF3F83c0Vjhv6{3QR5f^y1lKY(kGyJ?LQmWMHId4MJyCELO~^i5Zwb$3@UsBiH`~+RaQ+>XRvxsOzwFxMM8#53RRUd zYy~|QDNYuOn6!vD`XT4oJ{6xGV(!AVedo6JHD#Vq;H8)Pq8J8n7)c*} zP4#U35If;EiMZUuG|XAw_WZ6V^Wp)K_0!*P)CfyU-*aV1l4)5$59ztuqgx8dMLo>H z$MQblxnz>_$q|NodJ;SlQ}X!-H~84Ajje2a^EzaATE*^4Y=<`1EXba_gMY)o&c~$& z{*_K|xVGj9^sP7@o^tajKSgi#xro#lj^|A{Isqe?sm$`e+TUX-e(@m^&dCD8-1(b6 zD5}20IBN}461vxV40DtWJ(GuR( zGB@x5twcar8)LF3VOX7*lK*zY!NqpB0`PeObiA) zbV+)G0O@Z2Qqc1nLiqJ|Q-}@t9g9P_h5GxYSI*}UoUr^NIxqW?hWDY5I2XqoNflSD zfJFUiOG1TNx$Yr;eMvs4U`E@%I7i=g@6mO-2U^)&?npJ!>V4IjCpZQ2bfq%up_@BW zDer5M>v%l-ul-U2X$ZajSF%^G_nDvV2cjxxv7l*hu0YY`;se(=cjr_bj6&jYykiZ)Vnuxpi&KI?6v?NVZ6fI;Z!Oc=3s2bgPoTe_cDUsFF? zBH7Aka4QQsv|EYSW@mbt%4$6ttcwS*g# z?OgYDKB~oa(a?LdM9+`X+Nh-svJbcNsd#k6RntcSoUEt8Dr^YS@X%-nI4LZTs_VIkv=ao&i~^jZBJ48*1vA4MvN>Anb=J#T#K}`Q&qNxC zD7z<$es0N{V{`b(cS5#eaKu0wJlCfxjyHLQPf$ct))!l07Tni)oNR1tNjaJxQA$^D zZLFqx;vKD7^#gogopo@CbIBlzqMIuW!Uwx1Q66P`GZ!vy4lvUR{A_jY882P%Unl{uX@TF-jk&gG z9uomKas=ADdKHL_bG!7uvNdeU(#rBsyS5dg2LDlJQklIuBo6bMw7~fF7jwUXzg?ZRO&}Qd)njcAm^~84X>X zcHP)l88g6kl2=ca25ZeQIq>#3ysBL0(B@CES7S6i@?ymNkU?xp6x7uz@>AM&@`SOt zM@I9da;APNB6`i3@29Szi+53W?vA``ufFnMe(|j~I<_@U8_u*1d;i3AR}*=}Mz?L} zG)+h=i#15>H>MBanZwIyE7}8Svhd1&xhyymQceKwqjEmnywkI*7Hd_d1Nz3ajTYQn zcK~x^-(SoOhefZG!`wOv7L~FOvsL<|hp|r0wsDP}4dIKNU}o;>TNvoDgEr7C(daeb zN^a0KVYAhTTuv0DNEOKjjaH(sulen8 zF7u|N1JhJ5cxq1z26-GMwwh5kDB`yJ z?02grM7OhgDfGCvdp>8$M)kw&=(A+Y9n%0A0>;68HY7u@1B>2kyR9K*Ru)ruEL;~~ z9(s$(I35C|u>5$5d=C4+OPC#=?fFY3HWJyjh% zs&8fDN=xhdXFE(NPQfa(G1on41Dj zv1NQ3+Ztjgb6Pw*eqOX)^DU~Jx06PX;WoRAdt@Ui_!W8ku(wu@K9OWSchjR+-NC%~ z1|kPZPm8*)f3xYRxdR%^bw%Tsb4Jgi`Lr1UNrz;Nh+(W5!!R*qPJgX6TU(u~P+Nc@ z%ixgVGp>p9F!Q!28GBU_3D@1cP60W4RGlfzT00yqq=b4X5XlgDuNwByB9S@ZOhX+# z%0AR|I^UwVv$?ms?-@46>x5G~xv+~UYnXXyj}-Z;P~Id@6i+^)FY`X@R(Y(yY<#A; zHjDBXLj&Bl`-B(AeNa3LkTy@Wurd%TuHH3;?KK7$y7Fw;{^nOj#7(X?%mJSJTKAyp z+Virm&K(HUYI-!&0L0HA41FORu%6HiTA8#;<*GRiR|`Wigl>Ms&*O+ zo$>F|2)`QzhHW<(kKf|!6W7~}1FU>P*SgC~3i2=RIJe=t+FLPk$89|AuaB12aM*vp z>sVXAjak`y+C&4}*3`&J6#=laU6Ks8*U^}lWNva+~1IUPAR2dKsP z8m*R_ST)o3{+boq1({*M>JPyyWGF9?30qiF-#XZMlJ35xAd06ct3;|}Q!Eu-e9rw5 zH=`QCaK6=)mE*Pd&$ot{&37DkO7#;TCB{OEbI-okZe z8Y3QnC6z_%9BXilz(80;LzJWqi&O+3kU5ZvB3Izw=Fc?hP-Y1O5lp?@R5*eYYiKbL z*{{03QD2^+ZOlf`eiosH8J|(LN|hI#+&IG#j@o)3Y*~`6oIHA9mg86fjY(LT9nscT zA@G}BK{fh06>r-Q8lcyI@E5CT zn2|6}sTGGo*}AC-PW9+SL|wkAe&Bl*Za2&a$b5Lq6YA- zD;h&PX?PSZ4NQ&4IUFkHpL6LZ>Apiu019Ch98gDWFCVvafKxoXQQxV&dILI``sdMGI@6#uwX7sD@RSKvb#VM35hS6%=82IJ_>UW50eXP~3wVIN zh1xK=SoRVG6(Bern1NXgWQAS^w6|l6TnA)To+4-qf+=XLgB{MmozEczmv1h*MUoHv z5Iv#;#_69Ln4KHZPiG#^h|)dfCWM&ZvS(^gs(`2L1yT250HtXC@27{p)~M*J85TfA zelm!DqW)DD&`91O(4t^c@QOgL5pm1Syf%j!JP2$nfVKy&wYG-^5-tx;27aX9PJ*~; zU)b^Xx?Xg%=NoMgWJdm*Z4c<8m9)1dSUs}5acKYbuJtQ;cpDg~sCFnYNo^(2pbCR_ zs-Qc1&0gDnYoV(M(x*=U#w1yk%nnH?gK#G@-R%C0x7AuEUJ5boA4|{(oV-n)6b6 z7D2}{hUpM{5RB@vkvO@U%@K#-M4Db81F#%7+Tc*MkVJZ11*A4r{z4Kfn#2JZD|J%0 zvNMpRL^iJ*mi!8$7OD#o?~%I>rAM-o=_Xu&4VS^*WZq}GHnJ+k6A;5)Asv#lQ2L{P zMt-54=u%oMuD}WJ^0E(0qtGQy%!Zk4m@x3i|804s;_&NxEXuV@v}C{K)% z*}cno5isy`r1#BAXG3YQt!FjHNoXFPjs0pUwV-bzAZ|);Lv4<&Q~F~KuGs{Q3;*MQ zn;TjpAle#;*_Iachyc1Rwa+0jk=x@D8_67N77bUBH4J6_Nj0AD$e+LLkr)*5mf`#F z$=+%M^^*_m9k=T>q4)K1$&Dn%LA=O{Z4MqwLx}o>Rt?^2MIrz*%;ybM^8J$l=Gx~o zMwqOC9BC2{zBi?Iga?-2pw9Sq0XbI&%%}?o@B~VI2;i=uNFHg`JDahiLgR@_x_}{7DV#QNJfbwtqNiYIlI+VyFbI~Gje=>|2x2%|uPF`jo6D2{}sljpcNh{xjNdo3(Yp+B!OT60>iSjUF_MQQYe|=1T(qSFW`K-YY)qFWZu={_e zr^P&$%U^y*-o#A@Fbos|7(P(xMhH5_!^@yk`$Ro@PX|zOa)FaS4wbUW(4%pj@fMeRe#qmk9Ln zFP1{WDldOcVg;|FKf!S^3}^v^yRn%U@)F-r*+MXuDNS}=T4jO#YW7fek`oiKpHMbipgrCf7y@|R!Dhr^;qa;nfmj~rb2g~|- z^A7%A>3BZVA+$~dtQ(!+5$(ZV=LS9A2?Y6@DKSb9`Pq;dF43^XB$IzoW@m=Kb4ZS*Kbi&v!~LR;da z#ph>XK*3`_XR7^mq|TaXbU}ZatDBpct0xyyECR`i0ESL9h?ps0aM zN`u6vy(++4gP&C${vPgcH(o#4#2M<_tMgMR+;fK9*t+_wRm%YQpP2yG4GC&EuFooP zAfJyfM5HHDFk6+Ok&Lxztu-2FP5vjAkCYA1oW(UqC(Lc(sWRsf+~^E4VTI2+YJ3rx z<_y3qrMoCfy2hnVZHrf(ExE!GtIl72Dt^h1+re#5z)WnIxa%;F4yjUu*DA7|qqJ0} ziQ)Mhv)?0jAo7UZngexZKmr$~fT^}?do9>q5ep|;Sj2n&sIq}5i#?A=n=@-E;Z?BT zP@r|-OhoW##{JX(j0oh`1o(#*ASnR?(g8ehqQc_QxFD`%tX7PmXHYoJ!@$k{p>mPO z0l)k~3;cHkXMhdHiPTY4`aZ_(*!wD5Y)R|A#4{}uw*uwP^KtQVeJz%$Y9gU zenRrDAeMSXF3_M;$f=QAx@S46^JHlU@?w1vZ|X415avLjv1=<$jhL`3UZbST5uJs z0~t|~&%C)$LDJ&H-Zt!57NdSaEFy_B=L=-WSEO7H4w0C|#2TtVf| zN8Y(udsiOGz9u~VvB6HFElR(I$mOxIz)+jhCO+h8P9&d(|BflQxPR^Ur}CH(*!d=Y z>vFmFJeFg3RZ!?)ux>{}MyrXSS;zWzO&cLNdy+O{X|b(-*ja(!z z_6(-FS^>Z|PEy)_w%<`ZXe`>KF-*Bq6ArS}eaYwisc3M8+Rs#1p9A|~x;|B*u$Y~- z=LkdTn^R0%wCMhAAn?i#WnidaS@u@a<@rZ`nDsq<;``zBL1l7~&{a0GeNBzJT5Dm* zYSOL;ZI-Uw(U*`p3V?%v@^S<0#xNCF&{o&l>gN_3K={@=yJf#us((S>In<5Lb+c1{ zApu%;LsQN~XkdUkzceLZ?MMwI`NSs$wNiL4$d?AAoDPVJb zf&Sf9=N?o2#ddRTssYpIr-f2OxDHU02Br^Q>MLhQ>t++12HfgG`&vUrW@+ZKqqN|K z^!u$Y<%c{F;EQusYq5pi)r;6H!TQA->J8f0>-$p&baJQK!D+iSzUCeIrC*1_ZXAD@ z*}ltpB*)PAK9$yoE_H;fW zqNrBWlCVLbopgiQrQ!cma5KU@g`Sf=`QD|pYpI?J3?p-&DU$WYHLPDIykk|N&@aXt-{s}kQfWewxonq zk@S9ALi~zvT{wQOc;mT z_0jQUfS2nRU3zj5|7zw|HEZI&zHXCC$IwtUAy&P)`9M#up=S&6;!<9j8E0Sy?NcGK!D-&Eg76nB3c&Y}??JillL|>Vwzq(->NEMW4w2=; zl;PgKfePp`t)HMPcM+FD5j_+?CWLQ;6{7Y35j6~W< zmkf)iy~F+M{rzv$fB#s}CFOTG6>2nyk99Xy9a$rNerWcl%z<#_1Yf-MD|A^mAQlFj zgT4K|eeICK?7%9oSA|A>z3`;SEZ0b3EGGKYV3SIJ-wWT0mRt_|!#n9C{#Y~irD=ZE zkG|P3mVBQZebe08q(GNdGYd%bHIAFbJc%cAH5|)Pq=5Hmz5(0#ENR{!Yh0GO^TA3z zdW*V{79}SG_H0;(WrE&6W3%2&8v zMQ7rNXrf%NZ>O)n4Wq#KMz6tUe)DZV`Ad2kU`XY#bSp#CV_EdSe>627fg0TET!FL= z!v3QC`j>?vU~gi7G+!sb80x2Q`_}6cylW|5VN9$i$&?0{b!Y8O!hSmMPdNzhJpaK{ z_a29`3iX!}{|PmK%Mitz>to?b7b8WzD;}pdZY+7iCGP;G0IEn6b5!IPjRpO8pqT6 zGZKE_&qia##^sxKVow&32zZfy30oHEf*qJ+Lvf&(>B|lm$tIcf;TrP({ZU^U zr`|}`GwsFP1Tj89EvqvmpEK~j6fX)ic*v8uQK2C9A#c^RaKECLw_O+{}$4JNsY|% zLajpfNGZOgXE?e}t3qPsIaR72eOHVux1ZSU9{lPGB_6jY`|w1G?S1@J2@B>g5{j%4 zMh@_Y!Mm2#TDBCn8dVaV1a4(IKOb(S;~Pd{YIc074{~slIH42BA6)0PMgyc;&Ouk~ z#Q)!$_|h-)gFb9Q?8B^1PApu1R}AHEQfD1#bLE5o9H%pWxW0aGoXd35{3hu@31f33 z0Z15q-;EpYW)CUKIGz{wZxcs9?El5Thabg51|XdTlr7s(Q-uo?vAHUQ*PA7w&CJI2 z<$OlAMK7M*^^#DgAN(cxR}ZFtJ*gb>lPzs)80KkuX|Iv^&XTXjS^5=!=C10iv3+*- zey4;u?GA|ylN@1TNIKj#(nRmAKnkb$@gV>Bn{)uwOi}-NAQk2*a)!pGoS&A`?B|Jo zn1L)t#(&O4;8do{CSZfmhcZi*RfH}nAxl!IvMEGK4o#N0DUQ&83oOMWqLQpRczZrq zuk`(;0y_|%oQp&(F0`b2lA6+TQ7TEbB0nUVvWfM9Hc($R8%?t(^QeQxFm>}nQHnpc z^&!}L3KLe65%RrLTc9P5z0bv;v%Cic=Je$je@)q53#Jb%nLcdA^r4>V!?j@gsFLZU zR!kr1nLb(zrjILsnLcjC^s%1l62DWpXixBSqr95 zE15oR#q_D3>C?4f`eh~4FIzGFQqT0uwP5;HCDX53G5t!<^sBXC`e47>JK1l=wklb} zHx$cdJegd>-1>>a_qdR+;FJ}AW;td0a*MyVcgmK>^I;`_&lI0bU#^Dd7CzbXcs{D+ znc|Y^%hmAQ!X;ZC&&QQKQ#>+#xf-5Zcx21t`9&qq6o*V-u7>9p4%zZ}KB?rH;*aUe z)$rWHA6p*JrO}7XHeK{AR|HWn zIfF!Mrn${et-{SqVkSKsxD0;UX&i?i#YoK5z_a6jU8IVyHf$Vq&W75_HwZ&#K+ zy$$x$=fR$w(QEwr`u~;{M%q@yJGc%**H*gZwPS_SL(=NKU*tTukwr$(i#(DGH-@Wgg>6vrppQ%q(b#?bl z=iP#I+=A57!6P`tZD`y~+Yu;~0|BXIH1NQWV*s>sz9e~9oT?<{^TUj-=+?G*qN9_~ zi?wj;#t_DmD@_`DKE?I|z@&U>eYdKT2iLhgjoB0_QDK7m13*gY^Pzf^^4`jn(|k7& zn?N3;jlS1IthZaBH9uBQjWs<7WS&)nli$almnUv&KX|!+`?!>-a5^#J<-m?2*_Oi< zZUOY?go5G7_BK!xbT}3p*}auUdv-U>$HjhYwJj)LfQMcj2QozIFp{}FH9LlB(X{h} z2HklDfuCL8N>{F$Qyf>hXBD9K(rjzkKXTHQg9g9Y zY|Ji)T%W|r6+{fKRksh#Y2A93Y5o)r7-_7p}{VY$aP%jat0p<_W@G~VoC z3wr;BB@O*t7;l?$!FT|tPlasIC`9^*3y)Yc7t&9Xx>5H_1+uOwXmuPI1sXjWw(g2D ziwNIH#W|O4&+I!fq2ezg;yKc z&PHrA^yU`O=A!9?cV29yBDhsc%R^hG(J?TO51*_aogf)mt3zw^`)vPKBRwCqs*be* zXj~I2IT+4>YXd=MV!}m3E2K#6oNc{S$DBw5d%0{9RA%8yht`)hYZWUZ{t=UKD)9t2 zvv}8a$FI>GUU0nuLGs}Qyby52VO~aY%P%Lvn1|0%tIjT{cenN@>_!A^Is1>Ud)s^B zSpe8_A*+R@GrriWnYCpqp|u2>cxG7qNM|0q&4pa378dWt^}H)(#>1&%^8oZ6OL_7Y zaPvvWhK3JbFFS^>+?Y|A)zM6Y^)gon3Yxn@rMh#R(#q)xtw4nJ)DL=z~1`;`T~$kxDDN+sLrHrs#0 z8K@}=H;Vt@E=is!b}r>*QWRQV_shZ zje8pVt+Kf^`307JKny^IDp$%E4R9}PFTFkbT5=Fw&~#;9@Kns($I}YP0Mv_knZR;Z zejl_b&ehZ}UOrHN2EP10uE`{F(&%~83LRX}ZyL?5IvUrr3)IDMGIW1WyRW;x?q{T1 z@hf-9wLC59#zC@D3($UEwM^+OEp+8HOzCuAF)-v>CGnef>;v?lNK=GB!lL0>z@w*& z`ArM=3Y(x#uell+>Q#fn^3>M;FAu=5|M8%~`5n>AJ@&%_f`NhXe=KDDun+>R&)OTv zz@0jqLm(^JkjgI}=mCj99U1f6%Ry`Z9jUJmLkm&wn&0$owpS>*V|3xoDD~GgJfQ?` z0Du`7CI&`_6V%ijr4-38_bG{PhRks85yn2HUV~~Y&x$6x+J!3OAA!0`y+;0Wd*To~ zPE<&kaB_h(vJxFekXN1#+%09{k0q5P8|)V}pD-{;OTiiyK!1KzmE`el z{6AFzlK;snXxW|9C@AZaHKvjH7APbu_mj9u|0OQdXEpFo6OsM&ATB28l5)O^@`)@M zQ?MU+a4;@5y*NPY;rXB3J#*8l`5%P|nN&Ew(`6>fAqK?Hj?7gkRr`d;45wGk^%q<- zXx1RYaxS}BKpH!7Eb3)8FM9z}Xc_bl4@A51Fg7XQi@-KEe$9@tq9B1sAT~QxT{!p_ z|7GT^89E;qEbw~l9F6$~u+2|oT3q=4|B-3&6PX@BHt-#2uqJX8-oyEe&~Wu;<4y?O zD)t>WqwD|Re;Qu>F$0w5L0WeVjyBB(LCwqOf6@*Dmb+KD?;Zb9El31aIartBwGXFJ zdeGwQA5^(P;bbY{^)C}y!?6F)O)#|y6Hib;Hn0kpI*!q>4Qk_`^i8nDD(X*$)TRw7 zP75Qko4`%1xk72{Rg0{02Uh(r%R;NQ@}^%<8Ac;UesyPuGa8BQetoO5KO}ns{$tsA zW7`sFt+|CeaViI6{5eR{<(DYOBANU9+#=vo0a5)jW`#Bt@8|q?il2LX_k0n1%tQYTvF^3QSOQWc*(RWnSA2wR&zv#qO02j$ki zxE`_Um)wH;k|tDf*fxv(FkX3D%7x+-!cyg;Rijedw6LOFr}3W%D|R~+IzhRr7pxdZ z2FBWAu9db{#l9OKp^OyLK~lrLZ+~6#8Y zPYxyFeJO+>^auE}WZ1~dR;U59s1+x-u56#KIvMAap(U1u9=5cEB3Kc>SVodY?njm% z$*Qfn!kEEf57^%f;(`977-v-K(zBm%Rc5qt`H+n?$7O0%Y4QW0NXoT8M?uGP1RkWWP0te`HJ!g&qrbSMlzzZ;j z$n^F$vyfdKAgLL_1R_&cLg%5v05=QY_GYYuoMtzYPWbERjpdv0!-MMD zvi@J}aN<3kvjFJEqrN8@El!It$bhX&Rs#+mJlBI6*ba}IEkTIUf?=ES=V6-b%%3@i z>!z86(wgg=DI7KjA$u#l7ZYAJYBjD|g6=5ltt<)m!~aYwYSyS(ddL4573(*2-AKw) zS__`O$7$aT&ci@S{<|L+9J)!F>_4|w(;ulyrsKSkhhG%ULn#9#q9Jw@-@ z&Sl5frd7Jjme9qLaBc}enU~|7^7uJkb26R0Mx5Ye}$OcIco=?CoS7<#M`E zTSVYwhyXXItP2zW{#WPfln|KMyPe*kh>eD`1KcRVD; zM@>{o$ZnYFM*qNK{}?ld@Zh$lC_&iJ{9}ER#!l_ktYa;)cbs)(!1EuntN)NS2f(rZ zAlvvswkjWT^?%4#e~?XLZ79`s6U53#0s61m3XQjFAYspV?R=fH-D0DAFeOivjJZr3 z4$yLP{?ncIq%FVxigpr{)mF^97T0#u$f{>vBify-WWZj_fU{xV*9}u%9xu3I9&_5s z2J^+M4KupGi)W(G{y#|v{*x3A63gI6(%>IS88ZZ}VS9@~b^l-o%9K{S zhV3igpA48XG2k($BM=7eP9pbs-~Ks`vyaepbN-Apmq637Vx}8ZsZ17|A&tQH>hJJ) zq|PkniN&MWUq)=s);D0KT;ZQq0=L848z!d^&V||AZ0-#mpN*cBC)vWB42?>=5l6zD zFpxL2ko{#U03j==lHk{RLR^#3zBN}QdA;fYdv2(b|4nW``&xced8BDR0Bwo5_CM^N zy6csIAv-G}Qm1bfyKzu20LAFEZULt*%(VBQot|YuZ_31w9jfh? zCW4PjiU0D89Q=dn9>-|!Pw&6Y`04#S&M$KRulJ+-?-+QGXWnMC-#+;Waj}JWtSCmi z^x)GbKInq}G{~bDSbs-+wosL39=*Gc1>~I(gnh4)A6W1|usq{Ed^szkwgHof%~VI{ zyu_#_0d}P4yBSHrcHIl&K09<6-AbI!=3KXOSuk1y9Bh**;5&pOFw@NecK42WUJHF3 zNq?i*saG_iyaJx6oPzDHnQT=G>O7-1H2z)m?X&N2?6U8;wMGeWYzAMhBE;ac>8P-C z=-s{l50DkFnjawV%n*PmPb8XFhAkpvXmQc^G3mmM7b(m>Qfa#t=3cSS24AJq znlWo;qTweEl-y$|)kSYLTr_TH3pvv^ zr4i2^28=4D7bkNri~ou!VEZW|Xqk}Yrw9?NpCYst^4I|XSB2J36*hC}Z>>*0du(jn z9V_lp|BtB88hc~3&D~_?G6j)qy;Q>;@gQ?`6)^=Lyh00r$2|>$IFJ7;(Aange#i+lUe%Z_*WNe^zxpf8J7d2EL&6F!=`h}hyvW;B>>NF*7nF1G-UsXw+G>yeJ%1?zM^`aRm#dnB;?$Ngo# zT-rJDOh|crBGw-Qf~Mg{Q8>MMvHubjM0;*W&K+|x1>o1^1;g;PQyQ`$>UID+#_7}x zYaY84DXpy<>uX=?A#V+Y4+;AZwUdnz`{5Y~ zkw@mNy`;!6L|TMIJ8zAUzG+@dMAkF>O7eM~>LdbPfQHqOGsk6zcECnle+?zb?Muv0 zU2MrQ<3SqF?>qM%#-!1QX8Nwl5sw zvf^%{2PpIUW2u;p0g!&9l^IBW{lAiYM2sU2R+h5<@+q5 z!Oj~5)uwxp`r?I)E93(bEdsEauz+TIp2g2ye^%W4Jd?-N97f^XRzwoY7n^dO-(&`N z0^h3CyEQ$D28GDci3Nyhf5T*!6>5TP$DuTkILRO-Y?h$&9dttgc9*nM1EeT;^|TQs zAcX$%XzA#4pN0WjoO+mdcw8}w_!yOQiF1f`0?%VQ`B7fPK3#y%Qh$f+*q~KQQ8B`N zjt*=qw*=Ju{unPK){WcmDHo6eX%wp-u4yg9(7o1@_&iv$<&#|6Ya&Ck)-4KzXvx#{ zQ#nz7fetAmM)_kx5={znpZHk|NfZOgyW?MoWshB@XOIzpMZKMIOE|*wUm&eH9EG3l zd%p@!qD#NOLDB(kh5iW8IH3Wb-p3=`k`2sI&pO)y`|>9dNY%}b%#pNPEV0;GHYtfBA( zQyyU@fZS416>PDetXQq`Z=)K1J2>35&_^^4idY7OiKI?qBV$m-=}^=ka3L0 zX%@FZLQmzrCIShf$U+v<=iYo{^g%P7wuc@2(fV%^=->jJ6Pi6i;a#w|okq{GFR^Ay zR%L?@bch%@gV=@Bao7alI6I)bf4N!#(XU9%IJ~EX8iZAiLJ2ioA^@CSg;D2i!h%6*ySvic@H}w6B3kZi*p!p!!FSF;X@#OkpmZj6{u?1IX`=H@wh6xvpAe( z`mN&TBMON+1>ptlNq<@69j6$4mFr(A#5ghud6KiSf2K@a^-6V&>!Uh@+prZ96ELdG zNn&zP%!2o~ROF$$1p#S%Le_ury{*m*2uUi&rRr0jeS(!@z+gmfm|@&6`2~iB*`WEx zSV}2D1VW7upUoX+Pp>f9UU>DO$bLCmUr!d)p?Al46^$C}e-ve_AT-X(4?dx08k zv*wOaVe@K=y_SOBpJ>MLh2{pajX#D4;|SO5^O}w)q*Fg^qyqd-&l6w3>)q@^hfK!B z69#F17s~1IZCbEnl*7~erV|&m=Un)sY$;#|TgsNajSOGr&9|ynTIr1hb-MP{&Lc`g zu8W_9o(2pCH!h$cV4cMaYsMlRP*or~ehSN8_wuVOBws-BRGn#K zEp#DXU`VP~@&Mpf&?m^3Ye`Y4y@0E^wSy_B6$Meam;aqnj_im;!^giy;|{n!?8Skg&v<=X>u0uyNGkC9 zWWpF&)XEWCB#B$IU)ghf^M(=!a=q8Y=}zI;j`$UrH^}LNq;jha$oFxCEG?qkza|t< z4x$b!9>Q&q+@B5#tIr6f)D&+i%&(CNx1gC+^oj8TKXiy#Vg4&Am zcwq=^0t!&Bl~sCiSrf^e_=7C@8Sv&+|0W@qnNsMpTI&ct=Z@&Od%C3-p~0a2{IF%} zv8RSw7BgATg{^b5NxESp!c=4{$#_fRJ+gf3$P5c(xng6(nu}!|MLd2`VppT5p!N0V zG8h^c;rpIvqjk0~jy@2Dn!K#bwg1#C%K9JloGhSbrceX5=Zh{z8E|pbbMGm3c*5JT z+mh|<U5$nVGEKwu# z@Y`0QTkJbM1oi&Ln$DZ9s^Vj%{~w(mhB}5`zVqFe%h&-%;Vv*3u3?v}DCZuhsEe1y zy*A)e)bzE#J?>A9`;|UD2zCvsfAToE%2$i@9ti@&SP=MOA(hTC-_)116O3AyG|4f` z%3)7+3IVGkT0jp5j9HfoDtZqZwF#f9DpC&>_38R3KzF5>?lE7JJF949v8UIW^^O=u zU*j%tnP>JG%rt>RJd$WGaZ9$$F?~gyH4^|X^fWT;ZSD$OiZ5chj8C`SO0dY#mtVwZ z4W$W9_(b-3*xO-mE;PP?EL8=|A^GS5RyaKKWpNmkUubr>%xG~<=C&WY&6f34WpUCg z$2+;Lw%i=DHs!s!e6KgtFI^jWRwAf-tt*j%l=yC4#d|I8j37ApzQ_W%?Oa1)*bIOd ze!S_{BHsbxpTtLZT?wV%)<+!o1rf!#*`plS7#XjVXy@_DuHxuHF{pMIh$P92<{ zjK`Fo&#fQegUj|`yq?m>qiqu8GGmNUfuU-#fE~?N#FbuKg z9AR}q1t8DdlclyRVV>!G&E?2rciuXlFmx=sWP2tDW9XFsMWXRqh@f+^0jzXS`u~j+ ztJ6-~fTe}~>oIgbgmx%HL(Wji+EY3Ik}tg=LoLTs?ijAPB|}vnhwe0YYMOX0hH5Ry zyn>-LF2eBL&>Bs6-9v(&ejSv+)ot(Z&MkOlJV>piL;T2)mU|6utVciBuQ83QPo1^^ zOV&=RBRA2SA{omN+c@@E1t7TpEXH84H;(d>8vFqN^^hWRd}lPOqX#48KAL%MCj8Ji zT^5X}$bLPV0;E{LfR?ipLEr>91BG`mM-$yO`l=5Z{(VberLC6)%<5id{ENZ)u)y?@ zS%TfH6oU)DmoblEwAM$HT`z^|8&IaIlp_tia}K)Gh(c1i9uPTOEhi<<*=+w<^5iC z@9_8Myy$ZNbs)rNy=WfOlnnCH@*{&JW*6? z-$Q~DX2`cVFlcPRiiR)%+ZQ{bjs2LJ|D%4qUa|j#bYVVYJ684Ul)k%?!y2CUHrqwP zWSYf@)?yRN41hF{=hJT;4QxEzV2Dvv&Kz=;TQEQ%Es(K?q-pBJOI)$u6}m=>1+p?q zP4^)-d7mQJdT1vLt4Bjr$jbB_> zfz9L~jC(E8L;*$zFr`{KN1?xLGdgHDvN^-$k|Bz3C>rl7B-F9i7jm|{FGe!DiDrl*Zx=DFZuslnWUMbwD}5Hu_YX5Qvw4(-sWij7_GUAbo9CbW<$&B5Y1^vco`>;qf)4gBH`RIy3R%23|7F$U%yZsKji8 z0@kUrH&-EIV(vyuyyhggStxJ5>sT%Lfe<(ZAmN-^3{wAHLj|X-l@0O~fu?e=+JPgr zn$0v91Ur?pID6JMy#qD-KH?_{d^oRKzL#|T%1nB!K=2v9P|Ui>w^)qY=Szj1j%kRk zl1zUb+1K5R%(3-c*}}TMhTFNy+M7h*0?dt?>m87EFoM5*^pW93w8uMMi`C(SyMej2703`zH25UuU#8xMa5}w&wF?1z>7Uf2q z73JLi#V}gtvfWJ>SI9PrI7px{;be96KB{DCW<;iL{+^T@?joi!s86%MD1eZG2LNCC zKUwOQ^uJjx`m<)}jht(_sJFOxr4O*Rw^;m%>PNdUB6Gnrm992BS+d{Kiq*p?DwTAU zzm#uau|G|^oa|V9d~|C|Nrdj$jO_BF8x;ixv28r>gc7Y4DeHRDG3edCLMPR~o@U_x zUCoD4k$Wu&%dCX)FE^-TPQ4uE4lrxjFM^W?-}PMm>ep0Erv*_q>SjW?EoRJwK$&%) za*rovq+Bz3mJ`hrz3kc|&TWI^bE(t-rPJZln?kRfdZgG$o7Hz~ZPh4!6JHnGblgV? zkN(^9Hy=$dR4mguQiD-7LsPQb-Ib)yA3_uo(p9kf&p<=$=HH8R_G6Q)xY)S zkxWhq0^^6sm)2(V$yOT|nRm`+DQM((mwYJ{vhS~ED6&Q2cnHsuU;(#~uk3501ri~! z>s)r6? zA({YoY&u7dfs`n!VLE6_T7MNGKuM)0h-Kl)R-YO}UFoE?6|!-2I{6%% zv-}$LfsnA=$rE@bnL*sb66_^0!FlA@D6$fwB<%R;s9j z_QFaN_I@6838~xAsd%eGlXe{^0862QVE83qNReRc{MK4q^&q2dCIGnXTH{9__oZ1U za7OY)iYKT_i35BWwZG{${mj2Wu#r$~WdFc{zEkYqnxCwV)?Ou#ayj_;U%@M(y3bN5 zY~KysP$&p$emmd$f|A4Ommo7Q;R363I|Ck3qaSehE#Ila3VY(_QK|BDc3$@`Geq`j zq54cAj0xm%+D5lI1pL6}kd3j;`t;}zMqiOgh=Th>qM&CxsFp~U>pJ!lh^1u#1AYgN z&H4Sq`@C<*iXlQHF@c*0n9W_*1tQ!-F#=<#h8u~4z+f4uZ zqc=Q4+mYN)_Qm96}vmbw0TAWc#BOp+&P~n;v7_m(6f^$=A1k5RRyIJG2#xapTWYb{uIb1n0VPE3-W-)60#r5CV zwOl-{w+EzCFmS~!CfOkX5_l!fAP^60#7R_A7;fH=;x!#FXwFdEenLlpMEMryBT`$? zFF7QP280{uzk_~WGR7(H6e+R<-|6y#=`BD~!hW`e*L6~pCVc3Gt6Fzmzws)(RV3k zV<9k{{sme=8}r|V@O{}qhU7*F%k|ON<l99@7E%%h&*MD}4LT`%-8 z4d7PrLHK>oqg)<&5MGoF=ab%Pv=`I?tX%77ECTKn9uuaG$!948;OZ8R{NyE%z-?-v z3{2Lotwd@Lg{Gma@Csmar)Q(Ac~ow2UP|)W&xJ5&oP@g?OZfB>qsw16L|3W86J@Nt z$BeGtvWF4`J?frbjTWSD2J4vS44p1(Fy&gYCPMSHZ&N|tBFv*J6PZxNizU2YhyVB` zcD!pSRu55q?rM*gq$%`HK1c$)4;tFHyq5gLeJMC5&C0do!e*=e z_AL|&p)wel@xSBz>2gi*xZ!Ae_|U4mh`GU1>Tf7i6t3Z*_fDl9Q$4zQhhkNwh}0o& zQrb@xoY1EMo<^FsO{7QS%P8*d%T6IFMiWULY+_`g4HAPWF&2rBte%zYF@5eOtZm?e z!mWILewx18$ab-UMm!(wUog))XLe<{7AJtX{kxAC$H%F!bYon|B7s;s)^{1CsDFfY zj87qBC97`B#L<>DA{H$6gg&$>z!aWx&652i2|JnqS7Ov$!IqJlJ_lN#!v)QK#ljdl z?QT$aX_;BsHKO-dDqIPN((v=)yfd-ySYhmXybtF|=?Miu!X9b+6N7D0yVvJLNJN!T zP3AYr@fV=3B1+GT^X){ORhm7&YzFbhWB#4?RbUc|U-3k^xXE#ns@L^8PHY8q47ug%%YFcDYn)A#_sXx_O>c7YvhpKXR=mm$GK?Kn|SV3E%rSkvBWaNupoN-Bue zEge!`t8^QAUzokPK;h=S0XcmFGWt~;xjpgi*p0d&K6OH6-HIqvVxZzz(hAO^d1F6! z#Xmb%wAdOY%Hqaylr8OF<VY3K?{41!r}o*17@IAzS2dxk7DkV;+C~W_eq)VJ z#0s=dop$1${q8s{P?Z~sa{B%K(tSGf5A2?KtBx<_KYTPtZ1NjC4*%{AttWi*yUZ=% z2qR0Pb$&lgx_IaMA|OqI2J~Cb^Vx2(XpCm;SY{`f3u8GL_8%}jG&^hzy;9#bx~j4P zQd}{<*0$T1Hu`j{ujrRtQ!H=Zl&|o-6kCqd3BQWX9XeFf)vJd}v@=Mxt0E#?woaB; zorRPTd)V|PD?36%)kd>)1bK%l>aNUF$pGQqkehE`cDfV*w?kl!r4M4mn8oz>|nONKx>&E&ul;P>^|5C!reID zlK~AgW~%sK@chPAytNsBn?G-C56|oliEQ`F0%Rtq7#E`$2jzIS&=>Vvo8E zYENPpMR&nE4O;28gH21)uL`E_BhLM<92@N!Hd|B8@6HW2wjArU-b3d*IvFcbY{uX& z91GYYPIIDeEOL=*ZY)(DY2>r>*JfI7ELT2TvJDy}9XJ+S@Qv3H>2DBPy6gda7_99v z5QP16WiJ+j)osU>OXyg613}&Z;P9tI&`D9G};ukMJSdwN1D3;^& zuMAwovjYW7&;6j5iSFXizU1lOC*Sa;*jzKK1mnZmcZyyl-kuQ_a^NJX(+`0!k8^d9 zIGU!_8CQW5n5=rfPx6~gQT2;!&_k1$woSF6(m+!k7M0UBzE6K~>rD6nVu2H_R8}x8 zofx&9lU{F>5$05Wz<1Zmwq))?CrzN=<~Cce4=svczmOTeYeev7N2$z|=1m4?4sVn` z-dcFsK3ld`#JGHjB2gz@^65P||7HmbHn5Z0nj&YvVxSU`4V=YHi{FO*vHu+&-V@Im zC40D%^p{rc@tM{zNya4xaIm+R2$tp0M69_{uo$odWhLiw*SBqHmC`!*K3-Zq}!8A<_RvkETdHY>7Ib?ie<-M^5Z@)A5rP~BCX~^ zXj-UBFbuM_RGhx{$@VbuUKrcR;2 zmi1Hh2Hxr;XMJx8;LeiOFz-&(6!GUC_wR@z%ZU|*(*bT(hU-&8se>?~b?2DHgw_oF zImeOiw>1@iJZN)vy@gMNlf;wLd2|yZ^o9JM7!ZZTLOY3z!(M&~zeLSf-M!#MdG~NV zXh*wg_i(>3%cq)+9Go}jdbMYiSOe^&kA&!1VbFO8#u8}+;JEcSErIGEcAjaY%jz9K zd=Vk6o{L>JoC`Yf6#u`b0*6BDulD26j>=Sohc7Y}!yw4e&vC_jvxf0NHGXLaa-%8mfnh(^=(gTFBqG8z(tbsn) zxUFKZ6fok<{-gM&C-~PKQf1e-_>&0=#!etoFSsM(H2o!5_>Wk3dvp@(`ZC7#jJGi} zA(!xgnr+P{3T2u5nDX`c8=i_v2+V`x?VClwlipKaV79t%HY&!yhSXR+NOHcDAj2EH z?B$24WyYw5nz9TA)=K?*OO`TSo9@wyDCM2JRCG3$9ZHc#Y}(%5legcdrpY3HR~P|R z80V3*vQhV^%dG@1=;lP!FX1er71p!J7F*Jm9(4H^W6-~!^kVzfP+RlzE5#No&}YT~ z(FQO?c57;?H0;?d$%7j3EI;Aau)%fpOjJO^r(t}oDu~DSV-Hvat`MBW{W4vmkE^qJh(j>ayKsgiTGG>yL zY6EqsDX`~KMfIb(A<#$*^cvMA*(EuEIoQEiIRPS#>NRHH|M!Iz+rxNyo@J<(rmmkg zbLHs*TJAy%5o@vgW4h%{Kcctofn|x1%;qcyXPC-Ze!!)sPV-g<&*zUn`-4g1mR zW~&k(hGew2j?Qq42r2e)LWZdTk#JTCm*iiJCLNXBd(3#*&{n)oWw53?f&hCM6vNNa=bgQ`^+$xCPK3M{#x***jq z7)iKPzYn%GL!($ZXA}bsKukk4Ec`|T0YDH#7cXYqyC(R^ipYXKGn;@hEVna{WXQZ> zxbG`ld+&NkP)ZW$sCiQt&)e@|8CbkUP;^OV3dBh0Tcg)_DHFZqV-3}0+C0Zncz>kv zm$n^yZ`gNleGzpP;r%^(6UfYpx@^Gsws+;gz4PB27QhWR8dXqle;gEliYE6;0fZ+; z6%cy<(SAt_6!7G86pd85Vrku0P;qZXbv$|)+C4Hbzc8`7K>OV3`Pt1lx@{giv7(Yo z!S|eLmRx+?7gQ_7YILKl_p$?1{_x5MS*-IWe-+1ydx_?C0t?rm8UV*+D60Ry30Z24Um<0$c{_BLyksBKsAWZSAx6OCu?c*ShPA2*PyPl zl9$2%#Y_AB_qLbIA)%sVnyD^vqhuPf;cg)+D(aqsdLrcK3kBKV5z(*W@j485+x@N> zWwrj$w+Q`tt;Q;zue$7=M#oZ=kgvZ`=4!Ttj#y~?75pXD!0jw}8eDO&jb5 z)oK+Q;dDoQF}diXH}odye8;|UgYXf-ITv^%2BnCNMZTG7dh#8YwKbi4dLA4$B2sBUfg2nR#lUhF&P+bDPZK1Vm9@7)96LH6>SfcOi7q1$sSEeLyx=C1?n{&QY`7 z0~?LN<(WxB9~zE@nY-yXj+s+?v!UbpfYc-H$#*?PqlImrR6IqtoQOX~_MEru_29p1 znM<(xE5nr4H8NLXBb^{1Ct(`q>543-mB0%0_IR2ynae}5W207GfRTAZnrm2Ajk-Xc zllfj)R`~*~mP@FD|LlFLu~A8L6nz~F!wQ*ewY!mdvxxrd=5!63d4Sxe>I)TBg34V* z=K5M<)k=}E>shLNm{y4~`;@d+&%|ga0an_PprI)4w((yPeqfD)a7=+sN4?3V_D$iQl_9I2k(b%jd z^>9+!@Zk7<^-og*)OS-XsqopqEw$^W%qfXZK44dwwX&vG3Nl>8ZU zzA)xRQ8u&6W@prm;fCWdRRMM0T1dvssPJh zG=mhKGet)ZfEl^@eCd<-CMCL52?{^z-3r+!vsz+#JxXte?Aj{vtb|)bM^6bRd|$w((D4Giqd9Gr>k!^ezqmCqHjWm5J``BOgOyg%v>8LL zvzLNdR)CCUOv7cCg@Pkrl>YvwBA1Ok?Gk28@QrvQ3%J~sN`%qgPkXMUtcY~b)9R>< z+k%Y`mW06gmEb54FS+rvFqH$Bnv0-3CX?Gw>E)x?XZNJ39Bj01HttPiKaiV1L3C%2 zBu5#Mjl@dUp)PV#WwXz;&DDbp_JIPxpaCA zj~%4oH^6>;+K4#hs?T8RP2n&k38S|`4w`OCHpl5TZuv5Y-{tMw{_O%_N;{LpQ;IDw zusIJLtdg}+ z`$q%K>nw2RQB)&!X$BQJ7aZB77$C+?ad5;<0od%fX?qxh{`JAgJe#oAO<6LJAocmz z=j@mS8vOm@0$>9Z5@7|qWTg`W%bz-pdF>x($P#;o47x}&shp6W909M`yr0l5+)B63 zu3_a%yNpA4m<}3NbZD4aG>66Wk$hkgF%2S>2XV_E7EN_BlUXO#;!A6UD3lg4^FzD? zMGyL-=Rgei=VAuZgo zHtKM}n?|j1B2m}gExQ}EFa3pc0}z3@+=PWu1s?fRhR{|%R5eI{Fdy{q#MWukx6Z5n zRl-74tye$O_Sl*(|INs2aCi{pBw>D1K8_}U;@a@LwanV#R!GXzIuiR!-rgX2(dRmE zc`M`jHywJt>i#Lv3;^HwR>7OGMcxz(3K`hwz^c&5MC%h(Gl^cPt3h{PWMY%h?&Rc6 zQE5{U=@qAweY9U74hr>$tJNkzVX5f?q6xawxxLL}SzCp|cP!}7y{EOV4|wI{p2WPC%BFbLJ=t0z=(M>7s(F3u2h-to8ezDA!0i!LH+*TlsNFGkqzuQNx; z+F=@ESF;Bk0_qjq5^+6-y#ML{y7_d$dDViRXGRKQBr)H^p491YC zCK4;0dDZ8lg}!!;_@z&riFfl@}Ss;f&F7rded+J?h(Pa~ZuD%C4l*bI;@%@ir>ozL2;;DHp^;Gn<6 zl?~K@$GJJ(w8Zn7aDnn+kUMbH!+#3Q_G)&O6K{d;Pw$#G0z}pO8Z-7y0z~xPe@&Te zXl|4kj74$y^_E@Tan^QD>TKVJf9KJ(8GWR=y_cQ z@Bt+RM-a04sJyFa_h^2pxVRn?^na9pOJ@rcJ+zTa=kz1*bSVci4KbMe3}FS;+dMbv z4;ehsfBwRX^lNx9i2w$$hudhpP`>7r1T}l6MU+{TNeG}o-PfjW5DB#m%4`L9Q!&QK>7`IkDQ4zeUpbjrX|KYZrgXq%IWT1P*ozV)u3w*HOxAMX=IXp z3W~yGWQ!FX>_>|W7qTLoXUO-Xhek;&gq1{f?U?)Qmsobz{2Kxo!v|(_IMV0)UY38@ zU;1|E1%-JIsg14VQTi0!MsMI$#uAX1;UMstPrWzqd3Agm51=)8kvz`3h%Mpix!j!2 zY92`Yf6EupQZMyQm-`$29U%xuJ2}fG? z6z8@+7Ah`}4FXjEcizp4B7p`XIdRc^-LURTAF&MQQa`KzD&$8JSc+awctS>?^P>AE zr`IN#%F;a=FrmSy3_WcrwL(%0*V=3kG&M~qo01Ql zph9B(^R2xVc8SoOP31=XiXb|N()Z?m4sV#7jmE09c}nd@zb4+Ip#*CG)ctoyGDh$c zw?$jUSm{ZNc!OX{9_IEoy($sYlf6kA>9-+3PbwheUHPiI4A_9PE8*RgQ*-BZ}yoyf5Wux4PzSb2>@j|)CK>i?N+eQj+6n4vXw zN)!XmkBj;yReEX3FF|KfK6sN>+1LC-&h-Qtop!J*pWhxs;DK>XD=82Wfs58ey*vb1 zS6RC+E^^xsqSq8zlA7Yeope{jSqQm*JaIIj$1a$If;JN;o&VWFGR+#?YI06p&BT^V z(Dn1P+-f$yK_Qwx5%i>ING&t>>5*HzqaDC>SvS;H(m=d4`6m6^P%)58Jr9|Nr$?=MU(x^_9XOWUMCX78&yw{OHEo{oKBygw0L3?Qngs3 z>kvVZxa_wNtb_J=R(7W-2D=Zm)Cvy0wMl=kTV-t2vX|QGrhXN+82?dF-s}Z1`2To& ztDri?yj4l!QI`R;O_1aG+5*A7Tn#P;0f;T?hxEv4*&V)t2t9OHFd7ezSw=! zwR_j9?zdL|p66L_?T9sM%3Ps;77x;CskKdTZe|cied6z&9ZL?1&ck5o(C2L{{!P02 z*&q>i*PF}8JK31OlugV_INZ=G$9yhWCH@o|pcR$VcP7L49h4A6WQ7Aa;<>OPjTrB! z1e8o(uB~PLjW3fscKPPf+LcCh=ebjjviBTGAHJ%Fxs!lsp|6(RNpRTWmP>vx1>@CH zJ2%A;Xpvl%rgmCuY}^ee#la+J0y5)M)%0Df*pxhes+6Ib6`2Y91X=?Wn(U?t5~kaC zTk2p$XP-=iOBr6^n&EZo(7f6WAw(#WM%C;_E5PuvEm8hT7ZD3GFRW%d?mC@Dhfh+l4_@xU zRA-B;2=ULV`_T=cmP%Izj3L4gse|O0Gv~~qp@X(pcS-710;Wgc)j771L#Ly148NX8 z@k{8gjKIy>fJiYmv8!TKT};f$P?sqnvnzOfG|=?(ZGKgP=j{A3{6l{RS=#cpvwDxv z0Pr*yfCtS(e0MlpZppHsrCB|nXj#v~N{v$7J%NzPp{Tu%>b zUkZrNa$@RZ3$(fwU1ztav7CBP$`dX}AK80$9^x3Q)U8@HCN> z4c1?#HVCUKV|84?|c zz7|qcPgd9E@)0oxxADKq46H6AQcS-O(eV{$DJ;hfgw5oKY}rumQgZ2>1)CA`fLB3V zb~C<^-vOH2Ubi7Sw)c1N9I!*!ss6hN7PFWJ!46B8SV6Hpi@9V`jM?%e-dNj{PFM=@ zQFhp0GtW#j*SXx74KxR8&q#^E7?N6+5%20X?55QSO)kF-$?!<1gCM_0a`>>Tq+=zrn0|M}!X2A*>;c!PfKk=)sV3 zd6PPzet%)Z86Kxyc3ChF|25n(?v@MlUFS}F$hOM~)di+!C6H983X0>iKHVJ9HVfEV zUnQGR8Y;@7-w~l2MP&UdIpc&vMAE@Ag+`Mm?X4M|l9s(ly!51E3m6JH6I}wo0>}FX zs~oB(?O~V(OND~!gN#BUl1xGpgG@pLhcrUAqh{(9_gi^_4!40n=S58I)aM^jVX0XK z8?+aFcXD2YXK`R7g7|m8)Mxp5n6L|6eCeq#xxh`Avl!`Xi(FT76}s@ZXos64Yx;4-yn}7~uGIGYz%>5FizTmmVE!@BYFQH1 zX@Zz@9)x}vgycGwUZ8K4V(y?~X{QE(Wo}JS z<984L)1bfCC96>AfOsmn&Vqh{`+-kJ8|itgMVcJ5l(1bTVuiTGz;+WT(VT9_0CaK% zUJrlZw{o;$$nquaXv$6bOIoAKb68gV^QoEz`8KY=g{vhq!7t;JU;0e^S6x-d#DgT- zQ8pFfmYh%i+D!;zUN*=FhjZHCARRwJDzDYJ;XVb^`rr>|pv~lo9tGyde-5$8KhhIl zIp$A!?7A1=Sg;p#r`$x+n=LX=|CX*#5m-%EO5U%qS`CWW+~c!i&`B>*eaNxGq)_Jl zq?w!%+ckI=xJ;-hDo4@5+{A0Q@>k-$D_mz2D|H__U64-c?{c-oRlB?>O|WQc1Nk7@OxJ+YqYM8(oY*U zls@7j_=ym_=lX);*ECX-H3r4<3QIAr!Vl*v!$)<#(Fe_{)QqTTKHj6OfrLHbi?ygL zGygNQ(Og9i@;?JGJ&LF*q!-#di*r@7h1IiL8G zt4$8muyyop(u@z!OtSQpCn!xKtXb_uD|p}h=}7kU)6NoYuJe*GPX|AiuZ;Dea5_W& ziDXVoHhaE2t}9_~cQ+7EKsaW+cp#SBz(aOisernSC8sM$ZnD75i|A@zLfX*mc?*@$ z&fE&5SV`aDN|5P&S?~Ti^Huzx!d{cSYIk^k-Y*zd~nBlrh1&e zC8e>}Iz4!T$d|waQwI}udQs3=IhLD+xtbZ<-%4|4u0aiccFTcxLkNtX zy7P#K`tngYnuJbN)Zv115KFcZePIt)AG|};EVGZee;JHHb}CUdotur}xneCo+XgaV zxTH=9A@KHhsoZw&XPx#k%_`&N-+tx2pWy(WG57VBJKbo!MgQsH{&~c3APOWlS!};+ z7nJmmZQ$j!9}W$YsFiMjVs^}{fUOQ{1kEdVKX3YRDabE*0r7aHs*Q^tOgP|#4ws0j zu}_AfVUJdIFF0{Smle0mwvo#wiQ^QA>gnMHOY?#S$qoAVRgJ493|T%T!I`*OhNhTH zTULj26-*Yt6hk4HwYBOta@|%DB(_@B9fNICq-T}b|1hJN61{2m_d4HZ3@3<1kO{Fm zm1Oo7LZA&!?!C~pp?9rrN=w<-X6|=nVH~oFgX5z7!tVLJJg)iK-C*;}w#5SZP65+- zr*UnytY6wChpSe=>%D6F>{B3&FzJWR=@Tf1&F?0L5=}+QSA@+|?cKoj{r(NM2$h-_Q>y9( z^g@<5=%^~Ie2QamdSSiXL#PSl}MW3(^z zM9G0ALr%9tQa_FX)F)@+?g7PDm%l`Z*hzgq=z9e1fH6bK9AFaL$8LV{pyO#2_0{j1 zpo*4`3~}iSQ^2{2Z~3z$Bhrj3NR$6tm8;>3z@OXqTR(hk;e@(hQLeq!`yXWv8ALDy zJ$^H5H24@1K!d7HSfB(}&m@yOpOeXH&(qO&(lhb(Z4ZIXq&DIUKTAd-Ssh9!n7Rl* zS8vo#1xSP-D$5Ak-nirpDs8Xt?S5L;T-bUF&WqrWjChXLa)ZiTfS9(nCx$x6zS?a! zB$~w{cWr}^Uokllas(msg ztYg|@3%zI)sKLLzu7VB>ZZ}Y8aTC)nA+~Fq-!~0jZjH@n1SvkWTFaIN?YfpWBJD-e zg=f5go5Nrds(<*fEenD_cKdi=7Oz4dd@Mus6EAXlfaikuf1e$m*Unc%2S({vCl%N! zu3rpfy09|@2Z15f=cc)i7vpo$!$7g=NBhEu*97Ii8sMxQ7&B%hh1dzzpAw|tne-JT zx3+TWM~eAf_aat38io&E*I3MaB)@)(K4K3L|6rA|hN?tUxPWP7x!uwF?LM8FH8+Y> zwRkxudf~xA=(#ae;T5nwC!&0@iiti$U{`b)678VGCjZ9Nvt0A=GFGI;+f;Sc;{g7j zw91`I%doCrb9#j3{Aj7KQu;+H9Ey)e9y5&I`i7#uXNpJfQUwwGECty9yAtx)&`)5S z5GUNbTCZM(8QH^aYDx%(wuQsRA8vu;8bMd7vb%1MwEdcscFl`Uuxv^QU^`Zc1Oeo< z5m$)}W54o*EhPwprcW3=b=v1qpk;_T07;#4;A&Pg?QV z@fNIWdBUOnMKvO8d>o>3lh5cTAE&C};2f;u?OaQJ?B$Zlk90A?mB$wuHxf#%&D3Ra z-FvE?^yMBh7ZpWa8V$*R2&p1@dK@~Dg!nawpog#itB*Sma7RW-hZ=sRmnSXYzckq? z%zwP^C024=Cx$u<^Y!#nJ_$3g+hiioSX?DYO#f*MAkmei++2ShH@*SbzB~C z6_}H8XhWQ%RU5n&$aLv<5lwMtW+Q4Gbt*f%%+P{0jvE<-1l}GE1gl1yUrq56R^0*P zA|Ib_{9?osKG*8?rBDZbl}G=kWHK?fB!e1}%`+)GXGuA2NyjRS;~V=usgYB@cBlkf z^uPOpl~oQyAAE%I>w}cxbJd@Cv3%V41LB;98b|s&SEpR@`4mAIIz*y`S1`c3v=Z_W zFLb!_V2`N=xxi4VD$!Pd5Po+{fxri?nTjY&Y4K53dqsxslr1?u@3%xju2B__JEyov zj*)eZ9$H|LM4y&B@@?gJe~22FB%&)lb+pbF*?gNt{&g31-oDfRY(qo#QGNZCs{kPl z+LNW#s$uqb0#jJDm;%FM6fdBGc|#UL=y>hY!1wfgT%zj$R6s@OD9#J#aO7Ah5cFL_ zb_?+<{dX zD(5Qy&>b%JW)umT{WA#!VKX5g6XtuJpvaa4xpAD>oZej@olriVn38NAN><^&`PwEG zUR8Z4=T|oz?@cD<`KgRXqgk=q*}lqnN_*8_O*=~xc!@E&%jn|iOcCy+QVQ@JC<+l@ zPexK_bD1y}%}`EEQLqD2e?KQTQomMTI`fJl`cfX&5zh?3iH7cXb0J!}uQ~3;wPMPr zB3{v5s=m5$Wk*=NaItwBAxe;il1PeR)R4n%hJ3>t?}d;i(j~AdjO`nt zY(T}_V*VnlNA?A}3Hm(_u8Qmyd__u#=)18V#ccypX#Q=?WfU^N9EElkBKbAX2~m>4 z5NrA38WnZoQfFh9-7Q3B?23v}uY`yZQNp}t8U3*Gn=eJ)5gYt)c?H;n*Cc0Vjo`!( zQ*8dWtw{Nl5x3sxgict3`QdG9Ff!!J2TZ`z!B5nz#4tM2&J9dtzU9j2BY9@Q1bO4C zg76k*ysBT6-grdE3qf>MA@vfJ~#}FH8F0?f3Q`rX8uvSSvNv!oJiRC&?&E}K7 zK2I5}lkcNEepkk*O`aewO-2loPNElKA}7e7w$-FkX*CpQ>lW7wTvDFfQKz7z$&k0Z zC)1t4a1hZ}F!N|@BUvW0d1-?zH@+S~)YGKPEVdt3_waD4${lO?&wv9L z_lvy!cTjY7(rJsSvxUuzmpN?)9ek=3W%E@IIXv*8emiZfV4bONrOd}TPEkTUJFXjY z9ucUhH^~_(^f2e5{`KQB&1Ovyar-~f7%dOG$%AtPzz|_(A8(}Tbu0!*o4)?DM zcb{G&nVG-)8fO2U;|kr44~fI5aHlmbfDy>GYa$KXAlXcK+ZKb&#}d~dWvF{oX70R| zES$H6p-EBUKG?TOW*HRHFi?JKHh)knPisx>EqD6Hmpami$-fxnynLZ9Da&4xw@+Cv zc{PqfOuU^p0uYD)cIc|qGEe^=_(#_|O7XQNZa|%r#|E-It29^@8jMR5jtqa)U zDfnz9WAzY~$YLCd>h<_NXG+o&D|%I7#FTod0|eX{Ck3A!g{(CLs%h#wA9^cJ{PZw! zgviDir?EV3>ZTuOhcd!k=GG4Grl&y?t_0`0U63Ws3>}4lEKF&*LG0i4RECUx?LW!s!OQ5oRJU5K+{TxH{khyZMF%VBXDZ%3h*b0LqMb6r*CfE5pmTB4bbkQ?I; zYrS+KRuEoMrtRjCMWZUWyur9dQn=-P8zPwsUe(65#az#f-|5Dj#hf{&|5ziW>BERX z0dL&G@w$(MJE&@2_BBdd)<*qrqw|5Rx`MggvR($-oJ4fU4`YMqZ!_pnjjTVXbChUF zuY%>DO>F!gISO?`ppWa-lEZb`Dh8QS>Y{!`L$+T+FtTMA%TA>Zue0QuQ70PN;QCWAtnw z#MO;Bl0`DA#CdZmHskO8%+Mr$m4zmzP$FPWmKdc-xL-_9Y@v*z3Z>5c;BtB6myrv> ztf5rFmWNisYr(9ol7;O25OSLf5CPL_?pzKK^c0cI2KW?Mo9M8PAAyi_{8~qXyoFtg zN7~q`EsQ5vlUhyi*Z~2Iusf)d9~XR1+pqz?_|3+o*4!@7V1Qnk;0+JnGB^cH%K_w% z7|aGm?U(W`XMIk8hq@v5^3;`-Kc+2iBPlq#Lr)6jKUZWZ?1mU_k0X`^4(!}WJJGaY zSA%cyS!_mc14Fo*BBlOE9bI3+O+6qXOkEHmOuehY`9??lf(cEG@ncD-Qhs^H~j8>#dC2NI&EbN?;- z`cewHVjA^77@-vK{{th`zp980s+D2Z2utR(R5VSmHEXTCo!E+&Dxg^a?7rYl5=k5s zBw~zM;u(dg#tl{eU4mKAP(p65$jzG)yG zNk5gA+zsG$>Fp>jD+rukn$LN%i*4Gz(*9hK>zBUZRd*E!!u|nH$P}7A{~eB@7&HanMAx?mD|WL#j3(=jzAxlsb=sCA=w{*N&hPUf}b11S;Vkc2F6wp1rrp0+|?% zL)lRkT6ql&6GyEeb;e_ldz#kpC%Vx!n%6M1{!Iw-5glZ6Hnc)dFS(|ZXM0CmhG1;f zE`R=yqEeRuO)cywl8WHBt;203Tw|b4s&O$RzoGC(>Wy|GX?f%4TRn&nDp9LdjL?9H z5hVinc^YAM5j}nLjyfzjq%@EJoowvqiNPqnc2z#HzodyFL?6_P-T% z99j=d|2^OtsSTGNLY=c+NlT%1LWG(BL4;ZVM?@Hu|KEtP=+CdC;Z)ZN zWYMf;tD(v&Vjr}9d%0?}bYPAzWLio?=)oboQ7WwsvkJavD+GoVRZ_KXY@Yz|?~ zk!vM}xF3e~+ z_n0LJdX(saLCU@IM)U8B_Q}0gUtkmdSo}TmBlS@KkwyWT4}2xcygf+&dudkCuT{`! zWPypj@nvXD6wHVRncSYECP7T1Jy{O7A<(puO_s-q3C-em*(ImmFi(!tITAax3&xCv zlU|(&)FIYzGbdkN3F&FM!QnW`|0)VUup5wIg#V(1NRrkoW3+$CyQnRjWn))t)~fy~ zc#a`lAzX2U zPkd-0U9Z*I-|(prZ7f@n5;RkHVH~jH!j1y{J8`rqM6lq?NSNB`SdkIGXZcB^U+a}U zwUteSum^MGAU=9H+pS*=-GA0`ehwEs5wMA@Xo4&QpY`yOB|=E=wphmIG5{xa0CC zFUuoxL@-oAA@fV|c;Gc?Jx!6QDqT@0;YBFYM z>nyNjb7A19uw}D^y_)2rS}CK*8;1M(z4oB~fpe5wog&xxQK@5Q1n1%Ozb~PzZ`p~g zkV`n8#{V8TmE}&+$1Q-(eXRq6eRkQ^Ye>c{x z5%Ya@P1>O!tKjOvz8(rk){108+uypy4(Y9WcPqu(nknox8@uF$6{lpditiQqWBA>alyoCht zGOcjEzZtH%n7G&C?F@nW>N(i3J#{0YzrKr9qFrSbNa5*mi_1*C%4#lPZThzLXn@#$(9QoTT z=77Qo`jri_{P1|kL-JHNvfw#)C`?TzCy-*7^!xskfC42p^9GFz?M=8;{EypBkp2z#xg(~uj9F_PjOOMEkHHPs>0wNsh#THz2IsKv+j*SZ+^CSaG z=z4_&1|2u@%a=Jki}t6zocBXXTnBdh)d(?T&nG8M8^YEZIkoW%Xu2n9&m9CoPgC-X z&l$s~d;l+kB1ibvHOayP=N>>Dlg;xcU(ee{sY0Q^5&4FapO@hj4;hThkk%&Z0Fps` zjnl-6$6AtKi}Uz{=5#h}KCP8|=Nz`T4r7>b2+~c`{#aeI>QKSw zy%_d#V|is6&(^N@qqxrf%!@OE#@H3Dn1+!>>!vU0IRTH@s~2x=e0=Xz5G%wN^LLAB zi4S{XcT5`@K|cqbchc+RtjOyBq(ur4<+;17j-RV8x7A*l+6-P|W-KGHS=uPRM(pFt zc(uGOY^L+ce?Yqg`i~~{Us)D7eLer_iq-Xkvxf%T#}LF28V^ke;Rj$$f;;p+Jx@6A zPNj*}xwlb5Tgu^%O&F4!<#x#5xJXzTGfj=hu`HxS|V)1id$dI@n4*zhPN+a zG5jn#@itBibA5>hSux|g$lO~IWdij&$`?LsutcMHR)BZOvlub?23707ePdzzm~7J+ zI?UR7c-j{2O~(CbZ>2uhq;wNo8yXh`|IotTm^Vo)I7dGXWLK?}bD?L(@|BDO+4AKx z#2ripg@4D1@;NFQVW3?o_OP?V<_#Tqk^`aYl}o(Af*73*L(Z|I&=TVMxRSFRE-v7* zfSq92$ak~Av(&sNq&A~sTAmmB<+bIN_iVf|N}XoPge<#Ps_>p}ET8(+RQyeibUa2G zjFGZId(Q-4m!Cai-8i+Sktd|LD&HYAwbd%**S`rlaZ}5rxk{6g3l#(r;0eN6E7|hO zX8G&otE$zlpfOAPF;pSqo%alcEFIC^0zl5s!A9O?@277u=Chx9H=uCIKf-KxcF?`v zNotx1Np-|%{gY!w)+$u`51YFls>M8ErgWtt!{EH;1a8O0%ny*f-*%fk9Ju0Zka(V3 zF@wsn@{(%y-*0-v+F0(&CkEX^?`m)p!QhFNX=3^O;*aWC3(3JzLG^v?c8g=y!|e^>4Z~DZ z#O=5S%ZNge)F!q%hJA)IZJ*`j7z))I6UM_dzU|U))TJ%bN&Dn={_mJ@^O^cL>7S0 zZiM4Un`@i!U2b2!zl-Fi`R?ETGl|^^iQPfPiw8wy!45$Iua|DcjV?jTkDvEXXOfTI zsY*{kyYsK3(N&Td6vd6~Gr&U;l4tqlp(NG;;PZY+d3|})p*$HL?0pb4>N^3V%t*f}0N(|17-JA!3uKuCxI~)AYNc)c8zNoX`s$L+v||zJkx+DwtLvYEldz14mdv5i-+Pg7p)AU%^%Gw| zE39Ht82*Iw4Lz_Nd%8#)MAdyu1v6*1`MqlCcPwLg9X^Lrg9QBo6D0Y)7DajMeB)69 z(22C)O@f7cPEJ4spc(jI zxla+0o;~=KiKjJ%m!Npmvmxwc)+0QhbX@T_jNZP^7#H-cETQ3TUY2?b2P==_7OA}k zsf&Eek>v%`uh%`101Di~uf#Ba`JC1hdtM-@ZhvIf*`@FluQT{xh;DC+VA}2;IN?}v zzWep&0dwx_Phx?>GywU+)AC7P^8>{}zn6y0tI4OAr=aI@E)BNI?9x{!nsugPZlrGl z)R*MH-y6s}40&L#tAA7<)YCBW=Mq|-h_Er)XhTf5J}oQjv6r?+fKDWR{wg{LnK5Io z!x7^-Eojv)df-%;65W9u4sPTh^Mb{UxQID#Oc zyo@KveWK=e6fDZeeh(_;h!7F4Jnf7vHZC;$N7_=AMJbxsv?0aYecX3)lI??0IFUY9 zMm~SvaOeU{i!xKE!THb28M8p(t-@*I7dNn3NhS%ev+?@vj_+aaZRL@q)LzPeB!C}~ z$f)?|)Ma7L2wW>2G6yUQ2^95GW~j3bxghc`d~|o(Y}*k?&j7(&#D)Z6blt{Ofvszg zr(;#_<_Vc+XFl@97VzywJW$MdVew2Vppvf4d_|*r06D^(n(}oWDzy50Bn(<6VF(~dJ zkFF%z?sS3UxJpTSKl(Y2Zpi=FPmh@eopk7G5>*C~af%7>e3v%_ELgY^hp?c8xM!Xo zg)jJ<C1~`sQi{-NFx!)Iy<>!0Vn^^F0j#fFO0rbN? zE++pTB>vu{;ODen603b5I*&au3guJYI(WMAeVS<5D*7aS69a-n>oWeWa7?yU;ms!d z7)*KgNJ*3(QMxyh_qzg&8@kU-kSJfi0$==Dou zE!VDuHR73WLRX3odfDsuk00h)@CZ@h(*g634vIEozH+K6`7ck^RO!dFFh4E0<}zrB zF4n>`xg60nnhO<_uH7@(QkI5z{w0qPJgEE>MI=3zv9>Q9p_D8~A#z5jH_Mya~_%*qWXLeod| zyPL(nol@O*x|G~Mn$yoD7QePUao4qD$lNn^1Jd{kX8!O$%Qk?(NXnRv?P09TzjCst zu+u`$SDC$k=QcFuP106`{v3>VmtE`wqp)%^4f!pCintnQDPT5XO zBb}fXXztsz`Fz;*tgkcPUh!yxNl}PjX?3MjRFo{J(NLzzghF{%IkHdSL|2ud3S*R$ z`}nl%uYi@zYAyCMdDO~)&0d47@JvA`j}FI9|I_Wae&bjhntbVMS0LvXpMLqERc_Di z&~(7&dPj7Tx#@E9Cyw8xlA9kYbZDC#{Msv20KKq72UgTQ%@QF zRHGfs&E?QH+t**-CV-I^p^+7b*ybHN>_2qBk-fa_9qcvo1pZ|mP`4*DYi%_*laUyp zOC(_vKP@`InM7nkF)g%pDSMY?<~@b)^y;0w#j;xN<_V^5^W(HpL@^35p2!P*58Ku} ziwV6!+m5}lv+=|k_aNQh4_iSe& zc!Dw$^|qZz0g}6Ly09eu#^2Vw4J5Bif86!AT_d#OI5IQr=?{%M4$tU@%M=|axt4I) zzvkW`v>GIl*R{s+3TNx6Yy_`qFu9Ds3gOc4p|<*vz?{IaF2sqpj%NuVaR8Y;EJ900NC|8D4c!Z;jW4`q>h zlo(=^m@fRrP?*?I7z3o00-RXMLLDTWGIni!Xa?t3Qd%l~J?A>IV(Qhf_;6O$jWcbC zK4&4|j!I89K0CEHR`tt2S4@UhlQ3Bt8sut^lPFZ2$x*W}?XLXnM((r7H@E?^eJVm&FFBCU3swU8qs zTeO9V|L20w=dKlA3Zu2S=NyTqp!|Od>h&0q3U3F`snq=em;;q@ex@u*>ODiob%7{S zUtO5P15l;tkHxGpqJ$FgSCgn^l#AW`0k}e{zjO%7peA@#ko09UtR|>wPNtBhTYdIsaG1KO03r^p_C0D+XO@Wdp!kvdBsPPlUc*kPt<;QaH?6SpQ4q!dzWgp}s<7c&mngQkva>!UhZA!@#sBZ1)o)_>o! zt^B@S`%3P?$-s|p@I#8=*E?LCgRUpd)ydlLTRL>V&r`7aDrm2YAiLyvW0U?L9_AjnaT*|*ZalI4^^ zy!S7{H@KBRcS8ha1pc}jI`Kh%G433N*!8!Ym2!Z_3I zpqSclaA+bUj9^G@!ve}8*1sfCai#mRC3h@n@k&lq=d>YYY3T^0N(sQU;|*4*^7&fB zmXK=RCDhj*(PptVB%L1r{`Vkv+WPvi6A|NwtklPeVaD5oBZDkq? z=t5-o+*x$xx=0bV%GAX1wfl@)K5b8HCh`1aHneKXW=;zdl(LceWFJiVX>Ch>VM}Id zDr+L6U4=#XS`Q2kVg_KkP`;91sy;lUBRTE}T{uC0lSiC7z0Wn`J6p0%c-&{PqfB9i z^A}087KZ!#{|vZ)=LMrk+i3!mkd^9Zbnf(^4GMNjkEbF*I!cRZlbuXP47)|tikxl0 zBm&ni77Wv9Rg49f8u%;2wSMw!1Jj4(tfgqizo)w6a;0pvA&cyb7A~HX7%f$f z3O~~?=_`}i`uG~YiXgo=M%on5U%*Q0WJ-OeDwXMZpnqi;uE@ZH-GkQUkD+4|wslvvkqb$_q@n<0j)Vmp_~irwTV6TZfhwcc{w!4^{f!bQ=< z9Z>w|=#K0X64#wv!fI*sdi&H0FX&DqV6Du02SYN(HJ?+wVccmQyr@NE zwGX$UEO;3d*XQrzyb1(~(QhJOyuwt?6Ou~1rX@s$WHMsOv?8SJQ>f8+C&zDbgC^N{ zdPFywmyw9C)gvD{ zK55crldA;hFV(iwY129;JM~m2t;|=)^^#q?S(D(B^&)lCJlJ-P3>2wFTZy+*<^(2^ zdC|a%8fp!L&Suy(8_nX6j5(I{cnaFWnwp%(C6+sKk0OGS6tI+E{-Zi2St~i812dC3 zeA30iJ2C|9K+tT+bkkZ?g#omGN~ix+lFEF|g`*t7uh(KxTA9l%Sz{ypqV)io`xEx?i)tuVk=lQ_9(tLvpevX~nAH(#LtTn(MOUo2i-?zC$jj@k{y#yteS#;pU9+jR$Ynlfo_bKY@81BE$+F+H#Pyp|_K>VRbdr{x)oxs$mMS=R(B% z$)j`^)Qa6-2xvUkum8!#L~2WWsDfzWg{m1bT>(^eVL6yl) z*PoJh-OF0~xy8PyW#bLajk-iY?oL-Cxtcsnesn?d%)sr<#~N0@!Y@U zY#p3-UEdJuwQkA^TpO&2(ok3kubgG`1%gabyeCn9BY#bh!Lovh3co6vpH_c@ZijSk4u?5I;h2p~JxM333oIqV7(R|MAt-y+dlnHNq&${^=4(;xuHN-Z91Pof^7U0g1$Wgh< zW^OCz!_IM*r21Yi-weZ(smM*jna$|O%fw_2%3@7)g#8WDg()osZlR1zScI!!l`S&J z%lyz?lbZ>q6kmrK(Nb1KH=&CvcjQ&nsUHswS2mwJ z^HX~2sH-bq{e5h}i`sBj;r&}%L#&ItcOqtik~xqlcaK+SmC(%qD}H@&cX8*=#kM=4 z{9a!2BWG>+4^a;t@PJ{JBelR)qVh17BRA*gHb{0G|1XLMy(f&1+!ZQ|%WR7c_oUPG z9wj%I>?rmFxybh7b@hebXNYg@8TLb$%eCvS4zHt{QU|+XvlJ#mjSSOf^T{QrpLp+@ z(!8$Tvi_}i4sI(4O)j&g<(-0&W^LtX_x`I7b}6dqkwQ`naEI2H)(AYptQ!($9U0tVY3q=DEYn4%9+bzPbg9Rp&FT{oskDEE(|l;Y z8M_e`Z&i%y`7_|gFtupMTOpw4Y+o_>E&J9rv06@jv-7QUZxQq-n7=CT`PcP977x+n zsR_#mYYD3&I}X6cY;|a@QPk+BL{P!r{-i9{UN~?E`1CPYbIEMId9Af_AwVA+|L(kt zW+2;G&tXk9e$dx^ZG}k5Q_@(^uyOAz~6j<=47@zJDtP-1@31$i6NAWt!Gf5 z!34?f*R-*59NLg!8)>`*gB>AgdvS{W(Sa+_(EL36r#rM7Gw7|JoKLX%qb&(s8?h=_ z#Uj@eu!_j$y#jk)K*r{DqnwaJGQvcDG1C#np5gt0yY6N_O_ZWYWZa;CDT{bR;~V(~ zE)TacUgu&mRi82b!S>MW&8fR3aL8%1+5*y{ryp!j4LUz!fPc}-2!V3-t3LH3IG}4z zKa*SEE9azpF}&EyZE1=9@b_tVpARIJ<>4v<%0B}?^~b`&&G6P9MSpgL8%()cvWp_# zC!D+19^Vg%si~@SZ9`Qiqni;tdE}LK5e<%v^M2vKSnZZ0t*|E(J~nJ>%p0oOs~!)f zKB%NW(a9@m4OqD6Hes`epBnb>Jl_)EckzPC^)%%Kb*XeGheXzO zH7#5#4*gF|$CAMl3!Y}Fl=_~|KWeKxpmGTz-NM{HvdhQkFhqUDxe{jarVgn6y|u>ZH17G+R!b~ZVD#*9s9i!*vg4N zwmHoE6>ui$ugnA;YN+}0ZPkdxY-v>YU^9;z@~$M1xGQ^}fc!gq2vJ}#-%^u;L!KBd zI~6vpYiV)zhqylqGkm6W;iqs06UgJ%R6?Nr2gmnC+NaLf*<9b$E>I6e71HjJgl1)$ z#g8pAp{3sG@5-lLb#=bPoZ|2cA8^)6FbE9vXJDU`kvKnRqX}-pBvzRCGM6L#R zFp3oL9?myl8=oc3`%{g}GIu^$t4D897t*3&GBBJC>d?$5Tma>^$jk7n(p-r?rMi@L zpf%@x$KUkq0Rj6`+o8lco}F& zVOY9_krGTD4tlq~=lKurWMtha82y#yPQdH%Jp4twAc<_CnCYtz6Da)u{^x&xtxMf< zr3BXZj&%n`|LX_a;1TG-teWLurw|$qr4rGJ{juP88}nt#)XOJ z7X$?eR2UiROby`wrII(|4$7525EyVt37%!c;en z%>ZUSw8khe!6^)eu{_ni_G{dU(VqeMfj=AFX*MojUtL?L?=E(sfJA@5i%blmKo9M} z92=Sg%}gIUTm(%r?&CG&{rkf{7^mI{>Y4UpZh{yeqK4`$;B$uFm*z!-Mh|%$H!2pS zKjf{NcD!HF>+`;#s^pwqtHIsG_xusa%9@30n0L*BT7Xt%O&K|#A*q8NqJk19gDkL8IdQ?et61jzRem>lQ;~Pd{YIc0k z2N;|HCw2n(!E;|3Gyv3c4!UM1{{PB1)D*Z z`6SwMZv0tfFoL=l{de^cRw^5gDkT_BfKAdupiuEbO%MBJfA*71qv-# z_U9|&e587|Qx&qU$zl$HHiSOOAy0m&voseqhc=r+n)Fa+sj`aDB`0Lb3RO0RDA}RO z5;w&WdVznXctq5awNKxi&(#aQKPa$^;mNs3#Nt9rswb%_Ef=MeR4ejBk|~>5?;8X4 zRkP7FdoqvOUkp<>FBGNtQ(GURt>-Y|BpET^TfGGuaO{36{+#9AXE0|jxA<$y_F6D~ zP|5T`E2a<3OdqTT(}$HzAGTup(9HDVS}=W7$@G6wE2fXkOdqWU)6XlJe%^}d=Vqp# zuLaY`l}sPEV*1$3^zm9SeNxHvNh_vL%uJuG1=BAonSRlV=@(|EU#tbwFDsdT*^23x zW~N`R1=IU`)!xZoE4FpX2EMUaDdWlH8t2wuIDFp~@)ex2;?E+d%v^5q*Y-}?@_0U| zDTOQAcl{|A?GIO~Go?EzN%j5Z|l4p)bW-iyja|@4bc|1R_>JahapbGZhdTlizkKat%DUaK@I$bL@*5nPz|aVihGD*ly#C;d0Aay4u2F{L`?Q^DIqv zmLECbh5gFKoxMwVYZLujHg5-VhEiv$4Lk9o7l)6j&XK#c@!uIg93RY%2{0K zMo8d?X$hy(X&Y9K+pr>Pi}Hr`HrP*|277Wwvjy-M2H?d%3wxML>z%i55JvCfZII{j zUCP-Bt^M-W%4~nBJ-5J_FJ~7Jd@M?4P3~+qt*H)uyd>AKecL`)_iv|*M>f)9URKXK z&Cfz?U%frO+$l+*$a4D6ocCoNF)JQ+EUnIG?V&4=#bNuiD7`-be*WkG1CxihQ4VpD a+gR_;Zy!&p002{)ljgTI2BEhA0000_zk4$P diff --git a/Solutions/AtlassianJiraAudit/Package/mainTemplate.json b/Solutions/AtlassianJiraAudit/Package/mainTemplate.json index d9d10b70f6..0c8bb50c67 100644 --- a/Solutions/AtlassianJiraAudit/Package/mainTemplate.json +++ b/Solutions/AtlassianJiraAudit/Package/mainTemplate.json @@ -2879,16 +2879,6 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorCCPVersion')]", "parameters": { - "username": { - "defaultValue": "Enter username value", - "type": "string", - "minLength": 1 - }, - "password": { - "defaultValue": "-NA-", - "type": "securestring", - "minLength": 1 - }, "jiraorganizationurl": { "defaultValue": "Enter jiraorganizationurl value", "type": "string", diff --git a/Solutions/AtlassianJiraAudit/ReleaseNotes.md b/Solutions/AtlassianJiraAudit/ReleaseNotes.md index 4dad46a882..828e8ba880 100644 --- a/Solutions/AtlassianJiraAudit/ReleaseNotes.md +++ b/Solutions/AtlassianJiraAudit/ReleaseNotes.md @@ -1,5 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|---------------------------------------------------------------------------| +| 3.0.3 | 08-07-2024 | Updated parameters for CCP data connector | | 3.0.2 | 22-05-2024 | Added new CCP **Data Connector** to the Solution | 3.0.1 | 16-04-2024 | Added Deploy to Azure Goverment button for Government portal in **Dataconnector** | | 3.0.0 | 06-11-2023 | Modified text as there is rebranding from Azure Active Directory to Microsoft Entra ID. |