From 58adaf4d7fca00ebe99e9082758c3be44658a098 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Fri, 6 Oct 2023 15:54:30 +0530
Subject: [PATCH] updated hunting query description and added Release Notes

---
 ...o Alto - potential beaconing detected.yaml |    8 +-
 Solutions/PaloAlto-PAN-OS/Package/3.0.0.zip   |  Bin 80685 -> 78187 bytes
 .../Package/createUiDefinition.json           |    5 +-
 .../PaloAlto-PAN-OS/Package/mainTemplate.json | 7648 ++++++++---------
 .../azuredeploy.json                          |    2 +-
 .../PaloAlto-PAN-OS-BlockIP/azuredeploy.json  |    2 +-
 .../azuredeploy.json                          |    4 +-
 .../PaloAlto-PAN-OS-BlockURL/azuredeploy.json |    2 +-
 .../azuredeploy.json                          |    2 +-
 .../azuredeploy.json                          |    2 +-
 .../azuredeploy.json                          |    2 +-
 Solutions/PaloAlto-PAN-OS/Playbooks/readme.md |    4 +-
 Solutions/PaloAlto-PAN-OS/ReleaseNotes.md     |    4 +-
 13 files changed, 3635 insertions(+), 4050 deletions(-)

diff --git a/Solutions/PaloAlto-PAN-OS/Hunting Queries/Palo Alto - potential beaconing detected.yaml b/Solutions/PaloAlto-PAN-OS/Hunting Queries/Palo Alto - potential beaconing detected.yaml
index 901c1fe01e..43c38c9b1f 100644
--- a/Solutions/PaloAlto-PAN-OS/Hunting Queries/Palo Alto - potential beaconing detected.yaml	
+++ b/Solutions/PaloAlto-PAN-OS/Hunting Queries/Palo Alto - potential beaconing detected.yaml	
@@ -1,12 +1,8 @@
 id: 2f8522fc-7807-4f0a-b53d-458296edab8d
 name: Palo Alto - potential beaconing detected
 description: |
-  'Identifies beaconing patterns from Palo Alto Network traffic logs based on recurrent timedelta patterns.
-  The query leverages various KQL functions to calculate time deltas and then compares it with total events observed in a day to find percentage of beaconing.
-  This outbound beaconing pattern to untrusted public networks should be investigated for any malware callbacks or data exfiltration attempts.
-  Reference Blog:
-  http://www.austintaylor.io/detect/beaconing/intrusion/detection/system/command/control/flare/elastic/stack/2017/06/10/detect-beaconing-with-flare-elasticsearch-and-intrusion-detection-systems/
-  https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/detect-network-beaconing-via-intra-request-time-delta-patterns/ba-p/779586'
+  'Identifies beaconing patterns from PAN traffic logs based on recurrent timedelta patterns.
+   Reference Blog:https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/detect-network-beaconing-via-intra-request-time-delta-patterns/ba-p/779586'
 severity: Low
 status: Available
 requiredDataConnectors:
diff --git a/Solutions/PaloAlto-PAN-OS/Package/3.0.0.zip b/Solutions/PaloAlto-PAN-OS/Package/3.0.0.zip
index 702b766b67f72e5c4134ae9d527d524cab9dca30..1de0c23c30c11bcd23d5b7ec0ab394cc23b0bfa8 100644
GIT binary patch
literal 78187
zcmV({K+?ZZO9KQH000080O)x}SA){P7Ag+_05&}U02crN0Aq4xVRU6xX+&jaX>MtB
zX>V>WYIARH-CO-`8#faF|A2c3LOsAzpw-%G(zM3q3Z0!aM$^QNodyRhD5zaZ%kyfv
zCAm`6UVwX+d$fC!n;CMyq;(v}cIs<dBwCU?91iE>H$(1kfBq9=y}y_!5eweiXT8MQ
z-0X*;YZ)zg#^+)oGCShG7FvuVweWo=+#T(W?gzORODR_2ffn3~*GGq9CNpWJ%0@pF
zsg*x1M*lP_`=U3bxe}hmsn9sr4>HoqsF@v&iFSj6AG{RW03jUQn#_0ST=RvnFbGEc
zhE32Isca_abptd>^G5#4bqtL&o*FT%dZygS$TSB-V=PRhWp4e<f0c_lGdg-asidR%
zYBZNNDW-)H8fLU8A(RcR#QhzdK%>k=8iKHZ$?!y_1rjykF;CSvwJJCszX)EQgsGY<
zY798G;^QdK=93;<$=D_^^P`9PJ9tcloF}$={@Wy*WcTj9P*&{UyT^`G!Hr;A%!FoE
zF`EcBQ)#MJGMlrhm?<ro%#7t}iY?f0JX8B@qS+*4|NZxW*eeoptDBv@5{^1fX5RKo
zQ8+PNymqUFxLg39IME(0;z7;JX(E8>1z!XI?Cd;KtBgrwiY5>I95mI0#?M*uY-qF_
zJYc!dmV;*Ex=}RJu#%r4%eN)B*cR9b#SILxGvuG)0@w>-S4y87)_*FsSi!(S&Dd(S
z8s#t)cQx|^NmTwJFd{0nv}<U1XM?%OgyzUmFe`~wOu|lTR+$Vd1<W|^uVHIdAmgwM
znXVbAWF{hut(tW(Tk^_4)eI<^O*%*qksxV8%uO;?U_oZcBC=8z6~?Ls%no9OR<LR&
z7r9nT6xdQ2E9bP55$qs{dM=@jm|S?7q9Vh;Fa<HG^qgm4rTET{VO~H@y2cGGMaER_
zg~cMC^Qlb1>45gQ`6|5ydsiq9+<OE2%-2(;KmsstBGMc<V7!2pz?x#%|AmO9=iAxV
z>ns*JU8CC65;_%8k|~fKOvu0m#9)0+H=0vheh%H7#Ud9#C5wRPY{MvRgOZb?Q47J;
z499^+R`23W0`>{?(;EYDes=8qVZ#*2lP)UHO8&aYbER#ViaAe1??MA?P06+MGyv-a
z0~#>Ubl6)^v;}RC76x26$taG=r}Gq^=D5AE6c|@+0(3;mShG)Z<0E!926eUpcvuiD
zED*ZW6m$|_>>oUN%3w=1J6Rj(YnV)|BD29it*Nr^(Cc;pT??=jvBYV>IA9A0ZqE+6
z<?O%>Q`(?w+#9lc_uha;(e7i*eQX&6-)k!)_Nqt)H9x@SX9dnRXFnD~OHmI$a7s@u
zjy;D>i`Y2N&Bk0b^tjYCY<Yxyojn&^XHNh5R28<v<hFbot-W0Ofc=YYQ>nb_hhMI|
zB1m}98#dydDW=VU*9e8s2?W6EB5@2RC}S6D&zd7xGmyV5)xrEwA&0P<xjE}aFY@%r
z`34h`tIByKOqiFmhvaZ*w?06vMS^zW1A}QFY2*w&X|Fl(ZT;}RDY8^Wyi;5NM|ceC
zx7mTnN5){th$x=P7`3Y;GGr^k<^t@@vY7_`LKlG+!@YKbhb~3Y;_iKGQN5)!a+-<~
z<y^pexuM@_RpeXzQ#5(<P8!sI=(W0N5-NZCA0^=$M^&oP1XLNIG+Z~V@%i{owUj1T
zcAbkhCalzYG}eo8F2TmER%!b!rP5Q0tLTyIoyio@Ae*jhiGiz6xMc#@gq{qA`^w9J
zkq{uHpkoqoi#E6!=kk#H*_@)D?x!M~+oazTVt+8g6%K~GgSWl5sDA<IVY`$hQHVx+
z-#s~PYbIb?o6w9fKd48)X`C>TjE6f7Yxr0L`j+Q1@M!w+{oVV!!S2_=?%obC+_k$E
zOI^FT`p6ADApbl%)G9v&9M&40@~KF1c(*n{n2toE(%2;mC$v8hNiUdsLknV<F-DxY
zl8A6{-&K}2RHC5~=87s|tOg)q&DNfh;fVMrp2C*X1}=EscM92e=F#728^F$Bw8Y^<
z=En`#<G)o{rEk@9ps0Nx?EC-$nQQCRzX1&BODh&c2a+Qr`d*86ew#R%PkQ^4-p-KW
zFnVjqb|$^yq(_`|_rBi&(r-8P6m=UwWW4Poni8vBQge`3w6~@AfaD;*)Ony+jjA}?
ztxX$&zcpx@@>rZoOWb^Lq;RlkE7EN`^lr}f08G8JTk+;X`#6Qse}_<TzV(XAUDVtP
zB}fkEC>6d+5qzp*NTZQ0R`EsY!$#UQV*da@9`TH#&qgP6{GE8X4N=lj1bZPI-jRw_
z1~y{j8R+aqx#p0$Bpp!{LSB(^P!gAuZEy{qyavnjLdHCc2>LpFQG;#7w4+{IPVbwK
z?O^$Fdl>-h=l5@WFL9Etj;3aBp+3(fiiJex{J|E^Au6zey+&>4;~_Ru4ob?Kgx|Lt
z+QP0MDhPFXRM|pm?KrXB4Z-obAJO*4kmP_T25l(=_(7#`sE8N9!d?y;O#8h<$lIGC
z@?wwD&EZvjNyXXc_abJ?i<Hdt&7jJcF@>K)d@56T<8pYEs-?wRy)IKdNc_-Jw;aW#
z?g5&$g~Yn-DH*v%!><KT=6K73znaP4j8WSHT$+SrAJ~@gGe9>^CVn;3zLGfiK3<Y1
zt~jvuLM4#8j)kRzx(?hJdy%=}pDtl<vD;~OH1z5kK(Bp33mjQ*g5R}l3Zo)yA-J(b
zK-*F<ziDU@WN@`G%2FYvJ(M#3N_M09Y$hWj#X+)5S03|4s>-4wrL{;Qw=q~rY>=g>
zLX|<AVDiJL&_abX$UQ)(W@}~&lgmh|!Z2*X31~i|h|5l7j#HK}BPEq~0nBQV#V{PD
zNkueGuhO)hcUKULHNtoT^cyRGBhwgHPs1Ec_9ZK`=@IbH`^~0}hPTbftEu@FFv1no
z+?Q+FDQ&=wEBpOBqU;;HT9tk)rQJ~MraCs13utS2hb;uhD*voV>sqnQT!9b+#&lgN
zeTAN;FsBfir;U}^JWr)7&-l8ml?$<DJqs%FN{e;(H60uP3)q~lxQ6U$S)^Ffr{eV5
z(OF6j=7QxNzk+LPYW?t$SgWclbz`k@XZNRKt<K5V^{`eqhgZc~6=!z=YqgIBO4gVz
zFfkH~oLuy!z{wxZG?J<oC3A}as+Q&-9zeyyVs_-6Mc|IYzI}5#T0}p~`0=sQc&1XV
z^k+IR__=w!eTjWvL;SY`xLgEc;IK1p@le4Ps$XY?DR|0`j`4s9noUPp{!_zLwW8lG
zOdUC#gAwRbQ4}4bV5>w%34=($GG!SUJ}OWImJ84c!VR7=x{4(!6!`<=PApRh4jRlf
z_ISz_+uRxO;S*{+9=~8u3#{le6M?mBsV3P6w0Ydt<{7;jl&=PK_ARnVd{G`w`|@>Q
zRe<RN&s4Tv_#@iDAOep>;Cz;dgXtPaK;#277<d2|%u+s|yUx72-cX)|SBKo!j(}IP
zkekG6b#8m`@~5N2VDB5mp@JpcB;adfgb;X|%59X~f@%DI2(Doo+$|47%XZ1|31S?F
zvB*q#wq{R3LeEe@c`;3;NnDu#16hYSy}2D_R;28yfUyDNXfb#yGDZ6U!)jc&XzP4+
zzhVl2E5w73aQ9)j_aIcc$XsO$f@l!od5ZVvfyAj&IY(OvKd)+jd4sB1d#r%v3NI)@
z=mMaN<xRr9<a63597N%|O8MnoP|A9pIky0rGVi9hldCdMrkgPCwgPxmjf$gDcM<o;
zA_WC5DUIAEAaIU)T{&vQmgq(S+JFD!b2ck7+8#=m!Qn>*;y0qjh?vWhLFY5d^SO3u
zgv+-Tz=ty3R#Wt}&O|sE5@i`Pa4mSD34FIjET?Amg3BBQa%{-6VceD|kV27JNJFqf
zM@ATxSr<UlL=|c5E|`?}czonR<MpWxE-IZuu4C{P2-&xIhbg$fl7llXa>~zMm4Su9
z4$t>pjPlmX3p{AHe4Q#ik}7mc8CEQZlK2FQVHG1ovj)Z&A>RK0A!4x_4~9dCH4xt*
ztpk!#2mm=c2aDf(6z+Z%?(O>bgNk&3vJU8_z`tYwFh&W4u{fya4XSwqH?IlnD2umu
zkc}b(AG6_l?8C5X2+F7%kRS4_lySCZX(>6)%<I?-8WWJl1f}|gQ}`V|di2f1ufO`d
z?&-m;xhF%%gjflH6@v2PO}2ObH{M+Wgu^ow(T#hn2Y10+aeqoZt0i#aPNR>G4eRgi
zj^5#a>>1v$8o1-@gfGFNXbJcVk>TDhUE5NGHM3x@c_gp|Vk11v)=O6!6W04dNVTi+
zhiK)Qvs;{xQ0pY~l{9iZ8JqORbxGt{E2|=vvd7Si{woEIp7by(6D*eQ-k;c*IZ_3T
zjGdPwnn%sIyC!H*q$1B0GujeaLE|KA3hhF*!L{aEO)0mw=o*@i$?R7U0<Vk$i*tdI
zp!@FT_Xj6q4VsgRLt(j0zlD_Ve7v_i-=#kX>Fede_<Qv4wWGKRvZox#Ufba7hmR~4
zB?aAu`^8;_>#i7W+?Q(&YFBPPH1ewTn>J^6uZZLMW1hiFi#NK+{H@Q8H|g*VnkWeS
zs>6kq9CrOu&W2$BsP!Db%v&hNGz7T5oq|lj5;;!-EzLQ3x|_=_TfE<e;8>mqls6s_
zRj(2SW<m?6^2&_x5~6jk=NM`rDmXvyfVKy<ScP%tO(ju+$efH!VVvTS$X<wzA!Z!F
z?0EH#6?yE=56I@r>-4#T@!n#mC<N+maPF_CHw}F4FL@ixJIYHq)lL14`!N0O6#E!2
zdf^3nc8V3>!L>ugl~w#ED=MEoZEY>&F6jG(sq6T~rzNXwBLllL*~|ZdEz}Pm374ub
zOuCWMacB3Zo~?CG#;$j^*3IEnv0260U4dogvg*UM`V*jq{}9GqY%KMOz0_E=^%adF
z8@tbhsJa0m<&`iw@FQ6N<mLF)p#Bo(a-iox9^Fo!(kDKtT7xAQ_^DCN=xN2MuZ}ht
zpe?)Taup<A>oQrYE?T;S1ou5>Tz_WJ1tDD}m%eFa&x+{{oDJ66@JGdx)!CpXwTP?3
z!E))hcRbkTqTG+_g0(7aUbHW**Vp)i#>XtZGk`M2_CN9NI;a@lIRDi9>q7_|JT>JT
z*f=bwU)3{jTy&?)>g5_*7u9>Mm6Z?u){u%Wjp>-J{6d0c3V*@>{{v7<0|XQR000O8
z&viyuI~FJ*Lm>eG!G{R|5dZ)HZDDC{RAp^&Y+-a|E^2dcZtPucbK^FW{(e>WA5h+_
zwVe|6{yJ4jony~rT(M`Ik(0SAk81*vki<1bDkNn^$<BY@21rmK34o;hrb<RzJF!Th
z(cO5SMgs(>KmYr`5IXpuz?_o>K6r%==3%%DUNsugmHGm^ct#e)4eR)il~3xXw}|fr
zjdrs&GMZhZ*=ks1>3ADj?wTx?4h~8EUxDZT<DkYGFg-Vfd%qArusxTy)2cV=|Kj@#
z5@HL7RD(b11-OJ);oS3S(M#L(y}+A>$Uwnrx%B+-e;523RVWg|npsd40$OYAIjayF
zLt(5CntDFE!j5<1gr0GA^3HfaKA;u9L^>?7k3kPmQP9HiOdLik$Cuz@xLFd~L=gJ6
zJL9cWGi>*QxU+B$cU#-b7MbFe6aIpo6{~mSlfYZ~Ci%hlR?DN~I&bAxl$CQyEGsa5
zdl~C=@Xia-Dj-%3O;#at39*QULJuu*5FqR?j4-?d4+J6l^&)P>7|*?xV;NA@_?{SV
zv2U3kRQt7#&_{x7HwX!~s8kfr3Ho*I`FFt*o5bL1{)*Of+nggiKo;@sduVd%dka?l
z;shlX4!GW5qCdXye#(n1=ijU&E4%9kfCvp99eyA)h7Auz$VCB%3-6l%82~pzQ9-do
z?c>VAWrvvbufy6FHAjd1{^9ZQZL#eslQov9(N@ajkGwtPf})HB7v2n=xY*f*wi!TQ
z5}%+g$;QAS+a(U|-hhOwrPh>*=iRjoDtfmrq=ZD2k;uCz{=H4s#e6Df_&aVcg(X+D
z(3bY2*z%5qR3N&Z`viy2YZ3iV9MbNwZ{vwW#E1rw+jf{a+EDsADR+}dIXYw)507uR
z#W-)?MP56|2H0FdVGQVOM*t|n3!Gc@9vf|f7>d!@WALvAFKR5IH4LpSvFio-wjxoY
z0oyyG6)XGHbEo#~+-iw7#Jwm8&J+|S3%5kkv{&JV3-QA9PorV5uo+Dyu}MWSW%FDF
z`5j8qPWTYVx^wHu-~M@+#De<!CGlBE!_GO>n9akWkp!^du!h9&m)wB(S3`o7F)>%Z
z9c~g4DXpj&!6=pSEU3yoROA|+Pk6dAUJ{dHxFrq~3hQcz4UKV!wW8XFWg3UIm23aD
zB2iE|D(8S>l@&3mnDVU@tJ2cqJnYK%td*HSD%Ll|cO<2VNS0c!Ni{#L9a`og`vXM=
zj3WbL8OrLc>Y1oZB&C$$QG2TH<;G_mG+)tZG5cvn{EgZ_VktAlv?lHiuxU<>POm#O
zx}-BS@UY)9Mx*|4V2*mjX>YW3vs#V_OL?h7h1Og^d2R+6lCd$tK4j=wUa8tvH2xyQ
znE$3DhSGvmXpoe85Z>p%?Tq)gf+~5qtIWxvU54ahu(vtb+j_9Ga_#A`*KSWuV=!zE
zjPA6FjY+R#8QtEnJ?aw+Pli?j*xRMR-d2OX{nTJ@mj-)#Pr=@<0`~UagS}l2>{+XM
z>YI-0Z6T`j65ByUOt{|1GmVcth0a#f2i{aBM2ly@mv8(~ru~Zq*!4t*IjQC;yvZGV
zQ(%4Cc&5!Z^~`yCp=EtCpVg(G5{(~YC|FN+W(UVwo*6QS<yeu0yq*zp=x^y5(Uwd>
zqUoxJ7P=5!nHKF*w0M?KT#**JFf8}3mKLdjP>IrAV)*l*R2I9lFwD3K$7@a>Rt`~T
z<YK90q+sQSBS^rfgQn4M^`=G_4@SnQ-)<TGX@6+;n$u3dH{H5aEl2DZd8tE%*7|`V
zhrAPq_#v&wL7kz5s&Pf@FEV0aUq=n41u1$+N<AnJV}ECaC+nV6mpsf>_T->0!*Vg)
z<G|dhxAbt2a`Fl3l4*Zn;86$QZVj<98n&=89JYExb28}QiB$miTo{s<Qo~&r@E-^6
z?b2|6mXTlwxaUR#9o%;b=+6vyS!9=Cxft%9{1jB$A}cp-PDr~q!bYcyO`|*N_6>|%
zJ;TK9NvqYfdQ&nffP1GD+&gNxcb**Xozigc>?zzkRp8#)f4Fzb!98oXq)4|U+*!Ha
zWYC`W+5>}hrhQ0enoVOgY7UJd=}rl0buBz9N@lvH;NDfkz5C>F@0NypcTeHotpfM%
z{=>an4(?gA`AqS1^jz;V%-_S$Cs*g6Pgg<cEl&Ajyf~{YESvbWbd3z)%hnSqz=8LA
zu?#mSzK=IdD&4Mfba-<s7KL(~{6bSRcmFgsy(p{H)_l1f(a?MenVv5)L2$GWvt){=
z`NT_PxwOl~z}fxT)P*;*&6DLa$U-MaE15|-N@bx_K&St^yeP{iRZ%6GG_rMEQdHCM
zqg}|4_D%-L#c1i#E<=xJnNU=uM{Y8qqQ@>1iI<^=Y(9}ij)ETXE)wGh5{@@PNEYYr
z)DtlzFOZ{xQjUxO(!v_pcM4(Osi3mFvKH(enR5Ec4C_v|Qag3Lbs+B?v4IkFdX@>x
z(y2tJ++;;Xr(Gs0OJ`>~UBzmYppR^Rl0{&~%87&ByCCj<C~K0V!wE=;{yEeWEqVxW
zb$W88K&?<fN3^t@0-|jTYlz0@S8AelE2u25tR-4kPBh&#sv6O{rHJ+{Q>BVT%T1G1
zMB8PG^gKk9&5W`LEFPzR{%~;$eKqs^jb^aQmeLVPBC&u?nHm~O^$ID~t7?H<f|gf3
zIj?$;#;aZ_UiJ2nSG}^l>g_GBdd0lTTA9V$_l{@Yol6HKeoM(9p{|ZLaWM^7`h{HS
zmr_t(O-qozoFM&2BS^m#LHc`0kbYT$^!Jt^{bGV-t(1ZcLb4Ko^q!s~aqU8mKsgOb
z28ARUl+#gOPs@^loF#)tW67WtO9p$$l0jLP4EB~KgJPCstyH1Rc<qMZ?`z+l&4{nV
zW2R&wgYuHg@F`tO!>(Z=yN0`1BbTD(+EC85;iGYFSc+@IJ>=T3EZ2s6%e7%K*RobB
z(w>r3%M~n2=XM}kwvvWtqe7mIb}&UQL`$=goMxj(quHnw%|?4jvr$=^jrNviqhgxn
ztmF-5t=z%LV0R<O@s+%hxw1%hH?}S|j@lL<Sxt^#gFQEq&H0nK`g0)(s)EMS_wH>A
z+G@n^O7<>rhk{hRv}1Ls>~^!=iC$`8EPawWkQ|>4Rv$IYJ%JVYi&C!>IJl8AAvqDB
zu4s`ZajoFJyLAh@{_<xzIS#RThiAESI3gO3w};|yx0XQ{fnuR89#W1?P91*E#9Bn%
zj!f=%w6??f_Eit}QGcS;31cR8fo+#}Qo2F(^zXq)8j77Jz)p#%?E~c7jF4@AQA56@
zZzkd-_aq$SpFh)IMaUP$Z+-L^K~ds_ub@DVo-L!<k<v4%@_;yzKAJ3%y(@(i0e7~`
zg7pu?CBAL`d@d=YB1KXl0shbNv2%GjC~4=;z>BBYr7E&|kij_ew;BZK=#A}@HFlh1
zMdjsc;@H7_oA9LtC~66ezr_BX<*k{Qujd3wl$gdk2tfe8LB@kN-ip52gW$k+HvBfd
z>dWLf-Ykg1M*^4R9T+t#hk^{kO)#H$*tdcjGU>x4f=u=#92$k5f~(lIkiDQtqAyXo
zhaAS9F&Na*_1q57%!X@Bw}t1k_pDGD!hfL&rkm%_uxtMjK_@_N{0<30ZV(j=VtOHu
zqZ*lbi6^#WQ^?d6?w$E~Ij869Y#H<UM~Wi)p)aWbyz&=4TzesQqA2VWlhC)o$lGOg
z9Wo;k?8~BoRh!^|P>tCZtxxW$w^(>Ck1mktescdEzrW-RVu4A1fkpra-+qfeNgDce
zkS!l)PiT$<T7!)&wA6uIqc5_{w{mX>7~(&9fV(r}-w7a{LRI6f-(J8|pIlLef1|+j
zLp0f-YkNUhgaf8nDt9VODeaT%w;x`gTqA6T_C1)n=dOwBoW#mT@*@jq>2%pjZmfXH
zI2bYwPQiXaC*BF2e26^{;?a^=5mD8Ba38-XN6{85^Mc(ItQHFxB>y1j0tX>9{2>l&
z=v%bFzaOQ#;y7Cy;`6`gC?og->SZN;hw#ih>NKrmMPEY4J-m}?P`-x#*{NfBzL)C<
zbi`9|#i-A!J76(=%?CI6C8D>wXK5dn>dvScJ8(TZrwBK!xT@2t^bNkpwi6B28&%Fm
zM~@JPE82f8g{u$j;4034U!f^>0wOCXkFW=jHZ1Ibrqqi3l9l4qgsV6?)=^i9rzn}_
z^-E{uYJ{cLKeGe6U~&!9U@G3HZ?2;W)0)OMBoss#`qL-BtsrZ(6d4j1AL|>-<_XV7
zuAH`VV0z06#kodTWqKs3gJ~ue`YWOl4F#DKN|m&TLz1HEl2V|v8%pty4U9%Ghn}>4
zB%23eL_`L}m`EtP1F5MOtg$xJ&_Oq261^GG^2`;T=|>qjNO1`E-6*@q6K@p?BB<os
zBfh8rHG}#hv6!wUuvLZVUjw3~4bzzhT|WSA;3g!`p|OUEBTR4p;Y~tpyT*3DX<G(h
z-heiacS3fdGoJy}*o>39T@fh1AstN>Q4wZj&^Xg$9FpZuqh}^T1ptS1ib_M0$>!Y9
zztMX#ZFluMVjWANV|tF0Oj4tP61~2sH{SpNaEOjhU%xp<<4pi_0JI=MKo{GXTtLVg
z=A~5Xf{Mz|V(WBB{0_bILKrlm9EfB1rE@p-VoR!`&)$ehXTtDhLJ-VtDJ5)|m5ttb
z3E$Vn2mnXIuv*|k`q3jIS%7HOTVM)v4^T6neB;=I3vAB8MjamW-BKhi@=@NAk#p#q
zQ6b}?ZUI95z5#EAYeL-2<eV>kvQCo73hAN%Z_vapb-EV|p|3Xdp*x9tZ~LB0qf8B*
z(BMFo_MmA{-SJiyO!hTo(Kw~F@7sujm>LWy<XEMOxB`}U>IqTy)<>670JPm1I$;dq
zeo6OIo>fWzK`^$15c(um5i)Yh8GnQ5J1<kbNyx<4VPyTzQBT)$vR;V)3fSdD8Z^wB
z>b1J)`t&O1V5^QU@g49f(ik(wLjrqG(A6fKdv0PXH)R!2H&7d<9$ns|-{^ae!Gu?6
z8Pzf3_3pTlb{+jcU1nMZVI&&heoxcf)UbCHtSs+1+n#m+Ne9UScGHg*W%MI`>$0}O
z6e#%7W-m}JXgscvj9KTJ1*%kyE8m9s!Ul##4Y~M7p691OFe{o6_A=EED_7o^6n(ZZ
zTHxi<+2kqrs*DNAO#6U#F<Q?^h>Z8hB-77v6U47CH;AVrK3>;n;L_CuLK}ZaB+E)z
z$cg?nI2jrXnBoz?k$Rb9&;T_X*%to!Po_YO(p>w0Hou@hTVD#DtczpOCs~d-^_CmD
z%zeQeuCJ!dCFn;n4W}PvJv9`>fEov}cqorD03OAnCkt{Z4_+-hO+uw)6&(KN0Wq6o
zKng%HIE@mKGEoxU+n8ZjG?E3UA3Q4H#?-0u?uR!YSr#4;*P;}mtrMCI1@&zXjqh-M
z0n>rF@#Iy&@v?bf&^#aJ>_V&Cwy4BY(dRk2IIxX?X`e_oVh4dr$B2=1EAVFP+}P&r
z7*<Ml;t>!X(9{XFYp7F0=G^lj-(W6}qkJtMzGwttUKV4rbiA0YAnSL)O~EVb4!|IE
zS}67q@E)WKeT=^O=KJy4H{Y;cg8_w&doT^yG?tY9+eZ(<_TBGSXE6S;hZ^P_yR&FW
z4q@6AJ;QLJkr4UtH<X7GKIHsh5e%sw!uOtSv6QIBTG>_wT_86imdzgUfE>t+=pz>F
zZUiCGSQ<4xfu6r(0;pxNNfR=q^D?SD^@tt8@#bPXW&1AIPk@p#OI``L!A);s4ym3q
z!3B{MPet`N3UJV;S=g~Hn)5P9iR-}(8!-EJ(M9S7@pO7JC*~cpr`)T2IVE1!++r@j
zY8XF2XPL=4bP<NWr5R8(LvA;r)7(`EVP*wHjuJtx6n)cv2%WhIqPYqWJ=<)IN<GhL
z<$7VFSq=G;0e5RM_XcZ<Iq=nU<Y}yphh%Bm$yeC~O+N*wl9*LW%2ElLzHm`)RWh&A
zK)xuQlBH5SmkNDvMW3icgbtr9oys(l&#1Cm(5y=9R(&>AIg@%&Hq@!3UwG$iS^rc~
zQDC$upEw={+xa^-O^*%sN!-aipifFJJ;ydTpWNaRg#|`JmvYLCC*3-VDx@RLBRqvz
zNPll4RV3OsLZ-uJyWcd84ko72?MzGqw@A-0+tYSu&^AZdGF7G=+;6w-w6YtqQU&>z
znAGMQW$Eatgf1#20%;Ifx%5#>HAroLeW>_BnPfvl#m3@a;@Gt{HIg9ZyQ7sj3fJp(
zJ)0-9zy$waLPEth^FcyoaE){zjn?fgNX#9Y3|2v<<YMkp=0etaIZr)g(^o==oV^t`
zhbC1XX~$e#JN=^xbU!V9#CjAg9Xq{AH~*6t&_a6mu%Kk&4l~f2ZOdbpy!bBD^tQar
zCeup$2~o29GXLu^YDscIJj|RG#Vs)uR^RCv%h1QYL>ay{TTb3oAQAS{DoUqb(yiLq
zdn@6-EZ7x9)kL)f2MVR6KTY&G`E8<-$`nN1yf!eo@u3FRIJex7D`hJ2P+DYmHk!w6
zq#q>8tS<_!;#XnaOY|Cq1Gc~WM-9k$8O5&V{NDdtS#ADMQd*VXRMacPs8}bC0An^c
z74*&T7k_B1-~xUu3Ka)d`k`#;ZMVFI^hpq<rrFXtg(Vw?s|lzY>v+}7PqHPfeB6<}
z!ic`tBf0uWh+dTR5XP>X+SR8w{(9-d!$Uz~x=@)qVqJN9P>>dsO9!f_0jaS=KI|6_
z_vMHARAY)^y~=Q2X&5gWzAF#g$#ATUhmRDNN+CGK_VPz@9ul+DWEEuY9HlfzZqyOX
z<SM9+*z9yfrrOb%uSa5@<VZ}xQJDPN!VX7YDjs>+m!mG}$v_5-Sh=q}@3P(Yk^ims
zkL!GG3Qs9C2Q}2oV8sVBbO$o_!`&}(5aYIdCl#FW%6CrbGhKUeV5!U@q~dkis%N(L
z!t}>JtEEGc{z!=WD2V<DNV;S6M?Oj&^^h(S@34bE-{WcZ9`Q)WPDeRP?sl)T%f0Z(
zM)6UNq9YplMZTPv$Lhd>BN#<}`L{ZHQT52hQ-H7FXhqTTaB4ivM3v$r6NTf!-|C1&
z;n4_r4?e<Ch`-qp2-y>#Lf<~lQHQTb9G-IP+|wO#D7kY^iX!?cy<@KQZn^SD7s?%3
z&~2wHxs~prM-=`lM-$YW=qhcXlkeFoF-GUR@*zhIDo^50zaAy{dX(VnQG&-hO7MtB
z2r5(g>rsKf+fjiMiH<x~E|cJtN^VLV0Z`>CCG(UWw*3Evw))GnlhT<<rEH_r7XHdn
zX}`DXSKXqoTm3D5KjXG|@z#I`Ja#vq><zhd8n4|MdkppU1-VcDg50;z?gu-#yMnoS
z@cHf5`5*$tUlHq!ztmfEMU=htOLNQ7Fo2=l8bc5QkI0?@=4jV8T21hmq^M#W7w`Sg
z%qyQ|HFsrPBB1aj0lCI>@65qB(v@uGwpRnq!A*t_NM_4S^7V4ijQs`~tt(>NRy=4D
z9xggCz^Ax^zGcZ{NFjiZ=%rUSU3I+jz0fl~=T-Dt`Wm7&=thXtg|jUk<Lk#aFhT0n
zJ{_#A<);JqZ-=GzK8!;rVF>XcU{}vDB+m=BlFFK)tE+5P*(Xyc8crMZL9;!zqkcem
zTib073LE(8{q<QQy;f4}s8H-FOqpN?QdM%h33Wp=lKitvT+`nyA(zd5M{lmL(6x`J
zASJ5U+O=X^sCb#gB=&VYep`cS9!x9f^o~Apid1FEB&6T0en(yZnm8^2jKuq_RxaJ_
zNb^0D<>!!&Hej;3N^9%(N}%H1xTHh-VpnC=17B2CuGMO(1%9|Xt%)^|Ad)FYn@R~%
zIIfzYQL5`%I!D--ckifyYB^E;cCo+XNp`fw=c*c{Tb-WT(ARWz$Adru)5Il2${Nh$
zoX}o6gsne>G^6DeP~hL2qD)0E>@0I2==m1(CqDW>%*ajD1ryr~5RJu<*7|hAgiw#`
zQl;LoOnY=bG=qUhQn#>8Mcq-EcE^OxoYPhN=_nIHts%$E_}wJ~UsMP+kn3e({PWor
zw9GM-MonMj*%LR_mROYtrqOb#moA9OYFt@NXQ=8Ph4B|>Cs&PA`ma!5290v{yWQe&
zka1=MohaGg?TYMAd*$+b$Ya*TanPOXt$97jwCU8J)$X;#uE_>T@;fo<iVj=QuW@q6
z3mpMkH#`(aKIZ6HVpk`TNf^&TC%HT-hdyGB<whb$nj!G*HH^0q&e7|u%acqnjvIg!
z!6X*Ngb8t75UGf7yNT>~`U+e{D4<#Qny`i4Guvlf0G)2q$EHcdXM%<UjkzC!jccY=
zn%WR}Lm#`rltjJS>UKmCG)l!SH7;k1NYLdNjeoj8Tk+_hNGQnVbOkqQ<wQ>j5Y1bo
zx}#>ZR*5HLo9<`i@erI8nEzq#OS@V}l0?71bKZYY(LD!fFy6O&hnn%eFL(j$qTW5S
zB-_HWWVCqesrl_MBeid~0aJCM%uMwKDKj!MG9ofEA~GZ_;hbphhfZT55{min&Dxe)
z1oEigy0`Z6)FZxqq9Lndb}eoWZm_>tiK)%v8k7(?d3i`Ir&t>Oq8Xym)DHXP4FIE&
z#LoTBjB}MZVMKC74lO4*@=eVa4Ov;(d$~8T+VBce#;ph%D<8FMShI=Gx_9zO#<Y|g
zw=IlMUskwop?xP@BrFF=%L|7a$D;>W&vRrxtF2?v$Ue|*L6RrveD6b76;3K-J-0ZR
z<-VCCG|gIs6Eu-k#z++qAUy;qGZjYq7%);hY|RHXPYrRx3Z3CW$LpOEukMtHCap~5
zNx2S#j_<g2GGv>ZXX_j(Nobo9Nxet-l|91gy%^bhq(ia2tMBL$PP}p+>B#<>7vNe0
zOA)HGN9`7UTeoy-*MVP!)old3xdzdL^SMk^c$pE$q;BAbBVoJUX+KCem^npKQ~l)i
zIxdL3vUxHTPVQ@t_O*$S&*Bche}Cd_E*r@2entl&0<L)7;_N!&0ur=6GRMul?!$7&
zafsNF0^Z3Ki<O-AP6d-uEyQ2oJ=zO4YJ#{v6vTeA8wgtdN`!DP{SJch6q*Nv9W@rc
z5Lt-q5tTNf7Ozq5O&l1{!v!k!L8Yw@g1y^d6G`a&N8A$ZVj26vN<TC(7q%{!gcUQr
z&#j7q<=%y!;GPo{9)MEt@5SY{{=6$Aj?=Hgu)O0!hS3ZiQup4M8EpvtSCyJ@hBOCK
zz4YyCvyEjsUQdB3jOT_;$K$BzKRISB-#`nP^gl%~1aBOD@d{}Tb$6WE*aT?YGYOC@
z(zK7l*XkyW-U}j)coEIdoEJe#$Z*srrT%4`k?WC)l0*SOZK=UkD9Pk}f#_;1#5LlV
z9KL&3;APCM#xPHwwJIz(jU!&K(V^Nm2hK0@tNWm>af!XL)(V(U=v>8^xBJW}B07*v
zA!P--e{sZq42jQR>&RHQNrW&qJa({j(o|458VB~l)-r*P5D(KN4uK$<7a64DAdNso
zM1wFoT*{>M#?lSkJmDpXixJ8Kg8q8EUcX?8<A|)9Q8|LIzB;lIeCl$02WIyX6iPC&
zly9LY3o+3NfF(IqgI*ivyEiKChpxo4pS1>41Y(bWW(_7w5N+dMxWO8MdVc{Xzwn;+
z{Y!fw&m*!!IEparLiDwDlB@tIzj_A-9R2#Wm5O_m((5C88i-SoB(2@S)f4m|Ph?I-
zlDz&r6-hd@NYX)y!dWB9PfxrtR=mGJk_VRU*VIRPRsUBiIlbrCN%@JKQhtt@@}mpD
zLVzKW^+$}5aVzj(8_)=IxRUm_P6CQJ1d#ZfCjmt~dcIW#4FG$s**7Nv?c!^1tM#oJ
zL68q5!HHT{y%rJryP70~w2byBtUrQ7cb?&7vNshWA(w+96Op+777E1RyQz}(eKe%K
zZwQiH)K0RyA+;G10u5O_b!&?hz<PIigk3H!6PC?&V_fyTz_b#^G`YEeVj2eNE-!Cx
z9Pcy=qN9)rb+@Yu;etyVSX?c3Jg%({BhA~<ml&~<H(f0HZ`dp3a2~n5Ms~;CwduJ7
z6!aPoHs_6<F0XXwNKny*!`?Q-x5J}<?LcqwvkS+}!)X73=LR-fGjrbIOAA<o#aQ4K
z0Rp`^(~W^O`9ZVe@x{4>Uz}gNP_WO^vVP{^w>D&+_+ap1%E}B}PX*zlwDL7ULN*v!
ze`aSg2a>;fh#4lGQ6NV5Ov0lJ+xltGj73C<Yb84DgIp6Mrw0>JZ+dwcd+lZ^JFXX=
zQjdMC*WMbzK=Kl;7b#ADfFBi4`Ny@#R1nS<#d8bOR~zduOkeaZCJy@Vhe;r<k=;FQ
zHndY0Q}bgfr?G`OBj5)w#fmSN`_dNm+O2Laf}*NfP3NMy`$G-F)qj$^upo3v{EG;O
zLMG~VXutaCav#^OgRU<3u7iFV3NN*%4_GID8O_E8MPI4U<0dxEfCVWdC8A#&M8*!}
zU_jQVdczCCxHLHaMc5$06NV{F!y+1eZ=QI_^FiyyQ)tOh$8Wm*ifoK2rGG%cQ8Pr2
z2aN{-<KpNDbq}h>NkH=@2MlxrOO_0<JVG&mSxS-vfKCA86VUMqj?nMHWHKF3CH@K*
za!ySJ%J6g!8QP-YeRKJZNFajpEKGer9=&iV8NTj?<H_*Jef?LsuOok^``Y77LLBP8
zcAxLG?yvMp`NH`C_qFd>C-=41?&Q8cxvyRQ_VTE;&xg6Mox*zz_w}J(j`#VpU6{Yp
zm+k8RN{y%Y{9L|l7;Yp8v(wepkMv`MAhec{V#}-^G>Q|(FJH+=t@D#_DElw-PuqA0
zQ1o(0?-G&R?p%O3%ZLF$H-OZtksb}aO4O&k-Q~MKg6HJX65=eqLb;^XWt$@fG6fM`
zGQ`|0=!WZ;o7!DZ8j`?)NJ6cYEws|ls<@Pv>Vkzz<xe~=jjmG^je?G@Sfk+@geF)(
zU6YF`l<?E)8sREk>S=jHNQ$&zDOOM<0-nGCTHzZG6Iq(F3m6iri$MK7wTz}(Z$%bC
zD<RZy9u?HLz+LgM8t!WOAX<cyfKZy=Ir9gWqha=Hl_8cxYptandgMpB4Y&gi8TK93
z#Zo}QaDaDP6b1yt4NK=$Ryh0jlfJDzoqc;cYoeVQzy!lLA)JrOA~htTSHGc#AVTO@
z$fwn09{q)$gHph~|C45ygd}e`=Jx67>1>P|1tc`uHzE=W{l|BB_NzysA3;-u{~1L6
ze|<Xp0}TMPz%X$wqW}?t$0iPGCl1z0)Lyu@PMQkB-<S*ze&8nfPm_My1X&utB;!;#
zm59d!Q6@qMVstnXNR7x?AQfTa$x$Soh^N9Bz(Io=GXW=82g*C)$J#{Tz6&dLv;wE-
z0j`Prq`C&wsnJ@gtp=bOi9-f9{QRK-=`u2yAClTwt;-3D>K-8IGqb^nYW<zh(>~9`
zDW4b7gkO(X%;!xk8u59PO8E5&CnJ6s802ujN`zv5y~2@D+7I<eEbI%?N_^+LcsLdF
zdzVZm6WY7q(W>FgzN&9hTkt<{AC3K@k#U?%kz^oE#bbfkm<|WX$S561#S-CBgo-D}
z@%S6qPj!#}sNkCwYGEPEb3%Krv1P=EE%C)$wVJB=@I^sd1H(GUFrZ}G93me0*|kIT
z++n;Y@yQ-M$k|h|gJDEDYdlKt;Rww@QaVyG>VIkrBQIG63A>y<Cs}W(N8Pa0SQ3h_
z30yY_LIbi0?j`dDjDs{2{Buockq!7`2LE$;t(C6DVJ$Vdhlf&EPLuB6v|qn{!?*f=
z_Y`T8rdie6)h*)|-lrvR0ICMaaNNB%$P-lFSG6j*V6oM**3_oAoNLR~Q+WX{Zs?|#
z_6RY8VMYn2HO{)NaZPP&tUXFclN1?^21ZmO5{QLU@LOmcNRxCb8cNVqG(o<BwJqTR
zH-B4RehMbH#X9VqZjZMf%I>Zxtsl=jqAU)^cf5Ty_rIF&F@04qJptGg81YXNhLEF4
zQ55C|8$P-B^J7X3#vIHj+;M>nPU+}lSmnnwgwTq{|3phGIgTL9iirluaCjVug;Hc7
zg|@#yGD(KUQ6>?M(#bdI1015vain^!_^%Xqzprtet3K*;uXcJG%m1QQE@Ro~LF0S_
z1WxT_PPvkQy{Mg}>PTbwN>$V$R?$6T<s(gyC56wVw;p%?KAh*&9-!d=ZQpXgad6`J
z1K!-?qaUyX`Uh?w*|#5-CoUYF|G4ykZ&<4q&^Tqw4%{&1FkGXPCrDF7cEfyCW4H9F
zsF+Xwxcsgn1M9Ze41mpBPf^nw8&^J2Gwsr+35)n2VouJOfTSk7_P~!}0Y@`qQoSr0
zg5&^uz7@_S__rZ(-*6t=AK+85JVfyRz?GG)4<{nY@_$&7)hG^wIPte#9@JlkukFa_
zjkW9$y%{9sIN>Qg*m4)zfLI(1TKE&zXrhhqJYyg!By2o)-K_mNi0p?qzU2vjI2)K5
zj>I|Q)bnc_G0*>Xu93o!5f7_Te}yX&hgB^Eo}4GuW5KK;PFG|Zj&ADe&RC^0qk*B>
zjYg*H&(bWflFzZ37_WOmVNEfdxg#NE$x7^qQ@03Qoz#i}3;B#_HcNq1=6ai-bW^&<
zb5X!2hnwN<GRtZ2CL&AQcWSjNx5bj8V3vG?l;O&}a~X`*8m8*sCM8jSX)3HL6du|1
zL^y$B#&AJQc|%-~XqVEArx9AxJSomp20COYEL*Oj())+vfVx@CLWhoJ$c1aX_&bP&
zW%8H+?RxT<kO9^3n<4(L$_?i*Cb2-~thUX;JQ_Z5<ZG~m#`4ZVym=PapW4Goq#_HR
zOoSfs%6!C#MGQdg2?=um7)m<`R*-XY&CZp1m!0sqlol`N*$E5PbFlTNy)KIC7pshS
zkw5VK)D&e>-0Ym>tE9z?jPNXrHvse$AJqS_8L{~DCl;lB1RM5bxPFk~dWbD*2Y>!=
zb8Y`P_W)_VEn#o$wq(&t-s3Iz)?&-Lal$$1KS)=azsvBkJyNZvORFJ*-9eLy$V~LD
z6BzQ9HiP<2H5~oJMgy1upU`9&!Hp_XEimPwlHF2%eTbg+aV^;N=|Q^KV2yX^<3CUP
zVhyN%-1~v0WpxU1FCUZ2I40j5K|2P6226=rGNfo6e7=z0Bu<LceXoa5FPR*q8r_=l
z8uV`$ag50@PG$KP)hJ;u1ehoF=%LjNg1=2K;+6mLIh5ix97oB;)M4zKizW+;_mK<k
z3o+uG2=?cZ;o!Z&lpM9Fp?in$PoxP10;&lA;~)Rfi@WO?PpaP7c&EvP!$;YKzNVY`
z<98iX>;Er?px5O`zrNN9>|uLp-F|9!up4cQW7vOAHW#tG*&b)HyMtt0_wyR<<Uro(
zK=v?)3|F!@sXxrA>~jL~b1$0>EzOSQURH6@)o_K@H8E1V6vskQJV8(Ugz|WJvm{0g
zC#*i9#bo-R-{Rmq<luPiY2tiNSDzVHrWuNzlPZ7t+7Z{gO^~0#0l3e^u^A;+o8)AB
zd==XxgSqw-Ssg0EE_=g14-ZR2ZE%o{p*A&)3p?nOS#f|_VNlR!P^eG;1XDs=v0X-l
zPs1ad5$c}sH?bk!5XW|{f^~m8ek?oc4e>9EWxsx?zfI8D3!+VjyczPF!`VAo^-I~g
z?{J)5|7;d*H0o{9lDZvrOr!Q>$-dE&J=ZGqIi_`Pjm>z)U)(3q+gp1lw<WB;1sU_T
zhL0M&evjesHKH-EIcXYldCX|*NiJU@m*@Ysioy=DQyYN5**hG3V11=*TE+Y)kWj-z
z`1cc13KoH=<bMt!C0;M3UQ+bQ#ME>9^dyDd#gAGe(wHr^V|#}oC469~1Y}T36r(#h
zcKoO|-4AxmtXWBxE?@>K9QaMWC<y;uUhjv6&;Wb#;{3aaA>3Zv{Oi9izn@=+uQSHA
zrGj2OMmhwfKK$;M23bulq|U*uhO`$B4-%n~@|{{mg)PC?1PMv|h%Z_g7Cy!PdG!mR
z@(KmxPlThWm|#%-7%3FDBm_mqA5bEe5)w81tGbYHRz$DYLtj)4IdqHqVOp>ipe(aW
z7qu`#SBBy;vD^PW@4;8A&acl~+Nzur*XI>p`_)56VI85)FKVBKMvW{K2WH1+b>wTy
zxc_Uyg)7*xR6LouM#2wJIt<04y`0uYGXObCXIp{kh#9azLOtBd?^Fpe6|J<5iVF5N
zfA(81uTlu!B(PH8)u}eb12fXRuRhr|k)tS^lNx!m8Yy=QnVu&dY_<$;tcaXvODzHc
z3y01Dh`RWbb{_tKw)UMvb-&lQdwl6}vEa0iqw9_I?y|5T;?Ty{+Y+>Rr|9=o_<%Cv
z`F^LaUUnl*j3C5ieBJw}RswGb3wTi;KpiVOU|Tg8<d`?)Im>IqT79kyMO<jh=izJi
z(s7Zv<5cBZYyYJ_>7_5Cmta^`B?X}6wWgl}u%IljFy|gNPmWZ-0%O-yhJVCrQbqLM
zdLUe6fZq%d5C*;7)z46Hwn2}m+Yq1YJdahI{)wBfsLrfZKdK(HFV2B_%&NT*K)Ni*
z?@?dQ)wD0>Nnw2gh4n%D3NeLCRdv+QM4(qLO`|veNGs~+)-H#Lo7bF9LiP!S%q3;}
zjv#M8fgD3>cAhzYayhzw(=Po}9y*S^S(|ISV`)$7<P)fqL-%aNKcWo#^(WY=Nhq27
zDR%0&X&4JhkEvMn<@if=ihb=)D&!NY5K|wh3dG0Hprt?_L+s($Xsz^bX5)Q5;kOa*
znBs3)tiMPD_%GvU)&ob8DUWU0FC?KwOWPUs+l}I_B`Km!@~y7^d{1hGeP{z5@yqSG
zhp20BbFOR$qoZs4w{|(U2_OP&5vr*|4!~DDy6>9dXBL;g&9-@nj2~`#|MgD&V~eoW
z5<I!~-@2>+46gmX>v_^wUqoO1;%AiXb5j1rUP>2le##69k2EP#pYa=X(pPk3y6$ng
zmj9GA@u{`cyPOe@l<cDzGiI6~L8|llJc-zEP#PcRp0KaXF(Lo?jt{36a`TAEBA;37
z?3dursFx1VI`2BlRoX5krDNu@hqSiDM;*Rah%;sFx|XU*(2xX4(@3#MM$M-$rNInZ
zA5+I@>+~1tmshUo8*<^bui1KM!bf6XU5)vugq22?pU4`~KRc{mJN-PS$h)tA_|N<Z
ztobvPA$ud2x|#Gd?aZfQWx`R5m6@eb?XXYP%08xAnYLyQy^ra5t<G6*`L*hrsTPT$
zlS#__Xv`<vh(3MgvV$PLs@9U#f<;2LdEK|RY?5<SvUrw0dk?^m^GkS_K06fR??7uL
zlG%;Mc`PzrYRtx)>!4*ztAZ6i6*rszt%{p@$Ll<m^T}5JyV=T~833QaWVYe$vYdD3
zLs$%GTf2koXj>1{oc0{>WK|zvRof`%G_GCL-fLsqdVIX8ZD05O7Ps2+<1KEat7(>!
zPxkg(Y^#&Keefhs_V&ly+io3mGP^&&*==g*BN*ME&C>RWov5vkTvk+ns|wE!a5fn;
zq3ZpdwuVhhT@$zn*g}S<wofnGeT3J<Z|86aLeJSe|DCw?G+HdDg*H+owg;8=HPK)s
ziJYLJRO?@Dqn`_Gt^3Fjgfgg(D`iIuF#YuAg@*~D)$}su*)N9lmPo0}6dW><5n^Z=
zD9Jl!8V!AQx&Iu8=DoTKPZ05pQ&Cw3+j3WjX84UqIQZyUvAD@QWm(;j5XLN={=n+~
zyt%P&I4b;o@?Wh>{5A7mPwL33j(+*f`bbY>Iw_>DtB`DK{Gl2t7&LW95shXT-$Zt!
zC20{|?HV%X;Ww)=!mHtK9p>orw^3q-4l_n)^h?e9^1QpkymeUpA{u)9)^hWRH`NQ(
z7yta9@0Wi`y?Ng&peEIfPDt&#E^xk6J8M!x2xG!zWmrZ1q93cPYmJS+qKdYV`k0#e
zLvL|jzsdvW@%7q24pr`lu!x;Qj-cT`bG+HZkoz1e{%x^l%|Whp_yj>_72#7}=AT4(
zKfHhPyiEM3b$5Mtc4n915Oxfm&sdrrD^hIH(pWcx`u!>ynr{!X`Gky5(X~$!UE9mm
zM=&)$n|<NwDf%1+h8^VjzfFy}Hzo+L?H$}EirUh3lCp0HBbML$;lN9`_J70K3NhA#
zMDx`BBJe32mtP(f?x$4FwtHNL!0wx~<pS65pgqtuddz&mp@pc>7y^8si{%+E0P+Lk
z(?VjrWEu7I=>L?cDKjT=%c(3cq;J6>QfO0UbVCXAU_+l((BgIrRJ3UY9?-N#f-sYU
zBTg6v=OnUN#Gnci&lz6cs3E{V5DV~U*Z=qbI1ll<S~>ehoFQ%E*+eCFg@!i2EfIHu
zxJVc023<Rh-sJr9cTW&{p&bCB)8x$A?hpHeKOBJm?QD-#B|tO?b<;AJzv5p0AhM~J
zEK=K25V0Bw7Nr~8GjhS+n?#9(B9TBS4FA6n8CW`xF2FIEI!I%qsa`B}X0}r4{POzT
zT+<s}M;myaUu(V3^_2}EOA%>G`9ea=FJCxF4=pNm7=t~(L_Z#+KSMJ{B!TS(;pd_t
zY5>-vWPM|hD8bU@9ox2T+qP}nwr$(CZO`1X@7T6Iv-7^)efwi0I-(=GvMReHy7FXY
zoy;0HybHtleCczUV=;BQIMl>xxB(`U2DVq-m(&@Dg%@AC1mo^WNKLv42D!9>upkgj
z6Qvdo??PZG+fCGD1YWOK*YF<(T!Or!U-``zua1AL5OZuU&-x8_)WHIgJN<Nf?0YGx
z5<WuYD+nh57$oxt(&*n2n1ldNtN!l!DgD`p9nLX&&20UD(T??#F7_$?g=C%ncpw3S
z_zXdNXo`Da4n$;(y)ahUCG1p9LS%?Y%G-6YKIYB3WirAj_@WS$o9vE^_nAdc1JL5<
zcn6v-@3DCPHwh2ZfKWqs$O5;GEqs{Y+{c*R&D)I|OQvE&kH<3nYl|udHxpS|bO}9;
zIM>YHc9<PuTfrTOZh_5AcPPxVe6~!|OZ`Ba3|0y`9q5qdMK|Hg1W52(d6CDJ_+&oY
zYVPwA9e#<2#<oDl;$bm{3ewcB8@L`PS-U+bAlZsJowQgV&lM;UnS<BZ0!no|jMn@)
zk<wbc3~EnFy-<J4&$s61#ScDW8)TK8t`ANYw$M;ma3z7qoPgNOhD%=Yg6WteZS=je
zI(|__RQ)gPSQt*NsB*B5pmtDG%-bK<8pProZ%%?9LR>~0<LRmV99vRzqs@O~?Do&i
zB1o@^{4K?|kvS%r9(djH+Jwu)iRH_7x-i_WHeX}3UbR6{FaGUCGglrmFrHIbzTL;L
zd|-yfP!Ybn9Pk7}d+!EEPp@uqDNekOnPMw^G+#AMqL~Sq1R=T`1-Or_FWZoR;a#tK
zgapodvN}Nymr-=zA2+IWs(qS|&J2-O1MMD3joEZ|idLR_TW~bLqD>PdL~WxrxL|ls
z;bCuaA6D|M#BOoGIk7r#jd$i>P`VPfr4HC~dY}nB<4|h%D)2I?36EO`ivr}Q79rVc
z?BX&`^Shuz1D7NJkvoh+oLBsHLSX0w=!xhlsuV0iwNvvp>tpaNUgk#D2|uno3H#-K
zeDjutPg)HEj<`h6t?H)G`5%yJr;dDWWoPU}40tHomyhAL7P}Y_MC&OtX=#CMc@l3T
zMzPB2>QSHM7ULz`VBz~ZGKrN1LNJLT^%As2j_(FFy~{$13hp)kWf5rB&92YTN{7kH
z{i&yN(c$!QE)e1-gsm9Vl+j~M5Ap%xWWx98UepkFv?~tF_OgKv&H=<V8_;nyEEjqy
zw%=)kj0E7{AuOR_T(O7)r40}>yGGXJj4K`8`^qP(`FcHLH@l;J(Tq)qEh>HTH|Myv
zus|EmCh%CYt+o#?mLS9wd?ErWBGP|nK<=;D@fI~=gsvM%t*xmLN%W)#u1mb&h7zD-
z1_*|su-UDLB=0w}4Ka^A)ZXidVmIW-UWKzytqzB+KUJ@t?Z0w%NOJ3&-Syw1+i&^6
zfX8<R<7E$>sk(4KzO`oq$pD}ajl#NSJfnc~THN}%gNq|korvKn&^^0G==$O58T+w)
zrSieP`wiyNV;)zZqZSJxvqUOI@JB+E05vEiLKIKTv%|~8OrXms6d-V@`lN(GTbkCc
zb(gLS<1dU!+IIz_>~&(o8vQY+5kGOB87)kJ|Bc}V)Q?pXUp9dr1q6A&cU!|3YWkf#
zG|xWR|2+|5-diO?eef_cyz%~T_)d7=g3modeyUE59Z~Y505>AUM*y?PqdO{0iJ{MJ
z!kDq32Z)c^Rjum9CD+;wD5g6DWYR*fm#fffi&UBPWXSC_4srcmqshF!@Cn@Z%dtxJ
zaPtWltZzHD!Z741;$EfNysJ^Q`}i=S%h1ME9yF>YC}V7&Wt}4H$ln^(3wkwoai92U
zdkWPmjP0aN-7stZLMMZ!m4%PEucRtkxy8ljk~l5b_B)349{}w4ryK^ikDqCjm5S^e
zji0J-luInp@Vtj&w#Uo^N(5ak77AtA2F4eZ7BJXhPkP$qPU}aWC1H*wA&!~NwmHz}
zB};;97C_jl@WR!frry_i7=S-IpNuF8+qNK|F_Gi$+6HSaA9^>e*t{(cy8~Z(|Csw{
z{z$!{bfxvb?aN#PK*h@$psU}upabJJ)nfprzIZ|Zk&^ls$^9pf^)m;nH-#!DW?Ntx
z2dlg0-`tqZ<%$cBvCxaTcQuR--;MYR0q=$HcPLf)ObPosj`FO{2M_#CH<ly6*biiw
z9c@`#l(XJnz;`V!LFo~DV5O6jCOd9!Tre=9OQG~MV`jeUlV!{})wVX=ToJsv_jy}5
z>!!6DH5qQb;g*)|u#Wl5=anI0hH3byk`spyGVY$o`{4_He*8IID6E*@bVa^4+d8{;
z%woruz4alE-Mn4O__BUdyM0~43yzMY%Ut7^)5eSWAE6Lcw#&ZaIZx?paKR6y4^-KE
zFXlI&ngbItozA><fP;Xx5rifqRo1X*u`Zrij5yp~$$t#H6ADd>3I_rliv|ZmS2(d)
zakyjlyWJj5jwza-9c`6Xa($2$v)3@bDRH&Er&q}CW;S&%A3CuoIvm0NWOS2e4~^};
zhWe#h|B^=#r2F#zZgXW=<&M$#d^l#;e)Hn-pK9Dxe?EF0R`L4zzXr^es?C*}rJQf!
z@!xhoBk;;PzU!5ubI&-<&AOtEs|>4>7>KkO`xRogwg+F?{oH)qsQJl!txsXIT3dCH
z<S6FGVwAJuLhKPOZT>skA!q~7w%Ous0KZ`}ap}Ze_WdevFEVlATc;nbemOW5`trRh
zQOyZe-t@?uN+aMa8%;)6EH1^ReAsyFyOo*n%fTx|nu=McTH0>}o|5sK4TFj;m%P5~
zk-L4dXcOwIr*!xyGlu91SM=JxOC#;5JkHsNgK|nhcH%bh^PpTUiMM>tdyef(xph?s
zz*}?;3;Ob}Ym~$*fKQ`KmoF_>c-|~P+$evU^i6g3dp(kLFXDvYqtrrbqu@uQwIxK1
zchc3}80<bwed~FIoANYCpzlLTlvQdgst2xC%BpHVD2yAWtmP{^a<R97-R5wXT=qi4
z|C|TK^5>W&&^PhE(V*_Wab432bU2r=iFNd!g2jrB3vSV2wHpD=zDf&(j{$bWVf79A
zLd9YA`n9s-^Z#5cZzmOpmswIXoGP{3FIyyLJW<zYa~pNE92bKRC?sY&K6(vUXFa@X
z6B^bCf2o%h*he*7S9JYfrk9!JOw44s3TLTyu@q{!#O(=9K&D^CM72N@gF@oLzw9FX
z`}&l5G^xfcWH#~OUneaWI@O7X3P4&V#|lI&YaW=Fs$a?wx#7mQ1+ASKs5P3UnK1{e
zIIpxwR{q?sH`#`O$_=B-W*xr?_pR#NcV!w?mlyIYum3IvPaA@_t4pa_Nc!()p%?>X
zBW@#5h*35{afC3wL+55<nKQv<eF)WGWh05<vD-J{(H7Ui<d*&x0CP4V#&`qp35#+o
zDA%8gBM%joAm+O3Ae#pyUaA_>12w`g<xmYUTw~64feM>W<v$>gd<t<{g9)>gqwxpE
z-onOr_uCz3;vpwC48Y-`L!F0Z02aYC^OtE0Bmg$PhotnU6Okc3kzoG-*?+^C-<J4)
zTVTu<#TnIYb^Y;)1Gxo`KIQ@h{Se)C7Of-w7XV!}$byv32utR(pDMnvljrUp?)v9S
zLER77FD`&$Z%^4vUDOH|TuLb*XjhE*J4b%!5LuzQ7b5JD%_K<fky^4&idGajECt?)
zz#^3m&GX;gg141i*s2dEn!Dm)Iw>34p>R9>vAc(d(}8=L%+vk-0-xoh^D%EfUyeta
zEN@OlN0OXbdQ2C!qA<R3GYgo!jd)<I;FW8s<^bE?OvwmnH<kG$R~mU@nBSdCrj;2c
zYWFU1K&W0nx{2{7C^r4cs;LP5qx26?es6bkn5t)>w4>#BmIs<ZT&4aPj3;z$J{}^G
zUi*A+^9ecix%vDR4|RjZQu}yh;$}#TP)zpA3T=c{p={>OZ%v^ub0aBlW(Xe}t;riw
zJ3{5j^00}(vHbx(h+Rq{O<C=ykPb<%$oBN9paJSjLxMrS^(SKH#_fZ^OFu*#^WhLJ
z3s0cW<=VtM9$X@=p^e#aw;;l87!OE0s4Ly}%bn)w{4eDv5@H@4a<lgmaqDUZ<|_C1
zh<Y&yRz~5uZdAA}j?NMvgCA0|DC+gBk<^hrCBVN7;hV*5B+ay-Px5*3WQ2_C83W^-
zlhhKZe(Q@!xwfnSu*q>tYu^tJ`Z<`ik9=_)sM^XVy3THJ!w2EAfs}!LK81C+xVw3E
zZ)c6ct>t@>*e9D1LD0<Ewztch1~D6zT;C}SzQvhL-7&rK3wL4b-u6c2m2yFp=Foa{
z*^#AQqocM(c!omHyNqAux%=%?*kBwR{LMeCGK`@^BA;DC@$}dT0D94``13o(RG1dM
zY&GFnkZZ6SIt%X%c<|`<U~`o%78YlGc>R0Q=iW|{HJ1geLaP8_JHPK#E*xG@@&33B
zTV!7&#mzRrf6vpSmDa_C_v|0arGt53;qYj^vlGENmYd_t?lIJCQE)$Z-u~l#GW&W!
zHs)X+cZ@H!2i5dO8JXwd{|KVTMWV;VyT9sFd-5y!Ui9+K@t->5@*jg7=Vz45NG=7j
zhW#EN=nP%t(-zC^^Uyygdsp8D12gsR#eW3>Vj^Y;<JP-f?f9qDlUHr}u!j?P$QDdX
zH7tnXP#tUv;&VhHq&}6o;zNQ5UiOqz8aVzJK?Jk~2EMrXh$a@FlL(13sZNzjY*<8&
zCHQj#!thp{96b_jr~yBd2Cx4!NVW(7a+oE*6a!QpJ<^B_J_5oMvnSSO9?0reVK4<Q
z9})&5DzIGfOdJ70^LqedkQ&M&CRH6QS4;#Cfjb2)KR{$SzaH52WRLAJJi&qBkB^A`
z^o|{3@0J~J$j}v=px^ods*CA_{V|eFPzy6dcFA#5_XOX&(EfeI&sE=aw`GF%R(Z#A
z<ZyT<u?C>os~?b#C{&)s+L8{U1l0px0(^UYU_U|PQFaBzK2{PrTXM5E=ZDU6Gnysf
z`PCwZuct=^f@8JJmZ%h%3y;qYt0Z8vemr>+cg#NlEx*8Q{4JV^VR3$N{zF+}az(@X
zMQn{(^W)pJ(svR;bfft{rti<gdhYtBo2CsgvGA!N(AxpXyEQ5Co;dW;*+A&Q#dF9g
z5GzQlF^ctNkd3xx&`tRAX$*#z%z7-*lmZ3h5DDl7t}@l=g1a3s13~&w-J-;&)e|s6
z)WG^cs2V9wiAEHv{!lue{{(Ug@4{vfA2A9_cGGtC^Zo=43FoNPFkjN%q7bxo-bbWu
z?)yiGoYFe{;9S(P&4r(}0$mbqu8R%lAb>ZE{s4o0#27KyM)*b6|60x~hUl-Ng#AM>
zVWj8gZqn}%A?VgU1L~g6@$K){T-OxCMF`arhp*u*hM3wC`|tzFhN{=_C)uJWI{78f
zKf~``s1zRiS8f?LEE12;wSpwME(4G5=|_<m=IRonl7Fc}FNxJkYEab`rp1?rh=n!c
zjmM-eq8X86RXki*PaHl^CD~me>#_%_p7Yp3)F_>di~r`a!Ye4V!)68XHjn6BCV;~Q
zeC6i{vnIa0dj!6AP@F6U;|a5(AD<MjT@2|y`y2&<AESM~S51W2#Hqngnl`;I{zco}
zOE+nc@K1hP8iT5Px*N3}`-*y@E#@5_z})$rqm$lp)DPn?A}_;?M7g1p1`Sheo7Y|;
zP0_FE>c?l5JH7ea6saDOCY|qBM+#PXa8V}LUCgfb)DKs(8!sRXa2+zwmEU#B-k!5{
zNW;;&f$3t9hL~EZu7|UX#F&^E`+g7QCQAfP!)Y;^oo10Aegox4;wLu5N%Aq_tBUHI
zDy+>}%JSI2E<_~Q75KvH;PnX&L20J!8O->5fyB@OIVGb!j1W*X!gQ8yE{4^&|K6ex
zP{pgsL84%L=Ys<(R4xuFhLFNH2C&CaWRxX>tUYVwAqb*(3DYr!NFXwYLF7i`v*8Me
zmw;nn1c;3WJv)#E62t-r7i|^)0EeWBhy<Dg#4ad$0-#64mj({b&*($-qJz!r^vvOE
zH)0XQkO-_fV*fFvrdR-uX4czPWWf2_#!3)j{w~!mSRCvq28?yf*t8FHAA%Hk%GI6Y
z=NLESMi|a_2%#h2^Q08F+4r`p<`oHmiscAaiw__|mjWTdAOKq@!hj|T+>2k~)Axt{
zQv=kl#D7toDhq?34`8(E&tS`sqXwCo_J_a;YtCN|$r`)Cf&-Ts7dTo`nO(l7pimEp
zSwXXr7&n8t4wNt!LO&Mb^b!rbU?*t8m^1fY8sbIn0#d!uhE%QmpSuM8-TQdU6Rn={
zm<}&^^r3-fY?s%%)&p<E|K)~Ni!dK<#jjV!muuy;h(PLJwcDHYQMz0>sX$6Kct}BJ
zK5=FkHY7Ib7QLra1^ypqA}V2*us@Dk96YW2NcA4K81r9Dz5B?T9#-BkK3;!i71y9v
ziY1g&*uMQ!5=(=gY2kQ87n?FD?uNKMPvC=oA!vlZMfUPk^U$Mrr+Q}8$hkV~rnsW0
z7~E|2^O+eBuzH%4;^)+(fOX*Gk-|8SkCAxHT)2AKRe1;;eXa%ic_k)aQv-H3<NU*4
z|KW#?Nw%w}>Ozr*Q<+piSMxP7WdKd+@eEJlO0v@S7l@&?J}u^AM1{kLou}3c)V_G<
zJF)$j8J4HSw|w|E!+*bkh%~13?Qq3_(hg=$nX8rFyRPnM01p%p)OOm3M;g#9%1Wt;
zxn2=f@z#+1(3yEsp)L^iw)p=M!U`AJgdEXOgJ~oD5ccH9g|}d@)bMn!k)n3cJly8&
z^t^Gx`<R6N+;4d<ag^Lfw~0Q4Zd?Y2n8{=v+{R{i*ss3_+z^v;*-CD^UdejhUPJSr
zC^mmo|K<#S<xy?k5G>7zmA&42?GMfKvG8I)ZR*2C!FhEdMW~7Sc<*@&d;fE*SMpZ3
za*Kq^+aId+_3~I+4|^|vtygm2!N&8AQhM}BFhD!6i-zuc?^8TF<LQ$%W_OK*#^Yjy
z?k%Dfxi2fH$8#FTx-%&nyw2GF)}yDCM%+~jv!~bu4Dm|JjEXC7CfO&%?$j9iF_6o1
zuF&PnN|Xwn!&Zlu2^NCC&4y|}B*#k+2RC><50Rz;$F4xxL&YYtx-)HmENyFR$G&rK
zcRxd_)6Gn>_fI3^?h_Q-ENp`(J4S!Ch1HH5`Atts!U8m$e@>tf5TLP85oDN(Y-wBl
zgBt$Yg-g_4Urr`j5GL21Vs5^%M3;-GPlS+I%A{Xw?jw3jMIi*fg83)47sJiNth-*2
zToygNedkn<c0OoMeZ{K77L<l*gu%mk)Traf@N7ea6gxBcRxb8}&M5=ay>8n7lA-@u
z9C+m+xPCD-{uZqRHa~&vbahz6O_+v84Fv}wK<e_iZQ1e@M3R0#&W*wGPi@tHTsOhp
z9-Exm`H0+8l6Sn+9}7rxWx)VA-vbB<w%ZiuCp8sid^&$4((0)h11bOH02oBNz`e9;
z^4t8P8UR%<b-5u@)Tm1H;TFH5ispAI%Hr>;uOvx~zG6jBD0fqc29HQYV2hfC!)$Ys
z#VPnHKpSRrxfA~)4^u+?4|p@F-L*tSV?Fe#sarNG*HK#ZOcFa_2gKmMKoFeaxDXn`
zgUoh>Ul1PVL2Gd4#_k}twFQ5=5$48?(E{o-|3ZV*|A3Mn!8C6blk*!8Fov)SC}S$#
zTq@P9FCL0VM80hHrnNsod*$XubuS&1kBIAoY6lDae&f;SJoWH$aC*{9L)-Z|$xHh)
zeADISwO6Tp>sQC<G_P$mZp@&}hWbZv1YB=?CK=MBaQVjKs00L30<+u-RMFnEgH^GO
zU0qN<+rLWQh(`*UN+wYCMl=bj8XDzoR2w^Hx39m9FmERR(fJR{-0N%r7Bt}QC%nH~
zb#O3312Lv-9%P$>f?yUZ8|chP+8l{-@qtG|Flv;)&k!6#a{|aHb=}@Fm;k_liW}oo
zW2a^!rfE4~KD#0S=dK*XUJRmQIk9nRQ@jQU_=b5jfg8qXVvI;7CB_9b=7kA_#j;VQ
zOSjf;0zjT@8`>P}^q=|0IW<-{B?ws%%mI~8gFvNpx+oQlKofIJxLy+FK+9@aXA}~S
zKc)e!&7wv)cqr9iyz5YU-puAV{bE@Ok#eCzGN&-T8+74L?RBtuq|1+?<rgp-@)z9Z
z-_msm0(9PDk$Y{YH?f@EI`T5`MOTx^dn%YOndG<4B>`2e*Dbl-e=JDCgr|7yoU6KT
z5~d7U8%zP;lDAl_?lm9lDD*8+0hTbp!=4id-p8XLkAWUh{UE1{F6m_nhKDRMz%>bn
z<b<g5%6nYyx#}i=BJSRW=q5izSLF~sl!kSG*037bpb+pNZ}Y`{s2#|;kC9`-@_>qp
z%gnpKPWT&h3h&-$1Aw_i4t@&Fy)WfrM#s3>W`_#zwr#cdml;^~*zpizUT`jvV^-IH
zWq*5B?damRJipbOcPqKaA;<V7k$w3Lc&tk6Vr0AhdhDP}UcR-v+|&f#E02!^b8)a!
zKk_d%c;>zLanfD)LM$9HNzC&rsrynQM=swBx;I~!Wjc#_9OlIoSZzI0zs#*Y;}%?G
zc$`H{@f?kMSbSX4eA-N%OBfexiJ9qt>I#=R`(N^o{myWf=<8t`IhBm~>%?%PWxS7V
z-TcfT8T<>prmK_}rx!5uKv#vd1LMh7Wm_#Z*MFn!<AE&l@s!x12N!-w32O!R-3orJ
zP-M~e`sr62c=~u(f0lk6Gg8cSo}w~GbF1*EsO75-tBYK(4c@Hu9L5-N{q6eCQp!a{
za!xWn3Xq25dgy(dActmFbQfD(#|_-_woM4^sYAF1$$M{H3A>>R>9&1yo(p#L=6ZwP
zdN(4zX~TO@KU~(sc&X7sp27(o<)6_14rW;IKUvZ>z4mWRFyi{a3g~>SgwY2|4TG-4
zmU$t#3av#{^}O*itBeYICAFkYY|fy8*|&mK^H^V<Ho%#rWM~Ju^YHp7!HKODeeo*O
zTrePjnCu+_T<sN5>kqOA11+t5$S<Y#b5d>24+34gh1Ca;4f|y8o;Sn!*eJN)?74RH
z1haVOUmw87*?yD)OolE+Wl96_YUrp$0xIt?zM7h4^;kFC1?OnDR6X>bodvG}40URE
zW#Tm3dX27i`E$K{$t?R|L)CMS-Lv9dzS+GCQ~_f<ICvDXgxcNQ_jwI0Prqhgvw<6B
zJ@yyH(6PhJ*ntW@C+z?+K~`enHty$;@x&Dclx3JD4zvHfW23u0vcOf?dY^E~Rl=<#
zRhl$hnXkcS+&XPu8gUWu%n-`b39=)A7yP`mV_AD5_-=Gz>TbJck^P$KKz8+)7>eQK
z1hVCAhruPxApwI?>(6bi@W_z(gl^c#^Eff?vBeyz1gNLUf1PV)1tGq>wEURnqR105
zd2v3(iS`WHN=ks=3d4N4G&tX#Z8Ug+Lxh9RBB=WPXHQsMWMtCz19H7WrfP())7xfR
zIV$C<ncx_Yi<i%3A>Y7XD*-<g(2f}Z?`&$ms>d+yo@@t@ZZA3LJL?OR>Y0#nZ;q9#
zf6H(yiW8|zvWy56Pg|T`I`(}EhF!EAi@SUY)?}@G+bX2NI?~CVo8Ve(DVoM9Bw88H
z&_dRz5p+?dB#jtxlNG<PJ=l^;izp_CS)H3xY;88?U7A@+_a$=em<%nsQCFwzar+`4
zyz6C-+9q{LlWL9{lb|^=pczRD6#p9Q@&4>AdOHtH#x=Qf@=4d$U27(&a^%WV9l1Dn
zoP}f^Sh#DO26pIo;K0;kh#;$7Em<yS)G7@QW!BY&y6rc2TDTRdMcH&F?93f#G$LA{
zRSXLw7Q!u8?WM2XPh6cRWVMc3aiCG$pFQ3;q+9ngL&dy1@uYS`KHp!Q-;yxWi7rrN
zB3;a*c(i%z5({%S?pI+sYC$qy`UGXo83lv?pl8vPfVHB{EVwNc_9R28apM(TpFfy;
z`=FGiUL76ko-bE;5K%8`QIZrZg$&n!rALpJP9Sep)D@d@Xr1;t=cY)vEn7|OX{YFx
z2<L7n-@IoSFg;*T(?Iq}Hc7X%$1-QsFg0{AQ^<YLK@uwMJ9L=SNp1<J;~kZou(Iw1
z2L{0`Q<*kh&G^STITNE{wFQ0B^O*iUs7lkn>mc~sAV81??q)Puz+E^g)ry75Y+5we
zPAyrbpR2iotJty>sM>zW$Oo%98@K$~&Uc{_q-K5PyGC2B+N4XSa8fyP*!>0{UDRax
z87s?&wz`nNmZ107JEY6*k#Ojk^-=!7>_V_Z^Ynz%*zj{s0=9{+L7pn{BxL#6gSAE_
z_~X6wOP%64QdzWJvxF-|CAKD|Gb^0EYU=&z<U`v`Q+%ch1a>}*npZ3|OSOT@I{m~V
zG|MfMB@~7?E@=WquVa0<Yg(~R?x@rG^qRw`FGIxX&iN#AWL7Fi!%izbHPNNEaBkz?
zsi`R^0j0O0Mieu|vSzCQ75r?^IlUb1A;Dm;L7jX`J=l&puNoD#z?UX74l=9jtTgF}
z>bD$~Z-#=l>cl1kkmNZtV~o1(Ks?>hWoQ5Bpc@mT(skX2N5u$?9;LT+Q|Y*gS!&Lz
zV}vb3H_VgXsjsE1!Wm(gI4fg^OZM7vmvXmyQkvVIe8)1vKZm+{TUO2ng1PR<Q*FaJ
z=Y<kkLwbxC)rS+;vMzkDiap_ymr9-5R6=DRue8gyBbh2BMDvPG+!@?CPGQRqSeAr|
znMwSvzfY|l^VZo2Q6pR>YZOOe+O|)Qdh5xpYu$pZjNmuN&<q*rzw5#hUE}x)+G0aT
ztj;<S)M=Mwu+MZG*VbQWf@QES^(3*uptC)L1k=gVWp!(&-LdNdf4fDaaSTckZ?D1R
zNZ<9JwzXNb__X4KinkKYGvXn0f|aY9n^fl)xBjsk6z4py>u5-o2l49Z=;=HCAgd=s
zr=|={t?H#Ei+T^YaF}?FQVmC1xhZN9M2;Hcg}C{AEZN1^7&%ulx@v^-(3P(*uR2{)
z3$YTd7?rd^6V2-WKr6Qu^;>?Wk!Oc{7PV;5z^#vAZ#A*_v&U#;iiO>Jd=r*QM`_m5
zkTr({wb-Jvq((GSiHAt_%tIifduh<X$C$qThO|w>;me3*uMQnZiecEf-c#|!GX8*!
z5CKP)EsfB|bNo!IS%FDiwl-Lasl7%mnNc_&n@;5?Ixg7Rt`DR1{MOhjWgaZ-`jIhb
zilO1#C@YR-Qn9cd6XKS;^7ZPpX9HEFO@hq)!Ko;$j!us?(tzhV!M~~449#y}{=eE)
z0qQIZ*o7rMSYwLT<$SbqP~IgPmda6v-?@Y#x(5QM%Uz%K+975~s?{1%&7FHyh6UV^
zt0nRdPYZdy)yEIcEaPm!mT$Bwd&Afq($Kh7Ygdy-*_g#@f4|~8F4)#_N|lV9N-P9Y
zg9f_shpn!z6)E_{YG03x$q7|h`MIY`hm>0d_$HI!w`L|L92+KVBuX7v%nQ=q%;O@{
zevMvSf`N!~vVvKUF=zH%3ZZcgcV{0JJ_0_Hi)YLU8(q(E>D99PoCW#Od@+F2#nI4s
zX-3+8jiVcDVlI?q08OKT<+rxqnlq!M*KneHwY0LryAo})xy-?trd;$<>77i7Ol&*k
z5O7t2qgMlr2vdP$krMdAQekHdtU{kRMbW-yM54GUTY{w#P6X@0&>{UA=F5;{Z*puJ
zZfVP_J?WgJLn<yGG1RhoW@JldgbY1K9h}ord8S`Fw9(eN(}!;j{b#doHEUx-Rac_6
zMxE)wpw8D@gPMmqdC+-krt*YAuh89e*9t3ZB@C`uf=e};#-r(zNB0(Tp49{NlllZ7
zwK&9d3427JG18E+Pk-E@IUBQXWRGxtr@mD}H*(C;F%&5RUW?}99yeMX8C7_h&;T{o
zzL)`lhSpSNi8Li;@}!Ds5;_Z21T$Njq>!%Sx^p$JZS({yS9D$G8ck!^b;US!f+U@I
zZ=X$R$8u0|eBtcm-6sRP^m5ReXSzY6+P){U#gwT;WizD7hZac=OxYpYeS(Lm*NxO+
zB^UGyYmq_ga<0jUZBS)u)zycL?K&P@r`yxQF)ej+I^YJ}vf-X(&61Vd^4knp!q|Ch
zo}IO17W+i~-gRi6%}0`>LlOj?<i?y)gk(un3&v{gOj3q8Ps&w-O>bdy?S9sJPkfQ*
z6BzTFWG}L(wF@ip`dBI4nPuSserV~6c@A66HV_J3!1YD@U0$ktupi#tq!dB(`Sd}?
zv}GV@jl-w9JFW_zGPjwrb<#Asf}`$wE9p5W+e%`h8CuC+v4%7c{`_ft&-i%Y#}K!!
z$azb>Ib6aU4NvL)!&><kff$3X{JUGzqjv4#s&c7->l}7jlrYbFX0cS9$yC!I%E)%f
z!lqG83~Ni5Gldi>=)*t}V-yqIgy>g;+zaal!lcwjL<ru4q}75|8KpEso=uGDn<uRl
zjGA@cnbK^*r}H2il7=mLOOy^}CdM*ZQ1Q6Ry>w&d40yOo#)SQ50lzHjTdKSaTWZjX
zD|bZ<XL#tMdpB>o@<ELIRHR$?O!%Jh0ZFpRD{9_+_QTuUfsisZ+(prN{wsAoRIKbF
z+8qLl;%T%XZ}^Z%;y!V2a#3N*rceRahBTF<rm&Z=y9lf4#gUFsC2E<sFHbl%mA9y(
zgBSYIs!wkRrH$dxu_ss2$N)8GRuyCEp1X=)biR*<CQ4pVmB6V-`96|doZt|kptdFR
z#3iMUwo}AAqX3zrHW5Rnn!g`#=$Ydg>iSHIO>!dc*zBkI=9N@ceIvZmpr9trnS9{E
z__jU00&b*Bt;!Daeh_XJcx=$D;C>`rAyNOKgGZhgvC-wDrIP7lf(Xi4O;|#=3`4}H
zP~lYdIExUf<%25ZYy)QOl+hyUT1gOGhq-txH#aG0Xz%H2g5|cf<klgxhGnm{VZ}L9
z#tBuEYuEc6s*+?=LuIX^N(t3?24E(dUR>$Y7tMlHi6(c76-|bN>{JU8P^y5JeP)#H
z*-8<zr$<C--s-ri)lA^Qv*lvstS5LswZe&6gg9@yW!i>}@de3xOO<VqY-w%qvwN2e
z_2_t^FU6`*)?a%DlGWLlY0n=?+sO_SYoMqI<D*D~_ouYR_MXlptdcIsK`OPLzCyLE
zu{jhCT(hy4CL0rfQZX0<y$CT7lgHOYTo`v-94#Iw=v%)?tYA$w0bR<cOa@}Czy<aA
z0cf2~)ax`N%E6af#Jv+yPK{AlG)+DRY&pjW16O2`QmdcJ;L9}7^)97*cX1J6V_23D
zb;c0j2#@V?kk-eAzBI*YTt=2P>^F587$+6WbOXGx6nJa-7ztBX7c{I|(=Eaj&t9?=
zNw*vWv4&t~F)LxRISJy&f2YI?do*v^IMu2LXAh>Hb-c5y#}y8I5)y9$iu*V4ezidv
z;sI!>Kn0j}vqK@?D!!&GXVi@rlb@F)TM~BrG6o`S#iWai7PsyyMx9n3Idafh4I+gI
z7>_Bs(z(-7h6LI~c$HDS>o~7x*8LUkvLBm91)=sQsBVMuexyZah@P#ct;=te&;A|-
z>C{Bek&}amy#uXUK^oYHB=@h{UhtA%U8)rr2K>JM&u}kSA&lp$QnPE+J+dbWu~c_V
zN0RdUkDn!q*CraxcdhdRp~jsP#(2A-lM9y2{O?x5&MWlK^=C(e*4GA)_3mfS_iM+%
zmqOKTo=>tqisLnqJr#3yr?Z}?8ZbOvn(J>QkK`0YkUi!FJmu>uZ=9{Tk!x%CXnv_1
zIK(@%DPanfLWBUCYV+BdbV1rKy*OBpri(nJveN)lt`a~yYVlk0J#d7cV`)vUVLJD3
zDcJ|(`HeIoYm{l8#fn*|D%itpN|n#je7vPA4}!EaD<zO><0p$XTt^PQ={qXdZ6W3*
zN_ENi5RtXE|0z$#Xx7O;Ich{SZ37mfOS&xRgi-M2-EK}+Bpn<9HzLg<)W(@_-DJ_J
zhD$gIr)~^0C6p2-9cZcA7EzmS4rPp)AfWwRqHDTDITQb+P0p)2+T!7v%Kx#O-7VNE
z43Y3#U8ETI-q-^PClwXPk}53gNw9UBdW#{%wh7S=e~XKpGQ_s_y?a_Fd2HO9u}7*g
zg`jbgG{`zz3ovsFU02Ie#t!MrG}KluHJq<X+8CfQt*}h1ac3sH1eX&EW!xNP%_Qqx
zTXA%&BEBxtoDYgm@<4@Cw|X_%`FF#_m_H&6SNEMDUdhBh<d{27IVnc+r*d1PenRXW
z;c>Ejl$-h=q@LvxJMB8P+WfYE^ruSghM23NK@-Itih9sfzEWKaAxZ})j@UI3MM=%3
zf`;y2BCJF~F9}6+p68)6!8-dLYvxpKZoNF!cF(?aOgM571}ocVM)T3ct44UK6r!pn
z_GIF;h=0ouM(*oIH(^UCt6g-)Pzf`N$F-~lhw8|9Mw|82;l+rT+h}bW7F|8chCQZo
zz2`l*clW6Xcu12~N9xd|>8bK|$B7ceOhg6(rHB_-j#83w168hk*c3Y;Vnyc1yyN8F
zjJRvjV+XR_V~6f04ExuK;$mBE*N_FuZ9<9jV3bT~69c;($i5WTg8Q6{7Rtv(qK4~g
znN6SF(kZ5b^6uA*Pb$pl7Rr>+X;ZeiL=n%~v0_PX(;qM%bPU<(mCDHMP*ar`tcnRe
z-lZBiaPJRj&f@8%m>mQ`vhZ7J&#dk)e8-$>ljE#>6feb&oT6wCRlGxbASsSzNOc8D
zvqU>vp}LXGoJjI9upHn=uhXp92qqPNBhT>KCC$@jdzb57n2Pn!h>c{5Jj7W|%az+z
z3_}<kp8Tn+?UAaw8D?`1CGGI>I{Yl{?p(?lVh`ac_fe8PE@Q5gk=|`HMLf<7XRKXs
zEO?lvqVr?xTciR6K3*(!$KwJRIKGoQ&boC4F#8=mzSec`9V5n5L^uJjHw~lxyaW;$
z&MUMES7+6u;ZyZRw>_`s`PHo<*1ahR`xByo6Sh|YgCBD^gD<l99?c9-tXT>c4Y{)&
z763fLq)YikZ5=YS5tn+-@HK~(NwO3~Fi~nFwnjW_(pZuuDOD_NA=X`g?{){v9}S6{
zBpQMQ0xqej7ZZ>paS}m%QIUtTTnIMAm!Pf);+zqi)K7%O!A31>v`yx1%*?Rf6EI+p
z07u=Ja%9^FbCyc-M1YIfGw<}%QaEcwg*x?=(f%6#vv4}}*H*rvd{8{=ea@b;d2lcd
zlszS?WTca(+$4^jIYzPlN;HZR_x21CbeloN4VebdA$qswf@U==V<1P~FPXcoL>4ov
zvo{MpWlvIC8|<tX{8&O+mumM64dbC^3RiP<yGS2?dY^wAGGF*j?O!Tcvs}2^QmOss
z^V%6G=B#CYSJU>cvwT723d??8uF`Y_O&YpZYm2t&-(`j^*83sGLb9R8IG)PJdD-qX
z`%|%O>C&cIlRErNl_X6;Q6IXMy3%D+hn6FFBM9Fm!_vLnS!G=-Dw}H6zgVb=afLX!
z&#OR-+GxVi1qyYfP_hivYzn1Mfo+)}QG&hje(+k4Xz+oh3SM$F<sLtMj3q_8F^$SO
zB1nccV=}a++Pe52!iT2$V8fI}B2*yVnHdA6kAN68l<v{WhThusB<!nL^Ue3s&L>i*
zk-%{*#Bps^etZKI(zjvPAzm^lE?8zf!#NA+_F-+I)P~IMek#3m_QL<jS#nnh50>f>
z*J{Kb^AdmNR_&9dWyalVa2=;Hc0n@oKFN;c_g9;X5xF;vfBe=K?6s;es?y;&j~myD
zEVkmBTF7{UvO&Kkp1LCQZa?(RdOUEWo{}4oR;utXqCNZG6+??|mq<F@_K$t>Hz5Ou
zA#upMt<YN26B)@lj#dztAaMzeK@>q4qv-Kj(LuiHccl&4m7MNC4W9~H?mtzg7c`6<
zUqrCe&VyW{R~}$C!~oF{Rs{NJ0z}gyhic45$CR#4o6#c>P<)LzU$W>NBcWm3eFjNf
zC-bepTUBu?^8&hZ%d!{~w6AooT31bF)|BlwU^^<W7tWU$1&<&il|r0#HYHx74usvt
zK)SE`tZ|_y##hvpTUKiqKP<rCg(Ra6_w7_)4Al70m~-(tZ~DrPbwR@*Bkes<Suo{|
z7RrMua^L}d(Omf3QwI~{%iOWZ!5i~|MaH})Cc44|(-2e;5%f-G5JYYmvN~gn@k6Ad
zPA7NWmlT>V$ps;QOpch|Ugonu;By-aOS#8GJHn7A$=OK^or8mJ9QK+I6@X-Ji^E8P
zza2Tx@6frSk|10OK_D7v9UGG<FIi_6j2{uoSS!Ud;9sRyW1KwlW`(!f9fEe#;r5H?
z6|&dcv%ANOKfG-<hq3FV9QVn(@2p1$t;V7uZzt%lz#N?MBVf3DL83m9{*`+@<^5qb
zF?-Hy4+;Ws1IJI%3;c?Yr)tu7*-7X~C~LQJ#x7$eHKTZ!5^t3N6&UEcpAr+f3SM_8
zxdt{9#r=p-!bwXyvFgv&C;OI$+KX62739|s$#B9xV{ms7pV=K@;TWnR-aqKaGDorn
zc^wzf7KTOJVh5ltakF$KC}K~)U5CMrn=*K7A$|4Sjj#vr#bqC&Ng)Fm5eQl(w_fOc
zL+}&#;kgxN2iAkj-s2T_PgTH{cE1AMZRvO&I=k>E8zgw;+=Xsa#vF_Y0<0V8PfXgO
zmEAOqEvp001rOV$3Sin)^dKo_FTcfXT_C;<TUrH@3l_S4>c_CHXg)*&gVN2SO>^N4
zsss3sxRpQCriDL6F1z?`CU@&?X_fBq#46x_I<)j-T(<Nl|8MQhU>Rw$zrz2~j=2l%
zmX(8u8sa{!@eY!T^J;WP^*;@eyU?&oe~=Zhh25uhMfH7b`p0&yfCzUL-}TG>=#k7p
z5uu6P%-YCJMN2iWiy!7EI7*E&psn{*Qo+!I;C_GZj)`qSrq|tP%r+0G70Rt~wyv`2
zsr2j#9lVY+k36hSSYM~p);a{I*TU-X^wO{25l<jIT+7Jsux9_ocp1gmIs|r~2}i`!
z{CB~%^5Z+~ffnV``E`@5dqQXeFr#1gcH5w(aS_5HFQnw$<#t;ex${q=ZU5wfMidZR
z@Qo^he6WqW*6{+@a>D3I$b<>8KreNKbyaLz#eTOTVa{EW(q&rG7p5)7Z%h1n+@>rI
zr|z#&(}(BeoVWk$jP?MUP(r8azceVU^BLC@yqj(Mrhbodz(x=Dy8-*Ru{CT;?@@==
zgEtym*>X;qrb<Y>>~tmUI;z@6*WuS2j(?^LKWAoZz%F+XTcp7B?@NGP7x9`en0i~w
z%y!XazvYaH+orgCYXImYE>STc8v7#doX1pvdN({&u;pyL+mc?_sGqlH;Er2?9;zS2
zT1{^c*4UHK-B!}Ag()K^M(B=U4RdxzO2^8BrI3I>nVQoFJwW3OBV&IKhubwHnDX20
z;pyG<d0_B?<$}NmjQqDA%mwXn6=VpdJ-_jzu{5IRSv2i)Mr!xC%gK_{!D&kgC52;7
z1npfMY4}qLyg~sA1nayEzHmKlSN*$ecF{@NL6>-q${zjPrUO13oljIModS@MM$}Ys
zg&OCqelpJw7{IQ(tmZ*Bba@fB4n~I`Q&J%L@?ctM>Q1)%y2$nFuZ{}6<FJqx)liS5
zJcPvVqhyg@$4q*=bTwW=do{~y?|uVdf8UKK&^ZJ3l+wC$hd!?%T_)PntWsbcrIqzG
zTDY?-g>9yWMr3l24qCM?*CH6|Yz*D}GS%1&c8x`J`kC>esX9TE=m`8JkgNgAsZ~Kj
zR5Y$)jyaz1P`7BXsRR$A$nM7?nIyCbBa;`erd{pb3{X9%r9_xtV^xtfc6+obAGd7U
zMw-$#uCRvF&3hZCN4qh>TL|FBeEYg?GqIhJb=<x9vOT`P$?~Z_;WQDyAwKWq_)CR<
zk9**eZfy_Ske}<5YmH+J*Zo<2e8jM0vwM3Ft+Y$P8}$qA74bv=;VG~|8+y7?>X6b9
z7Q1hGge^hG46{~6yw+eHt9<3=AQiwbAhYMurE?f>athEK2zu4G$=9J%P@pmhjix`r
zSt=R>-@l;jyf%!Ya0?%s)HZ*~6u&s5_P@php{LxP+5cAXr+RHJ`jhulJ3Y$_Wq(%+
zXa3GIcng&Wf7`TECrziR*pc`3O&#@h`SSa7r8V!znGq>UcIAE9Dq*JK79rBgz<*x4
zH9Pt~cfqj7mH$46a@(%R`|^d_(Q*21A!|RvkiET5Q^Di=_yTCRnR{KksnzehIWz0?
z!%=u{+Ch-oZk!vcU997h`E7c>)sOsDj5oBk<lmO^HhG@-s~tQW<?pPo80l$h#IG8n
zU$NgCz&PNISszzG)79@FI(w-ezRw?O2)d8f+I$~dxR*uzr#SB-JU;)?+AX;A`zB)T
zCUs$tM|5Rw<Rf$J#!ZR#vyB|8BPS7gU)PYo18PA?cYGXPzJP80)?)I+XS&6-*c{H*
zdRmrYMjj#;J+EP~8ze?>9TVu#f#<0LS+Fj+SOL6;Su{n{^&V<g;sHzLl90m(el1X7
zL|Ydg<Qpt#9YAMEUR9An1l<zdZU&--71AGg2SbX6Y==$tqu+z<y&DKVAW~}A5lfLS
zLacQb1ph3Nz#QqDPoyPG0vlL7<!{F!DDoLJ$Mbyar$jieqMftN+vmz=PXoso#TH<Y
zB_6lFsM#7af8wrA!x62DWgLXhANNMZl7nWJg~iUh_w1LBPNikp2TBi3>4e@JW|~@s
z?CDlGl|cFh+&I$RGMTJhjZEqG6bdSb_W*PXz?H)OK&Xtt@lsX*m3nFLPZv(nhqX&?
z93~FSGoaRQ{Mc*Qh648-6802+jzT9WG;2{#X=kYRYF6`4Yt|jSGlv8NFw?GF%FYld
zTde5*ikOMB3tB(gK003C=7x4_3@|WKx4p+VV6D3{NN_o6G<fb&dzo9#qTGSWP0vuR
zh~cpSwn5TONJi6t3xKP;Gc3D`o@`P4d&2?&tNAR*=?AZdS%3{aQvob{`{i)NC}oVJ
z;J>hfhw`D%qG?0yI49mga<KDc&1e%m46d_BLver$R%o}jhXCc6jj+!)4|HjEC>Mf(
zr}7wgkEF)sNq*h-kV~5Q@}&-^uof+Rnr6~awRkmk;J2mlo%iB<Z*6DP*}DYw_nB|k
z*4ua*htRJJ$igSEhw!eAtG0jVy8nu^(ik(vz65D7ZR5IqyGiw?jXm4|si?uOX>#u`
zTQuwE7mV~W(?Akn=B>yx+e~i}3JEK0l6C~DE7p#W*@1EECl9nU|He>zs<ht*VBPzH
zO_Z9&m)v?`dLL8XtRQ+0&)t;^HS>F@5=N3+_9tm$CV$0++=;%*H#n%SGdx&`RsJ*d
zxX66iD4Y}D>zj(fHCEeOLiieJyTiFrNNZepocmY#vmA5>Ve(7S`fS6$WwM8&_0^+>
zwJZ4LUJgY6rMf(%IoD!Bd@0*CGT+a&f<QdK-e5ayzwfo1Kbvqo-f({qRwF?AZl{0H
zo*C=vM=hukjCh>TPFU>A+0nT_g2#O;*BB(b?^U+6Rdx=#GehREId%@bQ%8Eo-Uc>Z
z*TmZywDD&7s|1ROY!Cf#L<@EMTrd_Lb5s-v!{Ow3`%J~-adU2W%IYa%q~a7H(n!Hy
zu@ce&eL=0W0%G3|`8zQ$e&J~zzTOR!*I&RsFJSA-qgxjO=-??8(31yCFVT=SSsds{
zNGNbh*DebIum6zJ1ChV~;$WE*J^acQ?-y-^W4$(mKmVlaef!5=N7RU}mJ}&~M<Ca2
zu+$QJ&z&zT5zqL=FIM|=wY&$kQ{4hNT$AW+*a1NEwe(-V_YwVZ>sEoF`xAx@!qi|i
z($5`sZ2KTH)s=efRf>2*zY!OP{$;<ptR0McbU)-U+xTxe;d#hGZKR>&YoVkijAl2@
zek*QI2l?5^eHhK@{0n`%3T7IkR|NXT-Khz0jB5al{+%$^?T~E`?7?;q==J*s>bO8<
zq$>>_@Yv^Hd$z|ZO8V|!PPbNrXDkNZbHT3F@c^gW#c!~(>#po7I;uq453>t}V;^g|
zF}Mod0XEnQ%I~#zqRrU3p{A$d!Ft(mh!3mwqrKVv?XX)Is}RV&Vb-7WFBo@JawL1T
zzop&=ZTDMn8-3{!;&-1~{U(R2?D{vpz26qLzK<53r}6fWNY%q^!tlBDqVS(lmJJu1
zkT-P>3Reo;4)OZ(;o8VOSkDUZ|Mltm9)LT~<aihKACrTlfDTF5^HSpdH;DK?{BN7!
zq8s^AMrsp&?2>(MDaK}D7I*V_{nQuY<_J~piJH+;tTXP;05thdP#%8SQmL|GGh1kP
zZJSeCVzWH?g3s!4ViR;p<}jCd$L;UAC(F*k$8&GFCr#APJhQ*(Bo)8)Y;yD;fTAqU
zW3l)zK;6EC(1$!gUmHep&Fc=09n0>Et?|GR0?PqG3>ZmoJ%s;yI?Gpz`vFv-M346N
zGVA@AM_^vQ@i~YXfYrk!g2rvZ#ErF1n=IPxb?puIYH}-p$`Bo9BMQcI7Y9d)8vYw@
z!Ncs};?ROdu|C2$HI%$^^be2>&t&lICx2PoVhvm|9Q^jn%8)sq7y0CDRQg*Ue9g}w
zKj#vyCemC#yuwnmW0ktPDo*e64+<<1_z0bu^u-Ksb{GWmSKw%MP{tPV_}Ya(tx-P)
zN`60cvT|#F+?$&!p-|M<f1<QG4488>nd6c-%YVxW=@v-iU!^_7wPgU;&30g!eQK7W
zPGDGk>WM(eu7f^-JG3<q%OE^2OS=mNU^)RVc<uKi#+=D<E=jupEg)O31E@DGKCrbk
zzcH#J1GDWrLqil`t+RpaTh-|BrJwzI?;^v7K$`-i<L|k{XE<)p;v$(&pGK4Cd7Ul4
z?u4-K?iD02&Fyhsr%NE6+qtTmyP>T{MHDdbqAbEMY#{?sv^#~~IGsNSb-WOG4{7=f
z-Zp}V_;<mF?EW82a@R-}yrq^WZKsosu}YV{7g56OickK^$v0s8+=AQJeRvAF6pjSl
z`CWYX4JT~E@zHs0ZJ)S4?;ij)!A<kHO37(cm;jP$S=4g^Dg6N}H9?h?W2UNiUo3}^
zQ?~?{Q?~*K02pfO2_=IFyCuGZ2ZSygtPvTd3QThb9?YrM3ic2<!4zr-<9=h=OEm?s
zIkSg(g$d#?zAJ6SQe|M%=7HW!3WXT_8g?ax)Fi{2biT*#PA3O9V{#b*)D}+P58x7X
z^X=@Z84`#T3mnKPDV?yB67^VAQS~T7oy}0Qb2KC)a&_J->_G(L3TA($_n^960*yWh
zL|S8`2bv{MG3hspQ+<@UcsoS)?}OwDT7CM5(f!MLyd^%7c2D#pb=PUj*^^-58oF3<
z+$Qf|EMZF5G|6T2C^EO(e#YR9&SN$96pG;h$=EGOOao}xu^t==lAxw7XeBx@PIZts
znv40JuTHbKxDnXQinbH4ZaQQS?7Hu-tf^R|+%a$*8%V9dn4B#}EJiK+sSjslmbxfo
zSp<N-g~zj|4SD5n5-+p=ydvA@&u06QM)}x`Rr_`JU(cY_ZeteFcrSM2BQ<~Yyv$D<
z#NIH&7C3ny`zxFuDC|aWNFG0Y&s7|_dpaMK@FXv#K6CZ9CO_R_eTvOq39#QG2!>bf
zQP0w2{R+oQnQ3`MNwhQZcfrOOj-H_FlC&R5d$79%?t1Xur+MD~fa?B_9WO>S##P{^
zv*B?76MH0ZNAv^7oh9<X6$N+mnk%gaT8EG!gf9IOFs=cTFomjJd}YZFTjdwi&uepV
z8KdDx3H`9mS_n|ZYC-Ww76+Iy_mxYS+zH1%1tW;4OXdu}vy#L?{<Ui5HNd9&Ec;g(
zb9U4&po_X>j-Z`%6pp3N`OBg<B>Yl^qY<5KH&<9vIU{YW5V;|DQh&E4r03xCS&`#e
zs|)Q<8`QviUjr&q5!e&z+g~^dn(2Kd2)H4jFaeiBb>qvwF$g0Xj0^(I7zx}-Q3jPH
zPX8AGN<g*0PmvAbZp-dS4Dq{(@jq}Uij$4((yQ+nNuW6K?JOYb)z8Ki9&Z9A%P`hp
z{emc-79cAQ1XP(e;kMtH$?G_cJ(aNjQbXC0;BLe*NqxIyMdCbsgg|NZ5=bFl3+Fl7
z)>07sMU$AQFJje{h?)fk0c&uuBPbA_QoHA@g}3<@!c(FI!EK2P!yxb;m)TyXRP|D}
zF6R#XX5D1WV*m!iPqZ*N!59cQt>Fh{Aox;jC&gx<=FT#DXvke|J%w-}{8YI`59dI@
zX$?QD1HqTud$~1ZGd6O2q!_<Bcj^5VtS(Mu2m(%Po+3mLd;xY4;Ls`3^K&e)_rMZ_
zpD4zdK_&>u)S**$N0oha039FRO=T9Ci#6m{2#@Dw9n)^F0hN6L^El2M97?cqW|cP?
z-VctUiJmpkd1u?6CUnFn1$!0|E9wHC6d<IiT!N8Aj#~VGkr7|4QXxTT)sRI7%I!5v
z-z1U83L?BrXkhT*L<<3FAq-m35ni2Jw(Ax;Dqmb|AfQrn7T7sTp_fmGYo8UD9;Bsb
z&_ZlEo+oCk6$W5nqC2M%oJy!H&UA4SAg7L^qxu&J5Jn5g5_EN=z-~VO6w!f}rqb_|
zM1`doU~9&2B}v&*3d1t+FJjKIJVu=I+U{KS4jsoAlNYpt-iF=VjTs*{`U6N#7LxO#
zf%kIr##bAEWW+zyUMTFGRqz&<A0{<jla?2WjMX!AJYP&+&<Y|CyU7@X({G%p!f1rY
zBwgGHi09}BUWT{@p6P_(nN|q+nd26C)+q~|my5RJP8ggeP|kVW!&%{6apR#zm1PSo
zu6bv-7ZHK*l$b#9CfXJ}O+SRE`vAea$XoEV=v#oR0<hhu^uPi)eYkDNTRXVQVL`y8
z=ZP_Xk-R~8iOfNGPJb+TS-&8>tZxvW*DDKNre7A|>X|9|7fNsx$d~Az1#UWsLd0`4
zc-2n}j(YkXhWyym=gE3*(2rz1N5#{_zM**h-AFt5>Z5LU^m(eD8+4P3=ZJWE%)vtS
zJB&E&=JPZ?H{P$I;U*&UJVN|fgA-uJAe;azHsJ(_F$*U^-u||O=alkR@=f>hIh5XZ
z%IyH@LIyXm9E@ktyu^+hCh!>)Pl%dlG4n2Bx8h~3$-E<cjc{Sz)_D&e2f-^J1LgsS
zr<PYQTk^eZx%WhV*Co8v8F<<eIF1zIHI?xauswjA#=W=w1uTUn^4<}?$WlDXOs}TG
zOEquYw|4>XF=3O8Pwp+LhU(*Ec}_AsG6+);u(*lG$rt#1Pp}a0$yy6M4fV;0;8epH
zC*(0gAD=si$#(Y=9i6vv!W3~tmZ5UNydmDY^XZM<(X7P}WKY4fyW`ot@#xMx<-Rz(
zD-JC5<d>ZN5ErcINPmLnI0+FtLXWzG$&3$Co)^4&^9dScS{<x9PtXa$Gp!K3?^Qje
z^blMW-(mQl+IhOM0tijuwSX$%7QE;on$H>v8|v|!MjMisH03>Tdpy^M-6Ub1=k!(+
z?*y|6h_=`Q<XH>?o_zn3KKheyE@5yVne*sexAh;K=23L4-Ui`=9B`CkXdHV&K0UAm
zPacoTk6s$X$ed3%qE^7Neor1#yc!kMI!_&kdv1aH?CGj!ljWaXB)r5(oG-*et?=ZL
zBF|?_>=VsV>LM5@SL5Vvm@q91qLFo>{UO~Ceso0ZP{;Obd!7WWYqAUMoD(@H(GQk4
zfh<`i>g>aX*U3w!WDXW}9Et#UvCsFQm~}7w_>IiA-s;7P!!UU1we#pZ_wUSuz~wU>
zeO8cpU>=HstnH24`QSqv7^K>tehFyQLiO6#T{|~l+;Zox)2G2~a<n3;(p>w|wq6^d
z_^POKi>0Q9wvw_|Wr}9i5LhK|IJj{e5?GC5D2=)wS|}PrP~_+kM8nbOTQ~y$CoAlR
zV{InnlN9{@H<$!~8UFo(9jE5sV5#5!^T%(YGrhgzP@jnX?T;gd-x|__qqDNC=5<w*
zguEn*EUih(+i!mmJf&*Ct1{1BwFJ1npGnfX%0!H2e)|sqo99$qg9Y$m6JS$po^!cs
z!uF*W!?8G5zI+PCs+_k<IO14yqEX$62ey?q=Rvb0`8cMIZK{$E<{u~HaU!WF@w)TW
zdXfZ^;-xIFNrqWy_Z&)_ZQ8I(J+@M19CXL72b8WYCC9++iL{gSIS|DP6vy9DWPFQ3
zjH=7<2_1B5h`gkL8V{boIa78-{+Do4Bw7+2DgiN9P`b@?;@U9zz%Nk$426zu{J3tz
zgBiR0crjUCat$aPy#^j%{eh5KWrp@*eiE7E?>Ay@)oxjq%C2h5Fi^JjTxImK&d~()
zjK@kY=#Bjd{|MWa^kOWmx^)a&0k7JGh+8*W`d?E^|J!9%?Z03O{qG|j$973YVs!cu
z>9+;%dcZwV7sJ|FwT_Z#3EoLBpP5IGbXs%%MV`a`JQ{lo$8G1)^ZaSk6AN`uW@$KX
z(JM}zU(ABl&ku54&bwBT>xv93vm&FmVa*FSEAThF13iLd18F$g=iim{pTD7U3Cz>B
z^nhvk58}56K7cj$rshFBPHJ~CxMv5=aeBXvb=*q-xY@81eu6xX1hM6`C7~V1gE&ec
zaj(^Iv)UTA+X*1>e@<^0olULr%@2VRL4V;2@CS9!6&4!Y<8Nvx8jfU4`3ZrM<E6cD
zA$C7jswDo;wPCmP)WKffC`$B3zlfXH-EJnazzvUD4jU*|;_>i!NFZRcdMxl+nR9h&
zPKwzxWBS*>-%h)y@gypesyS`x+~T}%^yC`b`-ZndWSRnkq(soMQ`3JIB%&p01km+4
zw=*Tj8g6)3G5j0;$!hf7ocd@2z3z12G@v#^1nkd$mw+5&<o{NH&;aH8-TL=ZHSZV)
z-Div1-~RZ``e=Q+b07mfR@rd$d3Lqd0T);<mDnQfHyi)_@;Sw~4t$+$C-9&G#C!Si
zw%UIm)VuQG9m?5t>)wXGaUyV(%uZT;{M)jQWq1Mg@BjI6EDZYmoA|$Wc<(0nD26?9
z#CAmU_uux`dc@8`w1Eof-mP`E(P!Jixn9jVPdX2|d7fDA=@lN%E~CrY<-sEJ#!tV|
z8mm2<XDd+_+1HG;u^_iIe<b-92LH2pU;AR^>^d5DE7_~r|8HA{+(@oH9@iByZPEhp
zkPoJXV_~S?>qmj8^JXoa`&re_yqjPXjImvA(UeRX&zG8AKnTd#VVNnE$mAv7SVac@
zr(}R_$(vc=Wbj-^5!i$yFO4fGq0Up#^a5okRMUzQz%L_Yi4!$gLeWK)pv3*T=y7Gn
zG6alvEm$oi16xYa6wj;1W!MXD!>WY!*fuc(jugR(MiX;M5h(2k@sIeA2<9jDPXgX<
zG-EZm*{zGvr_}%oc!B;O1aLh-P0NHc60QD_k3@*9W{8;KqsU<Hlhjb=Epq(x4g3R^
zvI6x6L?Hwyd;?e^#cyyTeAAZf+p!?9y>Ir$*JShcdc~WT06ZMv`9Lw|0ywq*$qB&I
z3d!Q)|H4pzGX4iQ%(c7QaJ{^cvH)7W!Lm45fWNx%|B91*b^`v*S5~^vgx_}7e6cg^
z#>Mu5*~Bw+WG+_H{dOTerc-*VoN3LaXt7V`hxyX5Smt|eE!x|?Q(U(#boSNdBp+9#
zUT#$Hm9uhQPjSt~pd_u=$;hTu)|-p@q?{h)sm@wm&Xyb--!rjxrhOn|yI6ZpCsLwF
zvPybBS9a`FNCXq27$WJyVbjlMbM<^~k);-kNwzFi%h}xfum5>jh{>WhUMDhzX=)ej
zw4?1xB9qZ8yVz#mkF@5?$h^Xa@}UYD3+-54QMP1yyX`J_X=$_*8{26|S=RPsFBX&!
znPy?n%-5-Elq}K7g(}5HwcvEl9>mmPJLZ?|`A*A6OJXLo8JAM6_g1mlST*9QV5nc%
z)u!)Jp%l%e8D43`wp3@cl9LJ(-HNq6bts2eZrJ1(%p4FRj^pc%I^z0~9Me%{a-$W4
zq8O(;4I!4;1rzj!+$@G_zd;Mlh{hb~w3JB~lT&h>ip7_yG}CQt)m9}}?7eqadbZc@
zx3x&V#%$Ay$nR^NL3Y~8u3~w)*sr!Kber$0i}fxW7t}>%Ie6Cro08*=Ov>e6G9u3M
z^d=V<_TkWEPxni?9NC?S37(1O<8v}3PBU}1G7r9oN~@-##V5slGSZ80rrM0DY`9){
z(p=BN^NONwLj`(MAEoPQnbG;wrZ5lDt8uL`AFTVeP>`z+H)L_UUH7}m245?sgw`mO
z(0Mk|VKS@IPMx&6+IvN;^2267I&B@oqq?}>6)UykAm62u^HDc7&ArFN?Px)iw)@q3
zS+7dN#-1EkOZgI=m4e$$x46x7^>S|?Ro2z@ps^a}yUSuqs1<p@AF8y9PWSCnPujDq
zWtJDZtvbtvR`XP9D^`R1M6Xru59oZ433pbR;eH*<Co<h2XMA7ouKS1LvYcx0Rh>Ch
zR;}(~O;yF_p%!fxYjv_q%Yf+Va+++E3ejnCTq+jV9H2K=NY#pRcu<cOV$!~|+;?+g
zwbxK9?`xXR>DdlDq1A3P+l=RBmU^G&c1128>8z=2Ww0X)YMY<FSH<{#M^l^bIw#cg
z$zCaP2oK(wL0X{cOo@|I&1`;`U=M{Joha3{O(znrw7U{F?-zHiW;Z^CJg)&hms!xA
zOu3t!Eav^Kup+xXnd+yf3zOelvQjHY>Bgax8j#w)-3?2OS|O+F5g3PPJ>R7l8r6ND
z<hJ?#AwOHsvr4Jd(OcbeVan&X@5A!Ge8?4as+k3Jx7I+&l-%~6Dfgq3Y)w{6sY7^J
zkIJoGOoa5YhunI@F4sFiU%kMm;?qoNzfLv<dfVw8)_jHRj+73`QGHQT2Y`+Pr-gFU
zmV8*V3cXGX+r++B>L;mXGT-WLI~#^vO<18LGf8sVofm^bG~evSnZ`8AHT!X<R!dKU
zTW-6ZY~M$*DKP7FTi}zmtUOyV1wFfqhGjC5Y7E9PZc4M99<4>lK|z@8HmQ1wtyE%F
zwzxl3>WL7kt(zM$WZIa1K0#8YSSS=3CWTEkNpY(+r&O2yWmC)T_05iH(WCWdk=)Fd
z>9j7-lVzc*)P#bhPgYDQG#rOQhgSLkG=HE}3uL1l(o0=>5bUdq;3UZ}!(lC#X>Y;@
za?0c?>+q&uN$o;vE3~OJQgI-k`yO2xN9G|WG)zTkrZ-M(3z^V_tfVsOG#f8851BAY
zQ7UuDs!VgN4|lCbsi!EU!ljvcY_Elb!S_Ql)JTs)t=ycg7lso`<J(Ojs?pXI3~gr~
zPjlhHys|8c)mFJ#D=CE`O-cRcNa{Cw;<QqO-&NZ2Rz2G8MS`VbWfp0u;nMbfuzcSN
zLZ%iHn^LXPNmqF#Pfe4PaV>XvA1CNZW~&dUY-i9UyKJ}4<;%;WriDTUNlMho-bSyi
zqCs)9m@2@OO@It@nFyV0GAnHnX2`sjs+3y%fnuA%NgMoFi1q12B{=PjqtmLQ>$C1|
z!*+S8r$(uIWj5>-feKK`2D3BzCzRjgOL9A(beno*wrIk>^$QW;Itt}NyV6_F)KyV0
zawRT83#-QazMIv_8AlmyWn;QNSn^@Hy-Z~4eI=e>CiYb>HRG!+8>)pXq<jd+vf)az
zTMRL@Tsy?3pkASzHEFHJD4?_ZXsx-6##)JKYMN@#2NA7M&LqmCWj!%nON?GxXXc|+
zu@=kF@pdb@52X@~X`Y_d3Zum|-m9(1;ZA48WusJU=HkIlS*z~0>v^%$SdIJDQB$AP
z4)mf%O$%LGY<1d)_^dt|&!W3{KPvav4Ix3clvQ2G(&K7jBvUHrOKFjK&n2g+#zdTH
zv0iw-QToYHP3G#+f*OnG1({7IX6^QJD&!N1R29f{IF#eU;w&Pi>hii)&Zc8hrBY+}
z$yuwK%<zI*o{FkYGV#W|Ij2Z&n%K5-2jCA4>F7F{&H(3caA;-t?MO|kvDIcSj6>6O
zBa~}IST+?@cC%=6y-v~PZ8$eL=$Tw3t-VuYb_M3%_h_&;jr8}kX|7GKb4ssC*D5t~
zxX&*K^GUDMDDOKFsmvC+LAV}|)avCv*)#hqOrqo3VNhu9%libya*^I%TptFDN@<^s
z$mK(LT&B~RQhm*nH6fLaHqyC1MT%9u9Zc-&Ln%-98za!!YM~q+x4U}^%wx+@rj~57
zK%nUz80USvKcW+5X#2YN^e@XIpnm}5<-Hi*_Ju@tzg>Vv>%2IZR<qj3q;pNh_qnVd
zqlEIIy)ehQxl{E5Czq#-Rw+FKs?nwT(b)y<BOy@(=Cvr3Q?SZW$LWHwo{?Q@78fOb
z&{<~$ty<X8*(TKmeO$`PMy$Qal*biAW~Cs_b<!DrTqnV#*2$D}RB|Fr#`-$Jj#ACW
zc);}chZ!fThsA|F7WDR_Po}GEsgP^W)`dnsM^CrhfF01QaACO+Tge<hRmoD1j%8<!
z#U!Qh)dHKUWwH_wRdz9*cWJ06a-l8NGR@7TeV8xmvo7G_GLdLZ7PUk(5x=B6(O{KG
zs`(zy0eVX-(C0!SJRZfA$h0wwPD(3@lX)gtkP|aHtTS1i8YxpbMf0jy&eO4KepKwm
z_sgo5QNSD#*;38*ZqsS1wbD{7>?YAoRm`d;ZKGLXHxOIf@;*Lo?G9^3nXF@L!PK!M
zjlsq^3g%^XTUv#-lkjS4(v!%{!qXxkTy3_f+%{9%@yW&}$t2T!GdUBgP<|wq?eUp5
zn9lV>j8@0<l{lOC2I@AV%Su|3)$N7}CwZRgPbUj~RBG_;#=e-C^tohc9$HDspcn#6
zfW>$-%*&}bw+!wpTqY{lfZZC+v_qOr7DmYmyQOw4Rjdo`w9&^}Br3$0ZK}tFM)_D+
zi;l+0$;n;}8o)H~7v)}RnJTy5_wjUXMHR&Anj~u@Qc3Hr=C-y?*YuvGWs9I+Vk4F|
z=eKA-oo<VCzP(}Rc_mLqCmajr;0zx-FzvA#et(Z;Ry*Lcwbr3Ix!t!D>pnoRPBz4K
zGFk|w$qLy5zFv~72YXE>l@3be{BTIhbKp_GR~q4cbt*5Z-D=os41yY|<u~y?9891q
zK~@?x-Yd!>*wLEhP8HCVuMLCDc0UdWsmeSzAFdD83FsU>h4V@xCh4>BduBEf`CWXw
zl2|DJX?_xJ2ScJ-?ziGVHzd6&Q=u$VIuwVS866e-!DM9B%%m!Y-v!1`i6l~da+;gP
zfa^L4mVy7$1ao&<n@{Pe0^FgN6i=mrBC)HzR^-a>gQ1#k^?|F&<*9KkJ<ZqXX_gz$
zt6?}nH5b`+uoItd*S!**UJWU|+S_HhSv;u<V2qd~Sc!zk&2BOiIZ&(IWV@X&SNrAA
z{Ju~Z((^%zRtuAqDt3T;?n2pUQIs|lsg`I6kz%2yt=L^A2YlL!xPH%cGy6nK+A>YG
z#r7>8jDvNyx6^io<g^u+lg;R4p!eh2S|};SNSzwh<N=r+#N~Rzn{+M*{J2;LwDWRD
znp)p!;5!w3w_^`AVH+PAvQSD@fOsV|X)$baWP7qsKz)ghSM`xp9(3B}R+NSM19?9h
zlCnPQ)yk_}j@e}jz{ZuuwH}o81S7mxEBzb?CSDROWGJ?mN(~_1NJZVwCcu8pfX$l5
zNBe$0!sSP^k^J847jmry^bZZY)o*kgi(-CT>@TH3)B3ItzN>@pf}3l336E8MMuQ*P
zU=FJFOu3Hlrb=!-$tPAC*#-K&s*YyqECm#3R|9=&y-)Hr;V?h(o6Gds1T8=`hYbVe
zz6$(?+Asw8o!G3&F1Ha2TP@F1A^lK}a5X+Xrqla2U795JOS-;d#^dx(DCQGfL#^_~
zLLt-c=wm?^I@RH!7^`+0)p8+8GqppM?F;V$+k?Dpj++_&Fe&!4={D%g49w?KnM}pl
zD4Uon*;<xqccHP(Wte_t3K&1(fHxq7tD|g^Zq*LSo{}UbDg)S{YzAsSJ8PHLz<Vy1
z#?^UU$gGoK9u%k`@FmKC{pG%#9u=s{J~l1OUHYI!T8(0^(JFV?Vy{(AG=c4%l=NaR
zUt1mW3w<0F7RyeGt4@JmwwUA+{05TQiyLE0@0de!(8@C8Vgux}#ztkRdue8Qpax`C
zDfhuzs7S?Xz%Sc31XZ8+mQtanfcY#kR_EJHqSUDCnO=nKW}y)ekKPAisHgfQ2>L8U
zYpG^+5Nvd1E;VMx(7w#->`3OSV!2u8`B<w`19Jm#^0)ck0QiZ;{k|+#;TY^D-A26~
zt!lO9JUWb~byDxpIZ-VDACd-hNlI#u2a!y%UmUiY%?+O@G?rDqF({?y6IuttnqR+9
zTJaQFk>cq}beo=sQ`9CI53a_MWuF^P=^)=97IVdDccbyaeK<8&lyRJ&RwRYeL%m_?
zkX@4GMvwPfeJ$937Za5OtBjMI;AXCbl5AUQwDPGG(3zPeQ|aXHusKlbI20rYk!Yn8
zn$2R_VTjemR3f^c&;LJrZ^GQRku(hd6%?PXmFyKs9X=Aj*{o&RPPDNTMUtIOY!?e6
zAqf!(FaRi7_UHfpP0xh^Fqr89K^=~!T!~1|J$+Ai&+-1lonR-P&yJ#B9}^n&_LpB@
ztbcQ`@B3T7jkl+%|NHNMu5bMH;&MIxxV`^+cY5^t(dnD{&u7o4KaPJmONPmxZziuU
zwuYOpcXxy6@w3bSZ9dwYP9APO{`Kd#m;T!<h|=}l-8tw2XaD`UM@Z!1^X;Gid;I&G
z>0d-iIQ{1J&L08MAP)Z8`!xL5+v8~eU+0^jo}c`9nEm+egUQS17jJ_2U&Hy2`}+@n
zB3jS?;)74?f4!U#onZWW-~WAmC%*i&v6<%Cn}3Ceq~G}upPoMh-SzNae~jVmGa^rX
zb4YOW?Be3p;ZMOIXa3P|MDjZRFFE=7bepIvFJ}pn3&yXbhkNV0)2-(O6rRs^U;XlH
zxW7BkfBpEJ@X*=G!OsWJKgR2SY#(j?@26icAB_pU{nzxrJO1xK66N>D1ER10L>R=M
zd&mFVyLhuRJ2{RCjUe#%zn=o&6Ir%RbnPF;d#7hV1!?fd{yaW>c=Y@H;?s*~&wtrY
z9zK5kh~Vx|zl|v$`jyQ0*TjzrV>-ONJo;hwaXO7oUyv_}2=)7Zz878YJSOrlQABrl
z{(G|j!*=$^%YVH*c>VF@^7Qq5_m`cYe!hJ1Z12BO3?_`-!v}tF`Azuy?=So}^Dx-Y
z=Hu`W|3!Q@OgAn+zIgWf(W@7Gf5e0)1+$OO*9i@L@Y63lyR(D6XJ?m_{{?^ik-wnx
zy*xcViC+Ag9ZddANgpqd&SH?ue%Sxz_3P~I?7y@5?2rAu$p77+{rA`1=?_1={prug
zJD;9E3{HrKel*^lzBt*9P9757d^h^|*G~A7pwHop7YEbu#s8AaBceyV3HLTYM%;h>
z`->M3e^~$HUq3t~y4S}38QI6P{F`SlKEAjheCl6>mqf3&W8h)izdzjF`Ss(2EINF%
zHT~`A<juc++kBOsU7Q>o{<{0G;PA)azkT^=8c@2OoPE4FIN1CHq>E|1|2kX0$oK!;
ze)iwJ-%roTp1#O_{O#kz(-)Tye|YhH`-gb@j3~;#{rK|%nd|m*q6!ax-g}h(Fw77C
z_u%c18^PguFdcp~`}Titwzqd)orc@{+s}V}@%-2A^=I4b+dpsr`tvRR{QT$Ri`U!R
zd&A+k-|TKbm=Yyq>jBuzw-4UD{bm2BhdaOT?*3bUz2cA0f_TC&iyN<x_%+CzG^$-|
zDfi3{zIgsDJmeQn;Nhg5TXx}}oHU1hE5G+P%kCaZrI4s`hFdSiXKADAG*YT4;{l!A
zC3xe?)zsl>n0c(NSNOEt-9c&ZptM(z`m??w*9txwTvP4&`6-MzY^XzBg>;wNvIZSk
zyT}Irb^<2Ze7eAuD!W^r%(a*8vWh>OMIpPU9)c^A%M@p1S4>e6Lpc8C-$@Mu8>Zi3
zXXn$YPea<73kt;pZ(HCDL4hW0q|GZB$-3YT0UNx%o$Wn_HqQf!eY-$NOkFBYEHxt8
z<O$PwM7+<E!<RAc#;{jVq*ntb*^82!lB~*Fo5iL41*@{wbqfhsqmFD3Wtn4`u-h}9
zT7%2f-T5v%O)kFwF1yU~VEX-cz-+$%Zpi;9z8%s^)^4w68?8w>JK9Gc_-CEkSGDTd
z*q`-7I|O}Ii{{aid1wzK{@NCvf$aEqJMRhQha>vYHoKd$@a7-&A`B}%AuC%m*eE=~
zwvE+fjJ#pX>6?zU_pv|C`sZO5Qa3y*D}__g5&XD$z$=fDwYnxMuyIRbWLpd7cfqT)
zN#TM!z7fHzo68Sgtw($CwqtxeT4Nte3|?&<^DcOm*SiZ|y$fEgwX?#g+Gf0r;MFSP
zE+cpq5iZj{cD1$uhuGCxTL)q%T74a{t6O)ms~yL#au(J9A;=G?1qdvMe~XCKtqN9o
zmWWlcC!BoL1=3oms%eWgf>}kSEdO2$R=wH)+9oyEG1wJm=_SWBD<+G86BkKIy5@z)
z-eofPE_`-rG(Pp?lYrLci=gR5*Sx8J7I+x}7pOJQSd|RA4r9-cqT-f`2t~=1VyP!i
zKlA*|y9lCaSz)shxeo%!5En!{GW4woLlSa+t#ZFYIaH|A22_f*%6&8qSF7wi+*tPB
z-z@h{WTqo|*r3aJ>KCi`2I|M%2_b_DD=7y@3Zk72o1!#pL5a{Eqb3swsvK?uIm!5@
z>Vio}^_3_isXyvkE5C0oybY!BU)rP^5X|7ddBcim(qYTE+);f+`t7KbO>cQ|&VRpX
zVY_w?AV4j-@yS8X*lq7%J{||bM4xMr5N}@XMRP(z;1k^Zr61UxkL!Sy%IPYH=aJ1+
zbUKcbi((o&4lk!t=k(MeqS3L!#Mxz~e-vPDw4q9__zTN4uCM1}jU(I@oI^~LlY2N4
ztYQ?#;}DXBqUH+hUM`Q&j8j78^_xYTh4E~jTP(@Fqhw-D)7}G@4)ER>&6z*W)6Y?u
z<vaY_H)*tb?~B2pY_u739}3F^<g#s5y+Rv#s?r%1FjnrpTk%WG<-<FLJ`%~iDK8)^
zZO!8|;k+SEy+2L^ru{Uv>cBYe+pwXxJ(&>RF$LTo5nWo$ZnXM#>z)xX(|NpooZBAC
zV9pLB5L`x7S?5}Mot9SG6(q5_+J~l}nomNHPgjCSVr#e4DPv_%IoWtdTCd*w&$|`&
z^1;dn@@EKeXn-dVME5L%48NqO?`GeBM;Kb{W%*?k{QG_Hn9$dL7JdqzcpHyqAK&-L
z?|GWUC*Ly_hB}ydPre)SZ^<8|`S;%)rQg4g*?*sYhE=VuG#uc{y)WMlXW!ppKK;qG
zR5F*-gdRA!$e9kcAQHPAR<hv^!%b%*(J+hwA02tnqBwI+5HPE%P*)BG;BJNj0_wPC
zstH%!h!;<&pV5;J{fCODT4pBvcLiD9*Vz0ob^#G79@^hC@0Ey%1<F;(>ebYjiWaCq
zYDr(Qm?U%xVZ$T}lY&e4=H9s_d=U-$8Vw1hr4$>rhkj3p-rPa|(w1$bQ_^J5rpbNU
zcY)r+jec9|(}-@(gt|ryuL7Da7OzF2+1mZmq4_%OLCd1G)vxNn)R4lgY>Cu4GSqLb
zm~}yz5_Fl>y2^JJ3S`q8X=IK_$`rS=EIf%dnuumIxKE9))6;N5M(qnCD{exn*O|!c
zhUN~-Miop;X(!V-jcCkpI!6M{R@AcKJ?^hR)@Q+MxX+Wnx1uvvw$|WF(rPd()zR!(
zMSX4KGF6$AW@}sJB6QhB9eQ<zrowOMt!}zjQ)?}G+=9#U6fu+D$BCdag0?{#ljWRi
zom6`)3#ncz4eKaZy4tup_q*l8k`+mACoHvD)?!exb#+jI_9j`9Q|7pyS5vt*!un$h
zX$0ecxz(lrWzz_HkQn1Vsv7$ca4wdtt%UPHY8>Ov-ICY4bGLMJx74kk34cL6HYnRY
zqG1u_58?8%;ohLxUem@QnKx}lNTm0nQQbtMVS@|+MXSeYu0^bzLH+olG+~2_P!Xq2
zloe0CS?DVfvTTEz0%f(~>S6;t`T}I;&1szaNoA1a*z=WfSf~(<r}e!8RfK@&(f1(-
zweblLqR~BBnCoMdi5BI_FmB1?y*LOabXrH?-vs_`!Ni-TA^C}X$-JI~*BkShQWr+U
z+zZDi)rc_g_Jb%m2QR8H&hm85<S}pT$1v7$LfV3-6m`Oq)0re=58hp5VfEhT!22PH
zfprHSX$OJEXTjy*-99|_$L0b^>?N^xnq08m<<+5I{*2m(Re|BcQWW`PvQ7CQPyOTL
zaLg=i=^zerFni>L)Az|thW|(O;2{~X&wC{cxW^{8HSo$u4DUpGl%=y!XnCIEzAPJ5
zfd51F2!W%&nGqNb4nsyMnT+wczxnWRef<gj_ebsIsR<x#IP~4BX}dNmSM}>n_k(FL
z2^)wrWT0Rv5suSj>g9nytw!Y6MuK~z=MtE-W8S~-`2%m8a<%Z21Plr|<hNhqaS0yD
z0T2p3i-<(E#+>%TD54<kF}FM3P2i7DmA*J|5ro)@!toge6%D2p4W#8uLM3ZR_9v%6
zrc@Q+!D<vsq2E6kcn9H03~*0BKNR&2{BvIA5g^Vi@N<ulh#7;Xgv>B4ZALaHEAlh%
zS(F@k2LyA}y`mxboL*ICw+cBb#Ku5s3Rt_g>YBiw5{ck~@`R%SIg_IS<l{IFPv#6k
zGFY74LsEfk^KPu{Zzd@j5ymgU;2e4BoNx>;J5A=%1cn*&9@#<i3ud4I0-Kmia2jT3
zm)`DPaV(-8U6<l_$p%pRD$y|;<fep@`B?y2KD4~Ok`hIOE|SHl4Du-Q<Fib!=fz0_
z9S5Wa*CeuQV$^DtszpZqsC>AK{xFJ0R$ZkU{h?D;nxZ|d=F#>s9<^yY#CX)&;zYZW
zBF`c0mdAKJDDA{uj0c~2H!&WEr{FZUH}+?Lix`gw6|C~EAjYHEVjVYfit!){=Qd~6
z*}i%OsGVEKu^KPPKBpe_W}u=_^JJ=hS*(WIWi{^jHLQxx#dT323KBT?u4^Hs@m(hm
zoR(lW>F~OyUzvgP0`8)rZe}zTb)PvRy3$VRPJ_~I=_4U4Ifo<BmeYiY<w+VPCz*8=
zrLOZ}mOH=lXtm1D!`(%8H9KShuxQk`n-tZx>@83r*|rnz0bR=P4{rQUV8i?#n6{xV
zDwen5;lkT+9d2Ew?RaR~j)%JKxC`?$aKXDUzp5kN-y_UVI};BhQ_HG0xl&fFim#RT
zEK4IAF8!LO?4)nXRvpd0aqx~7a#g3$G<J(+*mO!+v7@Q0<2l|L>(_7>*xKBKG1}*v
zf}5@*yzQn2w!Tc#5nNvyf$%s<d7a)<7Vfy`r&%!i@4+uWkNP8m{{-7c$?<4^9*<~d
z(Up4!;Iz()*4jNDLBj9R?(@-$j|AipAtso9X-$Gk6Qg)gs*UcK)@~arT<QcDHmsK3
z4!~0|0-ceJwFzUr!!`AAal~rTIM39J2_cH&8aG*Li=lIBLD4+5bRCbZmP%~02qmr_
z<O&P|uNtg;umuyV1-JW1Dy$YKimaC9Q)jgpD79M9+k_8LR!f^;Wwjtyfmwl$I-pMO
zTClVCzGsiCf8WE+!V|fN9VX&|1Cl>^8AictZtQ-UCR2z(q%_&~@Ig^9hXdtCVj;CZ
zemxj?zBz=G%mRXgPd^9oIGF@*_IC+7&XSlQ<f`VYX2s#&y)VP#FbXswAo_w0L{|$D
zy&?j-@=cqkpG~Up7wlA2DEKTaTEcm8WsNCVt6?5Y$tXfZq<I0x{%izX?w+9%JUcMj
zfI8mF09v@sj0%u@a+wEYlqh&Xk7nYAdzflC=mUWambIh0qTvrxn0O9TKhBO_#5$nB
zywPj20dQhFr}Ov>Evex)!CuK)#lDe_Qf=F$II_KqP-_)v5z7mr%xJ(+sye9@o>{3F
zZDG4vjGeb&=mkqhH}IA!a(h*wTlxnDAA>RVNb-(-Le(eCVJJw`B=w%KTtDF3It5qQ
z36TlHDD$3pGwQg>pI?)G5jgiwiOQO!m)^iZWXC|6D9!@I0wRNx(9nVCj-WQ8IBZxu
z@xfbIgh#FhQOR1xz8k&Z<1A&5<ltbS=Tq-f6vah!2L+suaf7o$xhIix8vK=;O7AHb
zQ7oE-!BkZ*y%o5CnrAD>qepNSR;*`BE1_nJ+}K-v43se6odL2e=M2L5+>b(xbj3=i
zr(myS9nOA|Qe4_Swye_DSDTD-vTaMD%}HEyk|$b85;z&6mTak|9Dx83+nGVZXQY!Y
z(3$CE3rE91@scAMC8v(q{h8JiTiaTFEDlaXqrrpyV@}QoD_YA}790ALW&>n*>idNa
zT?Xe=7a}zrdKHfYHuNbgpt}^9Nu(+WO}DqPf~BQ`@n<tYBlS}k-PEj?ZeqG<Pu?5}
z9I5W6i!M(Ot>~Z-;1ylU*hlKx%v`6)w^M&MBi|i|K{TPUkJLN{PIcfM{Y1@0OQV(p
zh+*Ylzwbe$uZVD-yeH$m=OIiF`<ve$Zfrc+{N~An&B3E@*1vtQ_01peduyVlAOWmV
zp3XDU!v&dXa*-+3IA-&%w;pVr{&`CNr__*0#p-<X_;UW|>7&O=jRKX684fqU8E$^-
zi5b4{@r7cQX$)<5WO^;x9+vTSqdZ&b3$29PoHh#cV#>00_RFM>4vH~WDMo;Ziw4jO
z{+j!dgY4f0GlpK`xh8f(SFAF(^$2a}1O>5Kw_sb>G1WTRP;&+25Ei6C=|_#@H+PP_
zD(Kn#kZfm)x+7@ZAjAB{#=PXNQ~HXHK9PuZHEs)b?__5qLd{0t)i+{Ng%uN)zH4;(
z|IJKNAWHTV_imK=GTTS<s;Qq1jny;ba8G)U8>vf=(g<5E&+a8(sV)RFOl4(DwXwMM
zVkf?3ney6ZQ3#FKHU&=cuWfu)pIycb%oS`CR9}O)^3@7Z+1D<yz+P1xlf7oKq4v58
z{F&>1u<esLmc$f*!3vTa`|u)pD~7E9p^;4)Sx7U3a#Z+nq+a-rJ^gIZ(hFKkKhk7p
z^v`wOuM_4Z>_^Z2+^1hrEAGmNFYn|3&x^uon0p%yQ96897zNWwt#nW()!0clebRvX
zCJ=Pc7z;g-!q0PUN>rsf(nKob(@tpkVQrrb;WuWSmmO=jzd0HP*{i?^(vc^7@?^-K
zrI%8aCUkTBcs)1{jvw?NJzRg-fADzoao-<LzUhBESwGr38m}LHvu^7XC|e4__|V@$
zkW153mvlw<wdPA5%ps!SkTG!Bw@knr(n5n&6oY+hl_b3(nZTkiJ~Vb~?zMxL9+n*$
zEyCm*p|6><RO#fEoo{0{hfa>!(EF`F?Mg;~wugTAGLh*07M%Ir%S768_cBqv_YR=B
zl-c2mQdlfYa;kn+2d2B1iApWIe3{6UB(J%{yO)Vt$-xT@;w+4{8_UY4yBy3)Mm0cC
zG1*sPqJ|V260rQ|aa{D6&gjkZp2cxlj<?WrIA7HxNjAK_#lYaUs>NX93ZF<?K1^8Y
z>+J-JHp}u9``A@I!uH^6f+Z{ayq&PrW?73t#lx$E3Us>n>DTfI+k>S)!lp|YNt=%G
z4;wW0(cvR(jbkvuxe<Er9$~wCgzfGTHrlt*vW7&%Tk;4SGt799Uu=1gu=!rD48tB=
zJ0Wsc%)Z!te)r1S?R#a7r3EM-?Zs)pUxeZZ3lE3IN$!E$v`6~+6r{<uJkLhGPb}j$
zKG60ePQ&pj_1v$E7W;Sav)#SVcK1FTuW<K1+uz`QwyKID+AjD$oBonWbngB>TWy*S
z@3Ym~;-tQk<%dI<fG&wFizw{lD}SHuVQDAs-e==8FG%Ae@3Xzxf3?Fy*y$6+GI7#Z
z{7Bow3Tk;~55`U&X{+qBjxU))0;($Tg6~feK+o?UpsGyQq}-PG-}nF(-QkRDJ#3M3
zjXNb1F9p-$K_x>w=eLzC7Zv4^Yn7dcD`eFUo^rYlpP%Z2{zlI_VIMQvGHrwQO{crp
zdkiE*jHl5o>Qvl*dvN!9k5&q}d9U~AzSg^yV%{?O?KFr-6pibTnT*7<79&u(M;CrJ
z;ynhF(du3ro<kb)Jtmuvz}{v|MSl1G$+CjOT4ow)8yR*}-#=-ezz7>=&ol4;c=-C&
zC<mekf&4^1B!q_yO+|wd5!6THBB__g=%aMF?BM%lL}i*myyHYm=65yF2eESRi<(^t
z)r~)y5Y);>Y`$5gi_(A1nT+n}1}&{3O7WS8nn+B;FlJn?oP8IxL*$nk^$C%RBG~Kr
z1UOMPf_s-6Nj?r?Ult`B$4N@I6}p4HHXb`{1O;71Do$w-`pUhlIe7gkEPVKmz;<`)
z?9?|pJoXp-a+ToU4?zwmjFZNf!9tBpv68tU4ZvtQ5!1Kiv$<m@x~h_$1bi2VpaFCR
zS$fJ2B!m)n7hY0-o$nPS;;4xt6fP)T1P~#sf=m_$;Is<QwAPMzN{_6B2++qNI2ezP
z|C+>9yR!icZWLM*^Hia%T;CK8F4H}se^?|++9i6XwDyk66N9vcQ~yv1nSskC*mj!n
zWh7`JzKasgg3b<;ZRqN)=*hY*qM&G5wMat2024o&S7dFdCF8@Plz~fBi-Fjv1y#*N
zor>a=j8YVAQc6*f-9mBBkjP5wqakPs6a<5oYSH9n1O!hbbox{%jbc!>pbi|_9}+H5
z`4&a7&d)w5GLNAs#u3e<Ie|PD)Da*~?YAy3DzpY_94z+$@DYb=g(}PG8{1os3I&CY
z;~TUIq-I3r8?JQ`p-gC94PKC?rpwlYTITy~r|3J&gxWn@mSiZ`WX%KLv9yMpAFWwP
zuhvP@`ski%?I!sQHyG`r1L@3JGOI{snjkcN!HQ%?utv&dR^EoFf?$6xOo=u?GA1a9
z?w~j`C@71a0Kqf3<f7DI8cdJy4}n0bkG<(EhgrEB6zc&a`a!?|irYb1MEb$;4=79I
zt8NmF4IXbQuhm&cjLa0ddx9#D2saxMtODmXkq(to{OjGVPHmFcWHK~45?;9l(efTt
zVL;^Wb;I+G^}+g(d1_?CZ3cnn_oLByPgMuy^X$^{C^f6Xt8R2mY;;j_fO8pjlca$e
zZ0R0HK5xeCz#@>0$JVw%>n5dOVdQQg8h0pdsQkA>X*T`B>pHxx$nA)FCeGId^69VP
zt{3-s5LWmpuxn#D1XTUIjcdc=9nPqZ&Khq-u;#7o5SF@e$g)7|9a!m$t5x8d;7a$k
z=1bjCAY5~ij=6}G;>MU5^NFe~5jMD8en51@$ifL-9Y!(_^tI)7ZN}`o6xF5PJ2?1j
zjA$t>rP!#iDMj^y#JKuZ9W!oamf}v630s3Xn|r+}8HJaYwfVYJ6}zxFJ$-05u9d86
z&ZQzzRd=&?FxQiQ(P2Y%nAa5sFEJD2Vk`6(O3L_Er2@7h!R-W)Hp}v^A?@oGrVvKw
z3;Ajid_G)yg3o$h3f^>#&y3U9M~4YM8^^dy@X71lCHTBc@W~Q<f>mi*89q1kumnY`
z?r98oR@R_?{7{;(DZ?iZ<E2+0<+P6T43fXW&0;-urjoD)LcK4&fTlfEGCqoAloRjh
zvdC;l^Ldu;F}(?yTNq_D{T|WQJQfQ9S@wi$4e6D|IFXHHnG^M7rpOoPt_W7|Up)xd
z_k1r7E_m)eKPvL*K?+40XEs@@WCcA5$l7J>K3x>yH8B0mI|_*A>~UwfC$$;i(wMTW
zgA7DH38Tx*WopVs>Ro3#(h5R-sBWk>H|SP>{b7G=y=`vLdNfmQ*mkKw1;}cDiu=i3
zqEK3O8HqxbOrC|d@Kq-LBqW{uHXbK)^8H=<PqkDHJnBc~gDU^rrT?t;ZdGzRO8;r#
z=IwKU*5>Mv1GLr_Cl@|c<w6c-0>mW7ETYqouRI6nqtZ^?<pAX~FX&_I9H7t0MxE{M
z{VfuIKC0l8x9r59d~<bd=q}r5m)SnI7tZ!s-E!^|>``9??PhnpTQ3M8ryliIp#o%i
z0<P0Pgl7O)TaR+9E1!R52JIFAPyw>)buK}fgKZJ&$MTBIDPzq~fl;bf<cY0TcFxv%
z#mQmmE}Dj*6`Z>*RHeI|v*qpBT6jCI(L-m!oU_XB4{q`{P?)zZ|AA@wx@XqzQtp;W
zbcF<q@if|eoweBS^X^jadbcCxu68CKLd26bZE}XJSQWs_E^?&-4VO1f6SfO=vT8>&
zE|1uH%4RW6R_=7t#h8xQWcsz-Wn->Xy358~DkfiD(^7A0Hs+mVI!m%(G-JldQQTm2
zkPVO_KL-H>vyc3UFxOJ&)}WZB2mJ6QW3Wf$MrmFR<XKpUtPOeaF*l}gsVJdiHVd$J
zWVCl`@Q@cTbSRGxMNK5GBzZ?BS~>DFLVU;{WCVp!sn<y&-GDy>hqckzPt7FU3Rtw3
zDb=?PnO#F}X&VgLqZKivk5=qBQ8w+foGhDP3rfRm>c{HUKitiof}H{$JB6!6;R7IY
zWGiy=?j9FCwrL$hF6?c7bDR5TK@9iq@+$EOSfo6DYM$~CC!N$dN~n#FT93z(pJm}O
zkC7m%v`-{R@1OBeHv4}fclTZbQQU-G3eegiphffZj41yeasEx}ObE9Oa~dP)Lv$d0
z?GorUSayI+i<y8JKF?M@e6eKohGHVhP*6OGR&?P*w87GO5flSIqCeY~k5A7^tGCGb
z4W%vDWF8ojaM(5;$((3a3vDv8DB1yrO+jg7RZz_5b3<rg8P73Ifc=yjZO4;+N*<U9
zc?Gn=jyZNhy$s@?1?NG^B660y5quoj3dF4Fwo&PbP<Sg$+xG5`s!FOlZ$ngD6Vs-j
z3}P{kX7(0^Q5#J~(bG0!KQ^HpCXt+tq~eqI3e95CZ3Sr0=10>o-!8!0j_*6{8dl17
zC1qeChSu%jDVgBVnicg#o&>Nm=7Y>6=0et`H_P+s)Ccdsi6^ukk7_;oQ5v<Z7v)4L
zyL&iGCX%6}nEBmv1)9=U;>63tn&%3_`USoyO~#xixRQwhr+yTU!(^Tj*fN5aHKQwm
zO_~)F{%<l=;B<S9c>z2`M+{<_Jpt?uXqy7<6*V@kS&R?Va(o($&qm=fo5Pp@Y!HvA
zTaIPhWPj+9X>I;e3?ba*3}v|H?u4M!7DE)&f|m3}0XKGYy5oB3J$)*Xx|)qtg<%SU
z+)ROCRYj@N`DG0g&iZkXPyOu7brkF%7V%OPo0usIiax8wiB_uxN4JHi){gLnaHQR8
z>3Xa1^j$5sG<2xUl4`*wqEkyx1V0Jdp#Um!SkE=HomzTJ#cy;DJ++{q0|y&gDUt<h
zWjvOv5_|@(V<1Y()q8~1*oU&t**;&iP9qy2bQ@6+-9d5Cbwue(=NWCa(|SbdQNe(m
zmbVIL3P$dypObkGTy=G2M+U`6-hRR^^1nz3pkH{nyy=LP*ih`J4rQ5#69w@}e!9xe
z=p}nqie=GHjz_yQxf@ipgG*rezV_w@^3e?_>$r-z?Xy?1_G3Q+ls+meYbgo{s^An&
z!>Nd%nn0wi0LVqnZiP@RWnz%QAsDVMt1_@2Nz<Pdwp?Xo{bX1t40aUN04ilfOHryY
z9UU!)x=jy?crGFX(-YYjwiQfoAn3olC%%EXvB{v+7_}&pe(U!npg2qYP$bK)+zjG}
z^^`Xz2*DJtO-~5L#7hBRyfx2bBYTI`3iHJC_%3@8<6SQAW9>vdAip%25>2mRTy`Vi
z!H@^+oRMVPj&DV&;<`@{yKH%an|@(+5@slj?WtN2qz*gvUJzwQcaL&$$FN2mdlPqx
zW!>RfOHAtq*OrHEa=#0FYeX}pq`@>f2b`m+6Rrm9u)xd8Rbn0z_mI_at8|w2p}5HV
zP>|h1X(3udxhb+gl&hBip;(1aQBa_R><<ZHico8>Z=IigP~?@Ptj@ha8U$D@B%&@D
zMX_!#VwHH_>dIFIPd)a-2)vLN<)7W~&K7)gah|y>e%Y04hMr!1QCTD}WYCxFJQ45-
z#SVh3TpfqB(gs8o`>LEdq6;@fbO)sc7Ze=OOwA~0KFzonlLH=PPEwYYzCp2`6`~)+
zaiZCetuH&Hu%50fYjV4VM8V3H^Qo3skxt~^=?YR_Kce;vjk8|qj?xgYWna4})Nd{v
zV;9Csk3H~6XQ6s;^I6bIyrxyM6=Q5oxgf9=3aXkFtT2G(xm`@Qx|F=y3rWP@p|-`z
zJ&?A*-9NIhc2tLs_m3^F4fV&<3f-LV2d#%?sbKus;<t_GA`AOfj<zs_63tYMm~UA%
zPT_G;cADRFR_>$tZ2@Dqm|ndO6dot;=Pjt{+<qnJi8KS+)><hTL`UqQ_AZVoLV6!j
zve7*EDcp2IdZXYY`9lf7vd(OY^u<L3!fHPVIEEyN_5pcaR}JZASO|N&Cvk#Q!7);j
zt%{|>BIFo*S6z=x<vI<^*A?(ItZYXGq7d{sqE^(QH;>t0N$OcQ&**!rxiAh(o(F!E
z2L9x7#9yx+g>jP~f(=UXOvo^+`fSLbG@(Y-c5ENUWlFR*=ZvLcMi7LIYu^PAbmoEz
z9~9UP$PNDLxbYNLh#U~s$u@=1`~b+hBijT%!4BH<J*K&dWOqmWMy-4+fV)b-u2(sy
zL$VHPOmJv>k@^69c{&epZL9=~Rzgjn$?jO%EjS#S5n44idXq~6CoDTWf)Zn<(<?bN
z?e3MmnZW6!fsz2$&*Ky_l?QS2s~5HL@G5{Py@Mbh@s$gqmZJ-jg?e~7Ularn!)>qv
zsJ{~35{c061O(0t26<|;oZuz^IC4skmUc<Rn^h*ZtOAKxy|?D!NyR<fbs%ytb@D2E
z-GIrfgpdhDqF3_;=cyuC;wj)e6wKP{YX$`~R|C|dj<gM;n0VjqLKU)kSH^Ma+0e9%
zsF4(2+vDCNIH*ByLIuVJLbH@8QqqL^FM}Z{SfS+yLf_-y#aKUj<J*9BcP#1-3Ccwg
zJ8PT*H>8RUPc<&m?T>3^nS4VTr^YgXjW8a;VVh=nnbSKo#FVU(qJ73liy^J*q#YGJ
zLOB<*?JOWs<r<D?-3qZy9E%z@N`BD%rVNe3Esz+A#+V~yr3+oM1zLB5*d^4)%X`SZ
zMsJ~BTT+mg+at^3oq%7=Ah@ZtfK}vi-2^CUXLaye*d4qMEDuB>xhAWFw~*bzYhign
za1>T>VBCmN-P<3qQ)*I`0I%f5*0#F}wIEZ%v&h@YlbprN1!;`4o~1G%Cq2tyGb*^S
zn0|#qRcjUd+@0>ZXanS37ZgNyP-yCFKa8E=zdP%cw+xvCg=yCFL-d0<V(cvyt&F>=
zQUkIjxrf*1QhHGX56VEbMw1z+LEOd$t^AbU|1wuE&WvrIil(2t^BvJ&O#uZbG(F5l
z{s<-yDrm;vp&HE+vNxABIW-ER(R6%~n@XG-=%NBDyiNL!D4KW+-Ou4%c!NgY6)H=^
z9U?s>BIA*RVsn8xa`~=yfoMG{R?r8=iWP-zhsVm|qP-)_U0m^7mePmXF1=_9MCY}R
zcyZNFx}cQJHt=R><t|<tc$$cubs_d;bPeE$bH7e7Yoj^3YK^y7V{ET2x@w9Dxx@~;
zbrh_5gbB@%KPc+$9(%hp-4+Yp>M`ERp1$n@zd&6qa4Hdz1Xx^Y%dn6<^LFqfN9C_I
zd2m$vS}A;}h3mjNqYujyn3h*;=u6<Q(24PcCUr_N-O>72n-~X?6vv7qH_)lDNPd$+
z_8Ue?RVwPomx5mjk6Xd7gil}dcrDxtU9==4RN>VUL11j%1AAp_n=RnjwrwXB8!N8Z
zwry5yyJFjRQn78LV!PthS$luoeNJE3`4{t@_ZZ{xy3w@g5f3Gz&TLKSJD|FjGP2;Z
z(0A8TM%9gyWPaqwVx_DxHFhw^WV>u`j{@BqqEZ(ghR@{1+?t-efUmg^w)4zzD}k6F
z3m}#p7eQX(-Z&>CSR2p%{NAgsibp-~dv06=aDy+A#6;1Qcx9wutZ{9$iE3IaaFGN7
z!Js!5eGSM2n1KP50aN|Ff?zOD6aKLfp4eskFU{vyk~EYY;A=1;XD8PT2~>uCAmo`K
z3}j6Vv)$zh{GUhdOS>#RO!9dIv`azk6R9%Gntp1@rEDaD&r6#o-<^qPk9F9*AtW~U
zqEky6eWoz*wEVadBB|lJMes2i7U0$ARD&_A_5#*-@I$lztdv9QL6SF;t&wG)yJw<I
zp<yV8yvbZaWYTZnYJz*GcIkS3D^$a<GAJ~;bpjD%er4_<Q95lh2=?pZST*;a!&|YN
zI~TT_RR6s)qRlRS1x8cNT)(i<qM>OJXjRiJ`X?Xul|O#%8yC9^!iV^-Y00|2ZNo1)
z<fhhko^J!9>w3QGtynVJ0pECd0>VKd9IzBg3P<KXnj+9tNXoiL5fe<vdu5u_9T9#v
z7#GJgWRx8QxQ{A290jXDWH|j~+_Z$lA*YBBb%fs-DJLt)32I87FiW<jR*d6{-;7&=
z{7nzh5bN-{3i;Af6(LUg3xgb1!C)d>${wZ<-ySta(LsjG7{Uk9rjalWUaD=hG7It?
ziT3!GBwmi~INR{@JSlozl>*-y3wBr@%to|9J~^_30?j57P+bIJEI&Sor6dLX#)7cl
z6{(CFd&D0@Lua(HM)bk&WmMAUPma4%)w9%WTi3H^(R*j)=9NQ>{)?X5ZDdkChe_Kr
z#`c%Ob42@5u&E4WXYr|<dbgW7BYWq01ptW?tXh6p!=O_}qQvVUtnFCE`}l^`%P<1>
z5P__IE#J8yED3LJsZm;69UI5Ooevwk^PE5Mv!%47Aw}ZUZ)cR)blTq(VyaBA$~W_*
ziF&XgK~jWZ8p?>x)Q#;`jMxwNBZIPm?U;wuhtwBbzz%`ah$Y2FpBZsvpMl~uBp6{Y
zDTd}2dRDDbHZp9~{~5+)5WuwQiJhYFo;g(nE4$k@sQlAp3-s!T*a+Jz%x4yRq0JkD
zsaZIUxa8MMjBkhabfY!?X{T8Nf&4MvArh@Lf#mqGQW7#x>*8!aarj-f{iospX}$vI
zp)mW0B&Sdk!6F?pH!OY%7`rGdCLs%pZ5ouev-xC;l?DIm^s#G`C*5XIZM&s7v-=uO
zm+$)InrcncZ4|uX^}5`$g?;HqBbDfVuIKserR;r|9nr)wkEhWyQ_$^Uiu^fEB$aHe
zU1h{5V1Yax*K^A!bbKV?^N78J2ESTn<wNm75Y&xsX&a>(GxtiJ;#(RoAIX7H$5l>G
zcTF2vCuSVz>7aruR^7)VgvUFr;a|ht=_s6^z0bS^WzuN`Cp)12mxQZ1eAPemKXHTI
zRmpuLf?_Rxb86UPD(yF-5VY=3P$2gI2(Zo2Q5_3m>2;FVCc49~W9LC0pAe9+z-Y+S
z_eJ@n&zOSsh{}M8+sIF|aMIh9Ny{nQAD2!5+fk&ORF$<xp~Po_U&w~Rdo;m9xywQ!
zU7OtY{N5TzbIL@hXa}ZU#94BrzC%~f^yls*gsO4G!F){Ti{Ap9!Jxa#E>&O6SVK+F
zhH&4Zk%vjR^paTS+WJ@MY7732)H*5u!BnsgAxh`WU;wNhSd?IOr)@@`Y@tFjW7EWx
zEnAz(Y)J6~Z+gfBt#zDn)^i6frm4F9lsJb&8>^acbIX~#4^jk5Q1VveM^fke)1L^5
zYpFu_GC}37>~Ai}I6G|h-8t_adFENc$t*%S#Qo@Uh6N-fd^psL`@S!GS>edULThgd
ze{QB7R{nZ@-9Z2O{HCD^fag3M;inAOQSytMk`H8xireuo{}vtcRk&1{pxba{6iKJ!
z)D||St~kkeb_q4i_A_NmnYY{XIWo){ZS}fEh8FI7{raQI14F{?%A)7znjs>jMJ$VX
zdSd`%VME}+itlNCJAXFR?<6tZ^h_+7QyeV{)7R!r$^}ELL(*?;f_I!71TkOXrNihI
zDF~8}iwc4Fz6yyhQ*GLV4JS4D<*8za3kCV<6*+VH5izDHD=kK}sRv@>&Q?ps)>O>f
z*A>?jgqp=)dc?wlECuXSbFdMK>oW~|?_^Nj2#reqkKp^`T|O&K-N7n9r{JB{aObUm
zC)<Q5sbx+&51`6)ypZH5kSxU2dy-D6blc}&n9hxe))Pu!_h}hyY(6@`Z7=t^%8B3g
z)fC|0x~ZyQ1sPgk|K=06FFV`P)m-7hFk#P@C|}_*_W<qdlqJ|qWFpi}wEx8|HQc_z
z-Lbx>Ym4RfV0S?m<bEaI`ILE3(Llr*SKDp*caw7^U`4QvX{Oa2FcR)ybk`mzxV7I<
zaK9Qm>I2*n@azkm&Lr5skTCCYP^9MWDL?SVhRC-~v$*9Wi^7<k@x+KJ4uaWDGhNCO
zr>?%f<#sk&RGLri9^T%~pys2`ix#TN8QbJr4=z`=8eqECBzJeyumk-}+VM;!kzwi^
zj_n+qE>jUI>3HByDUa8zGu?Y~xt)wF6>FCaMcOB8dAWkGlU#k$r$|%AV#NN)EeR{!
z2O(<^u}N18hLXt|OZrB;xGMJn{}Imv4AhwIsh*-w%<$&7cz?86|1ur9Z;N(J%4;NU
z;zzu{qjhTvH-Lvp44<okkLK*nM-q}ytZ<mZ?y$PrYi`~v>4fJFq_$RCeo(Vn4%BAM
zyD(@lhsv*3$4oD{Fh~h=0`%u7_F(FcHmOe;fX+jR_@BqZjU}YBsNYm~Q%A@@hU+pK
zJPQ4=-137={q)MMU(0r`czi8DF#dh>3qC-p4sOUxX%=xM<kg;JV`?#?1tk~9gw#9y
zu&x@pG%E0~RW4fMAqCEmh&;tE&240*3}Cna&CujxGq&Kxq`sq}MX-4J+chJ9h#yqb
z3j}Kh7+-l;6cQVtBT+HDXqgYylx00k?ziBw-yv+$JF%Pbh|y@7G&fRqKlha8r34FV
z`F6XRO#Zg45Sa^Ap@&rL$d3Wdk2{<Q={<pGm)!t_B{8tg=wn58LS}!b0}8o*xCTPh
z*3%vt`2nX3O6zxR$AXDV<Z-%XP)umQc0WF9Z5;da^0>~d=Oz-URgBMo+2fAq-v=?o
zl;(esw%yvoxL99q%2cEPAz9`fp*c{?r&8QTgs?$Q3Gc7`izo!4_yOMX6n=zibm<7E
zUcrPis*k=d^V8R95onZuDdqrW7=?d9kr6fNq{TtT;{kqypwLz8gr3@_QwwW__8vvQ
zWSAVq7NfRf-}xgoobh1o5;A4b$3Cp)5ZRm)x{O_2=dV%%GSKwLgkFh<6)u@IeM!ZE
zVUy{~T&aA0gnRq(Ru!a82X29#N^Tc<B+;72MG8r<07egOG9i({m&XhI<fJ}ELXn>p
zFt)YVcFHK4AEwv}0*2j+?WOO@oE1<TI~lr0-k^_q($H3rybsk!RuH}kZ?arpIl3ao
zpYC<fwf$*SARb*Li{N{}Mmlt^0@kC<A54NFB0lI_si`TgrvxwXC>YK(w0um{0*5V_
z&j$fb8qK*1aD*HRm(r4RN@(`;>QnEg);>fLY?7MTpI;lon&Ty^PQN+J8ZF`D%$aDg
zv_cvgF@4WMSzo!r6}>Y5WSBiL@;IhmkFR~==>F_~VsvbF;aGPyxwp77<uEuu-l6A~
zTy%d{9oh7y`h$(*%@Gd`Pf`&>*!sB5*NDvCbaid&CSExhyc<+hKu1vR1$Wq=FNmwU
z;T;Wcl(un^o53C@yS&b>+sXAzbRU{{3=q`O!%aI3A=Qd{8$Ry|d~@<>Jgz|)&aG#U
zoGX4rv;u!bwT|+IU$1ZUcwkT{-E2x|RX2+ye2eC1?l5AUD>9||6&3t*Ii#g{Gq}zD
z*JH2)ulznh%ty)GH?i0PS7{`;w|pM?AmaOvBO+I>CzHPv>543C>d2F=DaJ*AiVclR
zwgDxAp<gAx;^nAO4&OPljzto3!$FYeq<1zX+Yk%NqDIw(SyB(XLbdIFw&5zD1*w0h
zuo5ZN`m994QP%tMEMJo21MudTNopDqU=r50hwEX%9k>^1SUQcQMDAD^$NTf0uhoA6
zWUvRA46UzZKHV^4p$u{)g7HMt?Vi=$cvDRy8>o`+v^+g${I)LafFJDkeR6l`9D?^u
zy_Z?(J2XmWFg)bboI?mkH1jtyL;J;B<JilZv$ed?2|TV<E~4kv@n4A3BHzK@79N-p
z;cWRPj8bJDxp(bZ=&3KA>!~s|uYMImsm+$VZ{e9%Pl>s>x0v`X8Tc0q9S2FY6C@+K
zbQOYFkp2iOe^%$(&InC@Zuj0Q_>R!EKBPv8t}KCzX|cGw<PyMp*NdoVG+ed`i)oj3
zL<@JWGslb^YQk(f9rHsmu`8^krVci({(grsfcR1wi|-R!!{hCj;-)!F*yc7j_~@uD
zjR&7fh&kAopr#n=Z9|820QlGR0tkVLoZ|qbx0-qCAi9W;IO>Xcad`I0M5ZEiNctwV
zFYkSmZ)&z-dL7*+-vNg^b-ZO;h=Gkb7@wzb+zR&znc=_L)g}blr&jWLPst_AOR>II
z&BoRRFDHUd+WSRof?!xc>>PcmV*<b>sy0(F<y-C8IbusFiuz_|Onf1BIX**F{yJCI
zpTi{zM~?4w>2F4=S*V{YMr`Z8oU#iND$YMRcjS|juzHPLfQJ@N6w1&PMx@2mTZsbC
zF`8^ewPy2k9hHtu5GG7WG-h3+NjQ7jcE~GvMZV^4ICcctbzC92m3!QLI49|##6HQa
z7R^I2g!znx`N*vG1UGgz3DtPH@R$-j+vjb0=d@wi+vxv`x*Qdh|7`3B989HLBF8!u
zdB7SUI~Mhk*$+v0DbIyPL$!au9g~D%lwm$11dkm^3@lTUqEnjA@#XVHC%zLBXz#Z2
zbxP=!J(JY>orBU(PfpwulIe8{DM?Yw6=E@w@6A7@2M|lojDgvZ#q2=!gOEUrpAm>r
z2z$`{kX9FMa)~xt87u8yeZGmt_R(Zv>!O;y-X->Iw%H-qn#OQXd{vw8vDrxC_zJ^j
zpK<Z`ov`;wIq$sfdz(psvbtU6pMqhtKCtn@2j31H6=4|%l%^SCQ6`j|rG*h-$q%=I
z$T}XS{1k~)3{MevKo!+wJ4EdMB!Qdxfj5wTbe26hpH9Gwd%;a=C+=v%nj_8j$NWp0
z<<`=5>fh8Z`1#}a4OEIhGeMJq&-OyxrQqQpQFpkPEOIUKB(h84aRvPf{YT+yB1qDI
z*9}LWCb`Ed`a~D0W<J{UOb271zM%egDSS!Nye{2{U7kxPJU4AAJQyzgf_YdJJo`0E
z@0TsnI74X^c3Yr8<sDyRY_n(gb1tCcw2w39?7a)Uk&qVou9#aCTYag}BLG64YzIVG
zDO-fId@c`JZ4RU&sso%bEJg>F$D!)iSN*RRzxLj*kgxY5C?(L@-^Gxn+vgVrElM4M
z^*gRY=}^h_fg)I5611d7rT5;9Mx=9J5R%4O+YICPCusF858eK|)F%?5iMPoiN&)-t
z&+8puXz{YAs960yHbjBoH)JtnQAQx?y_Zp?*K}_O_42pLkfoq|*1m4hQ1?OdWUw|;
ztsG?}b*h*kW7Zgx{|Wi-Wf9zaBa8Qd|IOC$g7D-gXE`zRVwt4LZ~S?cD$>ZKm5}GP
zl~MBoYM2r1W~N`oEG=m)3z8d6aw4<L5jae#J=~H7E7|b=96z?DCMhBFYxp=4o!qAz
zpFWGewtNimd5UJAOh)8alV9#z9H|UARtH~_;#CCWxm{r4>w-X{nFTbP0LhcgyWWxQ
zHL2;e3ZP<_Fi9TeC-2<zy%df~`@pjwpw@BxpHy%1s5H33U9m$dwM312#fH*y`~<Yx
z2Zi;<OU!LR9zthS`GY!hiS%^vUwy5gmW)>rouzo-ftD6(ZcCiHiURq)<rBVbP!~rB
zT7XduJAbzFbhQf@(J-`aXAPFYsY*;6bOdb6=;UGIibn2mMo<kjIjn}FTdyb`no!o|
zE1HmBf^!>6aPN`kl!X_;S}b8E-ntu+jfrwL9*GjI&VymHg*#n)<XWiTyV~Eimv<}E
zJt}@b7pw*DjVv3&pjphKR5@#@4A31p!WXVtK2*qjX&d@C{hdHhA1L>nK^C6-Ru@+S
z@QEMhQG=~_l)b6I<Nh@7W6BYcHzX}oJ;gve&$__hWedQ?x(~q#;jR8_kii5$WSj4g
zIpwJ<LNj~WMp*$3jJFesxuW|M9XW`Lo|JAcJLSoWT~AbEic%Puc&EA3rGA}*b6$)+
zp1@^ylWb;sFJZ?{@E*acZt7IG_cSs;xlR3I3wDR689=XffSn-F#V)uL9Tee!G-n|e
zA;QTrtGuuauwskN8q0UR6;;p=))*)c1AXJ5d1NRJKf7?nT&nVlT_<hik#%D|fx@b+
zM!#F5K95u^QH51IPa|0}fKW2sc78JP`YQ{IYZEf!yC^%J=}J(kcCFDKC)4Vx4-PrI
zYCxJ6UZv(vB=2&dN))8-c-^WP`<8X|rQNQs7yfMFCQ|ekg`r>iRX(q<^e-}}om!bc
zL^9Y7rdi>)GHl-NQ8@&=wtxHAnvq>=@GXRW&~)x<;kLTjw5DY~`nT#*Ht`|!#5P6S
z%`cQGFDsM=zT{HtTkwhCtJx9^S#u>K>s&<M8R<ZvBT_>qMF0ZZsbtN?BhUPXk=+~7
zI9U000K^?q3;(w+D#<%-=#eRLWz_Bt$&klPhSCD`?jzN6Fm4KWt<^4a?{r~UWPG}U
zF}zE>0S?b`I<?76&I}3l>Ir!>gO!DVF#4ua*v%tgKBov*qliRDew~45aw11w8<EPr
zGkdA7WOO=(s{QkyR8>lUY)CUZ+VMPUSEH11rV4QM)`EP;gax<ex@4cH0I^8GoEn$X
z$<+(FMPoHB%W0}8SMs5b3ab-C*JYV?9!&8KOtJHBcon?KfxK2Oax@DR4Y$!M#>sDW
zYfi^+i^_lv%4cX(Z@Mawy8F~d4@KW93cr@Fn{A*0qmtf13oCw|@-Rr8H$Lto2J$!w
z6+^UShq&SA(p_MedS77+3^{?*EJ6f&npj=$Hk-1*hNkRm=JU_i{saMSRIxWpan_S7
z*NG-*9MS2)NFL|x=kbR%QHR~>-jmgU1-7iWORB_(l2K{i(CBs*7R10NNL|AF8vpxk
zrMJ)bmop1-dB3K=m1x`_q05zjJ+k;{#)_NnkDp*QL4h}|Kyo3!Cus%l!mVkPe|i%1
z(>s%CLCu%^AQSce8x!BS{uh1R3|npj0m6rj>}j&12B_b!_T29~Qgzd&xNuSM^HEIM
z5uBR5TtUWrQjZp!_t6L^dsK$tyFrPOw%Y5C;r$cJFH|l^3B`l0cT#@<RodmriPG~(
zEHQ90<V``wf_eC&kdqN{R$vI_OO|}Omnv_4A!Ah}NbXAwi|1x@{)v`0uY5|Tj|1PM
zuklk8`grD{mRqO0imH-oXEqa-R}P!csDmwIiZb>1>m3CO{cll;(#NV%Rvs$EBAt>r
z3-LZUp2@4y#Hs|Zke<I~`rCJbIPmr2e>-3tTIdwu?+5dUzuUlkQuqhKKZ6U0@e%gR
z3>(*EW0@zI1JGy*EM@@rt{6ht-CLBH>UaTz!+`I*Nl$QMGdWVP_v4;A1?bFZ*sgqg
zUEC0STI4BwqG?ojm@gUW0T=1NRP}I}+4rQ0iOT%b8L+r14NNT3Ekt;Y6(<qk4LybN
zu`TP$8?2^{eMvG777cwl;o{c`Mj$MMJ%`XVwYr>f(^hs0zAlA3Cl&nmGrLrRlywl)
z6ydcuupxbat6UUi90gqy$lRQ%NQ0dY!c@_F2UzUEDa7slkw~G_&|IJy^_Sb~9DTM&
z6^%AF9TRVmt|`nf@6pbt`K9fsYdC+hyA-sg@~FPw5vtAW^{m9Wrdn=&7J14b5<x>l
z4*jTWkgp=^;FTWlcPh_FliwE@qK;)&ppbFm<K(FHV;=3}OPC~8_Bmj3bF@)@L(r(%
zngX9hmEvCqSIhu9xEr2bi%Krwtf5@du|_{s1=8nradw;^dZ)Xyk-W%i!ogs$$?8Z`
zNr%i<Nzrx3?@}?%i&qIH@35@uGC@Bq!QT{+7fwVu8nEijSMCYJHE}C;w7-<<lg3bD
ztu?APbd}eW)I$7@n~$NRr6sE>yasuqiQ+z9MiFRe0h<(!cMCVJ4YxuvCbp-icYGAz
zDNA06*{N%0_pgI{E<Nu^m&DNU$zXo{CbQ>WJrf~S<{!#Q2pmC?pJ@xCB@O`rS$e25
zbhhQBF_U79ng9tVq}mKnb9g1pCyWC)sT1c*mFo3a4#i(!RyY)3<2r#Tu#!;*GVf%b
zG&uE$S<ia?_VWEHFb1#76pPFzOyvkO3{bJf`Kia`$#MwFXF;*wdZ43JId;9+#I#x8
z=ODaR7a{_0GF*uTQ8OstgAF*Abe$X~9K>_Fl-puVa|^d%WUV3B)xl~V|Lh%q34_#8
zuSGja0OoJPbV{1?k%z_C!h<fcWZ)anCge~*3UoVek%#F#qk@76P5q@%R3Nl{eq4N9
z29w<|nz>znUm)o+7D08BrHyj)L9H5UQqxGITRUqYme`x=ra8F`vuWK+Cv==d;x36(
zb3fWEpw=|NAd-gi8J|G~{i%4FKRU78AVDuDtlCgFk%8G+F9O6h?Rug9w<*<_frG`E
zcVV6Y|6>Y$tus7~3oX(&5d!MWtF^brZ!i~UosAUXo3a@Bx;!q{UZH1zgPd9>y*fsv
z98sk@dc=MGKP}Os0@nkq?nc#*rTvc)W}^(Re*c%iP31dC6#p-QZ;P~c`gd=1N&bhx
z8-N6^$I+PY2_$fhSjHRJ{~~aR|0eK<SPN2kAJhLu;FC`Cjv?;gn<6*45FHHL!gm*-
zBetyD-h|~m@|UwZsy$k|Egkm5VVhsJ@HH3+x#XORKF=d5Bt0&)mu$1t^hC@Ef=NOt
zw~QA{X;KEdOT^XZ!5}7M)t1Bwt8QxX_F;MnLKk)dx->Yn<Lbl8MySp)J=wLREzY4~
zl-6*bQ5vm9U@D@y;T!ng{D>_-i*wx`V&uCr;eXd(+U!YM?I|!xf_$Q!Vvfk=LUXbV
zyO1t6pD)s)8U2(S`QxN}46t$8(Zn+!+Kmuzz6pZmZ4wDZh5LYdgwpWX@`R%YAi-Q5
zBA*bUu|Q44on#Wpxz5C`|Lfok7Lp%OHNKbuT|#}e>O3XCNez5AqnDuPCKtT|Y)mLM
zo6)Sn<RnHH?EB~EY!@p_=CgFsXaX-s5?@PX)mawLQgzd<zhw8!7KEiiE>4`_V7G$X
zUn`O}0z3(YG2W!O3_4M)d0I)l%EPfA#YI?Hw~*))-sqK>5??Omg<NOtY~-lhVL_6z
zlZs08&|b|`#~G_GW3M=nrD?DC?LiXpE6_FKX+gd@VMe6)kw3s=C5ShG=--(_474G@
znYTjai|1J4^RqhjZidpDKGeqSE;I!ehqWj2tDVI(Fhy3AcocvggB55=VA5I-fTi`L
zVsy`agDALj0x_8)?s>8U=@O%I3x_@`9LwR*55!j%k0`_YbqYBH)bA~ze$Q|RWU<Ki
z_h%hPWGw2i4`o;XF8nbe)%1^klVHY(3g9;0F{CLS5yq8o!*$5{MrU%#?96`jBE$|e
z-r_`#r+)+L_m4(MbC2Ln%1a5jA7il+H+lL-%1&vU6q9VZ0s2!k?H$bls)t6~5I9yA
z9=F<>MBSlw$N=&VsxF{@9|85-N4Oqc-BEZeLUCJ%<RAS`1F1S(2I@Cj3yGNXUVK|J
zDNpoI_#_+)HQ6IU`^vOId)0a)R!sQN>J_>_9emqv^H5{&O#g&?=MLBXaQH}tJ)r37
zTp}StEmj8q(QkuGj(_yKl1|)6))_f|r3AQk)_q{*`>eLMo}ZDoKyP?_HQdoKtup`U
z;&Dy>Hc6YmCk(tUe;9B0CqF1ETubuONIi204|3j8w0F#oQXbxQ9z^Y$icktetvmGm
z#F4FAqzD`yv-DMfjE9QsB(caiIZ)aex6VD%Qh-5yP7>(e@phv?_a5jWU;W3uqk!&B
z-(w4>deV~S`;U7Uq||WUPFNlZ>Th^tj%B-1{&90f+Kn*zB~N2h#M@aJ+oon_TgTK{
z83i*wgw*+udxyd<CkO$6?hPNA-#OYTIeP_#`%Y0Ypt+|yAPT#;<aE1~X=Idfe6=ST
z_hw-8wpae#viPb<zZ%G?^n#;18O`}&cB^qZ<td8JTatcl`AIJy87viUBA$$Ys;61p
zGfr}YSXM^I_;euK-x_jLW2iIGQRmf%g%l<~k%U@*yAes!)a_Bdx>Hyfk8Y$Rb?Joe
zT|Cy5^)0-Mp#p|w_yX5kJvu!}U9^F#2@c=gTXz`L-U^*Q-xx}+2d?(y=qXg4b%3+`
zd%JRwrRimS(MLYC4S|<iBFbgRtRIyDJzZ?FrJx(DT487CLXkBLL(xZhQkpt%2G_9G
z<y;3j2uKtrYk{w@Tp=4M857yDAt5nnh&Q?Lf2;TLo1_#a2lN`vKkEHGk;<}9m^>4V
zfvlBbcB*`i|C6#~>EIvr&L@yw3Ia@|eqZ+VQ!6S}CINi`s<$psy-#$Uy&+`&Rqy+M
z)Z6R-quz)Ak9xyWHyW>zRiC?WpiZ%2C`Y`>*g<Aq0M#4XC)G#KOR{ho)5@aI;?^A`
z>mT)|Q=(}$2=?#NTQ&Ea+gP*PI~R7C{PTN7LWf=H3XHD0t^=sv*m?$mKmJi~8n}Pd
z+lGfd{vY-BDCsb;P3)74?`~}u1FHA5OSkE_lqC=gcjo|PaD*L(a^azb0xe6_Z>0h9
zUh(+CqY{3pYpna^L*%1U#1JVkn1xm<mU#%E8iISl6EW|$>ryHRxCPz}r8)^*5;(B0
z7?%Q5m8I+QB-{Op_I&Et<#md~oN<2)uy0qHD6vAnl$R*ZKyyhuU=!@y#aV*8XrCfb
zcQ|~<-KCiFyFqxj8E`zLxWdETYzJ6ROieU?T27Uct~)kLF}b5@CP%wvYEDsBXhw$^
z6H=nP$WXLK2v(BIQaeH-vzY-(cZJi_4YgFP*XSSYDi(fgx!IPTiw^P5JUR!%ZaVbO
zTP11o7u-G~;@gJSO2JB`y;ApoTPb|bDEaHJu=<ee`_OCZ;=QYbj%kRXT#z)>Xqy|P
zde#kU)jxeccft44h(kX`E~weTccuhR$e3QFm(khC$vdzYV9w>e8w_W#l6gFGk6-Za
zMeLuz@i!5bJMXRf-YR!C7a?2}4N`<1KV&>%dHfLh$BWsmMcU9r`bo%j=q=)7GwWJN
zzoNW%4?9kHQ$jvE5?g>ATV)@yyv7+*2_DhkZSrhH^Z{EFeMRqeE4FwlhQu2rS^YRC
zgyv_&v&lo7KY+{P|59(jf2p@z$3N;F`mcIJAk)hHzv@l+|50y-MLHC2>HnyA>Obm@
z1+Cp^KG|bs@qKmv&=ojyxmjGhW+_hTzK+`!0aS0@n#J2FKE>+;IW-IWGN5`F0!y0z
zqu$p%o~Hjxy<IA$#sDki?LhSo4vid5fIkMRcUG0mF;KnL105NwcTt-$^RK8Vz7_Iz
zksTCtT=n#HH?$RYVkUr||Brfu(*^va-YEh9OT9UXR`d9pf9?U*+XJZHeL=Afzuh%1
zG3O5&QFPn(SAgmr-p2|s71iA3roM`MN!7^A4maIq&#EU=U-UsP^ruYb*_UTU?^nuN
zyeFu&k<Ig)S-d@@kOH-!i8RZkYzawvnhjzH-W2&vhXlM)VML5<T#lGDIswF<bvyIV
zA%NGCcPDfp7lsADvK2{&Zp{8AZ!Y>nMMaxWKHI7-wbV&%$(JnKIQRtG_cqh!p4x3s
z$q6JQYzv~TlYlWdBB<|&Xo`<U%Vv`h`fO<?sp;#c_M^G5tS4?PuqP@@1jC#+E;@8l
z)mxd-);snll`obyi&uXLP+q~QTg+Z5pPnzSP-C|e0ax-rimQ1nj)_>h%?!Qxo?V2d
zIiabI{CI_eMl<_FMTFg1<Vy!%Z~M8Bi3R=YpYkquvv#ZhK78yVU%p$^)<>Y(jwO4^
zAhi{~5oGj$=`|DdyenE@!G5Y$sNr`Q4-TR|wfuHQ%xKO}3tU)-k2+$ZeJyhJe7;7%
zI;5!8vrTozOgC&gD?8RA*{><Pdu`~)gPXxKnqn~n)d6UM>(#u@898}zBMwo9x3h9E
zrp&Q6N=ZFiamf_-GmMFu+yD4&*UW?Si7XdQtxSs>S6-S2wx}am8fk*8%cV>oK2{Pe
z!m7eoBBF#lPFig<m{iFXSBEv;qLfvc(dXJ#(W&EMnDpl12l81CT4EF>?-(=X7YDhA
z&6;nX5c^g{45LHU)J$|jSl&rtlu$JhVUC`sOP*4Rrk93Zt0*%C-SGn~F(d>M(TM2S
zEm)5_niDJJO4Av7=51l8++T&J4yx3~ItscLaXX-{sIn0Sf{zbn7u1>0?&Nr&ai$KZ
z=!jjkWrnc}9%M!Da4pXDY%l8Zb6A9KWP4<M8S2Emsl3iX#{;$5pLwBel|VK2snO~2
zM4WHGwE?Etz1!`sor9cBFaSP!6!CE%DIPKPmp%W^0qOc6IFjuO0;~ZS+eJ?>Z~vKi
z&q)^vh}j~4@Gh!Sv1jQ>ks$>K;H8tIc!xpM=qYk^9zH86s`ila8hmzZUF%i%L+c8l
zzdud{D3L*T_Zh`&c<-`?KmGYQQU#&p3@UHGBx^62^F}*eFxp@ISo<Ucl`91O>(bIY
zWK;DNwN@p1xA)fD)#ye%h}LY`dH6;viUtpZWC6c9T${r^zd4pcHkr+Td+Jx;-}Jwq
z@A^==p@O8>)!^DyqyANYWJ?+RyI`naY2R5V7fFcolpTCtS^`kL5VpM=Ee8?KQA{Dy
z-bR3#z!fBAS$O@*)c|zgLM$}_gBEqd%H{ixFH9SAkO^zGK)lW`aVs22j4jw@o&Fkr
zo8c`i6gd=(@}2Skgh*JEr}GJ)pi_YV*z&#j-^K8eD-Ff<yc1aXdD@>cdBhVWR9|0R
zAUJNd!r9nvdxmo9@X&?R{IQzw`w6UA3m#Hm6K{q!I4^m}w5T%jK_Uc)fR|XXJj*J;
z8(}pvXKU{^PLvQ-7QW7fn6|(H(xBL>1xvI7N-}MIuy@TViC79gtQ)s>54s3ZvfUcR
zwfdE0E=k8<C2Dg5ci+sAgFf7t!5DEz2=u^>Se??L&7MbcHVd*J;Y;>g)G@=v@qy_O
zJ1#=ch-1Qpl=VH9NaBlk_t;$W3m6Efo2W+7J5`4i1a10-t#y#tl~Z2{)yjm5PQSzP
z+g%DH_Dkc=%e%aU;Eit;=aFA*bA6ZvXI_+y&2Q%PJZwDCgVFtYLtO#wR%tqGR*JE4
zA?PcKBskC=d9&XT`<2>3El&Z5t4bw7;{l~yYXt!DSuX7DOZ!Ng`3D6sxd0i`H{x5A
zz>*|Yh=dQRLoNcx`poUXGVu|HSjKaAuD7Z~FfR6*wQb<qj3;Fo=sZ+K1$*FB9@I7o
zIdliTge3O1JZv`Ye&|Q?U!{+sub^RU<rI{{wd(U%i1T5Ro3v`aqtnl@#e<rtZzqQ&
zOLTm4&Ze|I0ky6ytcm6MMo|B7cUB)Gv&c^#SX;pxJ7-i)0(0zH5yNh^_EOmtP9EqD
z{cK&MT+qi*Y3Nr-UYCZWS0H!4%dURqY>5>Tde%J;^rta{cnp&~K<wcX0=ZigOI7v{
zW;T$!VQyuorZS!qUcsX@In(g+F)a&jwqZaYf!vKVUxEJ*cUP9+QH8UgH=cU`Y8_(~
z!4|HG&-~g5&>XK)eF83Zv{=F?n#<FuYYnw9Vg{W}|HIwsUYTH-W`7vHoKvqS*En!>
zv-$;?99tfgkIzQF&uy$*_b$oxYShP<eqL8>wY@4{BC|bO_ab8{DtGW*o^^Sc5+`}_
zBDqsn(JRvveP9tFs=*pfs~93fJ&ort9O`T#Gyx2rrw*NTD`!gg7kWCL6PRPzsYN%=
zC+aB}5XP04nAL9(m*TsUIULMr{)Cvxg;13^Na5!vDykgnkA<c7WLbEzZRdtIx6mnG
z&KVqfjU(Cw5>xuTsu6ToQ^ini6Lq(|mk|3dI>CA1ZA7yjL{kV%M#vLAipTolNSdD0
zKj(K<5WiFRhXnPvdTX}+GlWDPicWt=mH9;b$SmM*8x@$pTer@R9Q4Q!;Ta%*zp~S5
zM<cK-SPK?Z!M)44WZl(0ogjnVY)mE%&o+Io;ntVHd(q`VceO<hcBqt;&2jAny5OvG
z+B1%lhP+WCp~dhzkt)AZZ_(Kx7Ras5&15<-83UuS$v&e_?rF_Q{;YtPP~?FpKUV%j
zgatX67Pav~7^D&f`EAOkR-uF)CC1HJR?NU5LmZ}a6Q|ll`-|!ia4Xzi;hFOOTv)CN
z{)<7iw6UWXxSJ#YWoIdGj5bG|?{76{yqSnprCBKX<{qr2W%M(c19jN?FQ#0%w*<$_
zlA(ziQD##W;X~2a8~G<IHelc=-L-rZ6P6qPtP0T6)_FF=P~APMc8C;eyf#hMO4pIV
zHc`%<^;Mb+xm59N7XU{uxGi69*~FkQueci&<VB<FOBznq?e1I~E1(0B*4j&@IRNL|
z2I5yQt9AKEth;^oR}?XuRMWxZ0D*v{sbK5sdtxT+%ex_(c;DzT6)4gRmn^tr0!KgW
z&r`JmH6#U!D@<{1Y!PDTTzVT(ViaflyxX&}*?TqTAfw(&+nboxwH*G^Z8X0cOxVjk
zP*|OVY*}kL@>3DxDKw_#%{agTp;A!;GU%r9_=e2Mu+wSjm_n5k0u>5}XkGe%2--Al
zr}dlSOgoth*AkYfrkxG2AgO<C$3h!qy=%LftdiWf%u-=^9<F33@u(9%Zu+p!AdMe8
z{<QANCoQA>5;mRs?I1@eM}{Al8c}+~8=_KWsu9*qAlQ3AEj6B%CO%MCV39Fs?GeN$
z{`4H;RqWTQC+NKG0_L6+=IYftLzO1NQ*^Oh7OFDHRRri&gr&i&rH_M$>e-fMhw$%x
ziKZ)I8?rgwdQGk1w>vSb0RicCn{aR>c9ljU_NCYzs)&ri9I)sfRQw}p5&T-bJ>GtD
zV$w019$@yJfk+anK!UVFT+Q~y`-Msn&ELl{bnyj(^hfzZeB%%wX`_aOpf@bX)0|G6
z)Rq$rb*jiyNcwI>7$?X1`$iRJ2d*DP8qmB2|6|^;HU+Pp!@@SECwuSj&skU=f4};Q
zwjcDzlS=Eere>qAjZ_vnzB>O4yRUz^8U;NGkmi*38$7U(r<cbzUD+YHmJvetQ=sGO
z1ZkxR52R_~ISX@R?t+o@$ExUuk&EIfV-1Oy8;-|t{X0?hY(-;|R_1~PFmc{8tv(28
z#uSMgcBL9$%L2Z4`ie-|vcPY`Ns!7<zFA4KtntA!LErodHsQ60QN+pXuU*K#fG7sI
zonoK=#nAQB#4L6kS)PapU?+tQ=6{NhA7uRoT?&5Os$io2Zb~)yck(m&e=StC%Cbxo
zI2f9lymeoPRI?n-XJPD}nMP|rs>f%04B>;QM%qn7VS3*ecyEwUvQp;_CO8q3wb?zb
z68~viL0(<WoAdWy3ZU4-&1}8}oe@Yg>M*O_asQ8IA7FX`XtfMS944ijC?@k{`xfK8
z{`M*$1<JtfQ^SgZm^|M!iM>%0{p{mn2y$HQo;1DI3sC~Ff{={<)SIW!5%(v+g8iyL
zWes466|<Wc*3XkBF-IK7I>Mkztpv*iUXkK?e1`_V0U?MG)4wSw_t?vOpo<5YHHQf3
zW<WN_4dwlV(8DIhNezGhE&e?VQwYS+8K-8-=85u5$`%&H0yRdrqLXT_8X((#&bt5N
z{PznrqwCyG>a22&-^tiC-owPqWf&4Iqnuc8Ku=+4uo%-f8JSKgYM8(vKwFA=G@3=|
z=^w@}o{}btvK-46JqEBCiWuB4o6T!Qo~{f39R2*rKJ<>1#-wk?Iu80(p**T|IBJoh
zZxWXbRd^%)ms%l4yGFUixso^)xzbT8rTh+;G+hXn9aib2Mn5dc8}x5aBh$RL^&OD0
zpY)oW=*X<`nIwo5{gupmb%LMn?-&X}qgsV<G5RX6z{qzZ{5rbQjI5WVT5!YQn};JO
z;?<Ngz<+`;L{dkm^Stm6>%|!(Rb}zObou6UxL_P3PRjsRp_>d5P9Ei~s3$mCYP0|w
zeG`cI*N)ydLGh;IELXpwtknF^jCM+*48n{{1M!uDb0o3_2CFCZWMFGj1{uqZi=<2G
zQn*BX{zCSc^B*>Ak{}hG^9Uh{>~!-kpsDd;m8qAE4kUM%RZc!;fhNO>*c&?Ku+O&M
z((dZ+zN7`t)+aCzkt~gV{GBk>&bI>Rsoops!hF1+(pOJPcN|c%-~sI3o+y2(Q<#ig
zwZw7g;jt;IBf^k{;yqBW$X72I{OB`(O8e3cBxU;nMz$0mBP04RWh2!0G=6*hZ_54+
z|38#XGT6@zX;=Rt%!Zw%RPirm|HzOk2U7N=Uhryf`4{L0Yxw~KL%7u@kh1B$Vl$8$
zc_!6aPr^_ut<m?_sVAb_snv!xDkOr&{80gFEi<<IbT|IAHNZ4hI<pmRVzRtY%fu&~
zq;h2X^}w$L=*KqyqkU`Oq{gByR%-aa<!FquFY}IHSoTV*`yE<(bLG8cp-mM+)+yL-
ze63hJag^SX>mRtXoAqWJVT_ZU{O#kLBsoXlC;bhzzrgh_MsVkHht#{Pz_{wZt2d$f
zvpmzAy+M(#&9$O*uXn1R`B<m)`m2;UT!oE-RUuGl0;f7|FLdYpK;im8MXC0kQ7{xd
zN?;Hw?gWrE$?E=)g+ZRuD<!*+t>=AZjw!9J1hTp~s17+^Pmu@^MO&Q?Ir5}-awBzU
ztvn(56H$%z4~Fs3G(t_<p5ytNrdFECWql{7S2rtbB(}B^9<<X~47qY{uHKlBsWOUT
zEVE6^Han81u8{!e+onHXT{z(Uj=m-HhzDzAg@L2%<3-<aZX=t@eGEEQ^s0fLrVHoP
zaeiy+emq!~7wnn+J&5bQiyhnJd#^$0sAh(p;c$J0eD1xs<CEQClVm`wcy%0*qK7rm
zYAh+LKS?4m+7K?yY<)jU+&s0TQHD@|>4rNh@I0Px*7$HL&K<~o8<^w7DK5ZdjS!=c
z;&CWbA%fCJ#NAP|=I4?Gc@XqcRzAJzT7Uj%l-jsZ&fDffy*uQVE_2j#fujOzrw)gw
z>U~n^<&*j4Pb~CVJtq5fI?G(G{`qV3BU8&9CH2`wp%3ry&IJ62_6~A?b>9uhqph_X
zf#fYy`k1${D_vd$+K$jck?o(qfWkR(l}oTr1;CISkL)~f7U-X~O#FuJm?cF;_84{7
z0ux{v+X@#0T%ZV8#x^*t3Y#>=f59?U?EAsFWmMmYQ8{UULwQzj$Ir%+t=^(o=5c&X
z#PppYY9zUW=J=t5RJA_lG@Yt1Kqj{JU|g^S`8z}h+;2lkLcSV(s84L3<g{Pt;?7i4
z&8NNn#g;PC_^O+nH*vKxoxno2x=u2%kez7}Q=F++Jjtc3h9PcOTpIQSNxa_?Fa>8M
zkmpT^Lv2M~*>B(?WPQt4q55Nk@Y;esam^ic$K98Uibsb?w&}_sd#@bIFRzEGoYNI;
zmg6U2*?0>NUW@f(4eB!Vw%*5<y>;n_A2sM@+?Un#Z`z<+6-BS2jb-2Bd8PgFYt&@J
zbY(aho7E^QR;K**7j~Sy*Z~vHKk2tMBt#8U9Gp(*90WBTV%vJ4)06R^Ygyhk#ljm%
z^soyPnpO$wNPBlywsw6vWl2^VN{O4Y>^yC!!JvQ48kHdrOJZF<R*Sbm(!Us$p=*ND
zX|!JoQ}rNOXt+sj=OxntXVyAfDS8{l(W@(_7GvGPjlD3wC=dYyM8+huPc_u*wjGvH
ze#$Z!7yX;@dXxK_k0Qsf`UJYFyV2nO1cokbHUuwXn@gmNvsjeG^tlTYFsPVtV7=J@
zn!0aJZq3W`h9xcuPO3X}*?4Qzd4BT8JhvUosf1?-`hGlE`UG^N>g#M{q772cttO$3
zF)9&3FBC$0X5n{iA-5l>Kcw7J2!1NNE8oFhd+&u$pa;`GGgy59wAwTpZ<0F(z$PGM
zhDtD703Z-Tj%?ul@xC%>5zomaD}R)$6PQXIVMQ52T9%H4zM31@dtIp<&Z+wi&PqWF
zdfmU%nTgb@@6X1rhdXCr)$|B}6Wg=(;gC_kE@bq{p<t7w`$HxhH`T*^m4L!I;X?6#
zZw2Msx%WXMSmTSFQKUGi)*sj#d5CI`n+tv%TkhdB-yiz7Rc+!Eu4>~0BxDZ(DL*Zy
z*o;xq14an;0$PTc$(TAK1h2jsY!OR4O(q%4$RFOlW{8+%BBAbdOKLH3m1#^NaU^U)
z$Q7z?1Gy3(Ug#d-BHMe4@C@f5@oBNr&Up@WOh$dlsZ|5i5E7)7YZ^xsQj1VhMtE?A
zd^B;t2~x61G{riU_wl0C97Bvl;Q>N0b4n1>F5BW50$T#`H51Ie_=n;Mo(1+Q`3z+K
z2W#2z(dd^~Yslnaw(w4k!yW15&^ie|Zety;)m2rK<^lz;g|`fBYqIWsFv^CbGgZK2
zOnkfID8qpqM(b!`6ol)EhT`VuO<*W5><4~WQgbtNWHC9}%<;JeYak;g6&a3M9KO(4
z`;O6O0w457Sd6s|bC1|Reo)rcR{I2rvedb@nZZE!6~gvcI>u<h(Dzt@Fh?)Ws~IQ?
z@)CY<)Ffr-CM^dgv{$Ryw(X@&3-226?CR-l_oT*VthMHsfG6H%MnMW|^SQK_T06}a
z3xQd<I(5ogU%1b|EI#?D#J1W35X6@@xzpB4{HlkTi+^Zx_6(v>e1CYsv9NAs>VX{g
zW1qakLVfN+f2z}&J87kTaJCr^t7{co*gjz?5x!}K=$iWW6sb`V6n}_JS^S$$fT`ge
zL;|zkXwaGeJPp>!{gL#Wp+kZ8dc7Q)mDj1=7}arOBixz^>0uKD4yZ!)sQY(eudzjE
zZ?SlbqsOGBZ}uny)Cy{JGQfEYaDQhWFqp7_NEZ7}GtNN5II;9nl{|?=wr1PH=0G8P
zre>-Wjgo80k3fFDD8`}mY|Z3>YzTWWYcP$5_@a91A>n$aFVVeyS|91zoM<ohJbFIm
z+2?e1a<)N&JN%!G8Mqc%Bh~6W8NZiBb-RE#eB0PVG!><0*Vxd*`vWDceqpB1X-+q%
z@@W!?!w~^n35l<m%<t^plx@kGv#_41?1~V5zrC_W^*2cDXL|MV5U3R<&u>p@3@T9w
zc&JETGQ-g`#T&9JFQMs3ZZryANgWqsp-zclmouR*!NKeEl1z%WQ8SEF$Kk6kmF75R
zQ4em`9U@V(%Fw~%X&u>E73GHPW?B(5is1S%)@xXE{W(poprkHfI|q6r`L=COsk540
z1*M*IsmdGU_A21CW1L`3ARB(ejlm6>@=TRTK__1)8PnI-P_K#N{}vv^VX=<Z3v3oU
zc7k4X)3zs;fxIrm6Iy_rF*U<g)jRtoKNmRh4Q@sx?U*)wQ3nTqA>FTa`$S95uo+Lg
zfhMA@^WD@%>mylamQZmKmq(62r1FWfPRZ{iXh2kwA7EH`6{D%8dg44ZHSE+Bk`pJ2
zX>6k8Q>wwHx^>Xn+=xI)vd9_q1Bo#o#ff_r7XF&I{iHn9C+BP*(D@6BaLcA9)F;lH
zTNHg1#EQJowJO%6bfMT3q;-rw)sE}P1oU{nZ_pn4!4d5Uiv(SsE^31ImJZJO2y@K7
zE>knnj+7O_D_)eI{8~AmBrb+(<Z%!Ov2Pp4u)9PGLS455&!65!e5*x@)>tLU$TO9y
z<R`>$O2&gMn*n=>>5mkBOtw0L8C1DkBRL_)Yo`2PFrX7~L!AF~pv~dwGCkq!hH^#m
z=fk~i6QaoK?d*FlGtty#l{=zcaTHaRC7)nA9=e^2ioh^sUUM*bpvd?Viwu(k#+^DU
z+(|=8@XN`KhTSKvz9BPG;P5$i4W|^9&`PX)&QE#?)9TwuBWc7JM~keBf;#xCUE7o}
z7DcjW^q@}-HQB7SkgjkDCs%nN6>4vrw^ZiH92Ls17xQg8ZSs4CybS?QO}NKHdemN*
zUBfCyYsBL^2v^WKQW{+^1u(d`TMg^h$6T4;BS8~ZV8-#CN?dy<x~1~6P|BbND|tl*
zcd>U5&zMrPJIPpIgst=psA8tEW13@@ypD3-Gf9+K$x9}R2*Szls%{(u3(#gTf5rRR
zLYh+jSR^HxsY44<H677<NPN0AVz8IV3L!I3o3ZF`MME)Y-Cd4fQYbO|^T%FlENs+M
z<{bUtVcE$dlf7qZ#EeH$LKiXo_o8(46)a8XOO4FPLeN~veq#}MHW2}?ijgOObk*l<
zxvSy;yU$S^C0bp<3*dPar;54`#1N<<dsb&S8;?|fe8Oi|>D09-P3r#8IQOVRQIf4J
zld@_!+nmDPG{h^|T&sn|D7ig*PnndWw~AoF>1;-TZD;jj@D~4qNqvi|86Ad+0Eg8I
zh-gnp#8arT4p$AD*dKou7)kx(<l78M-BQ?F)jE$W)PlG@rh*;LNkH~6Vb@34FQAw{
zBcq{x_e8oH1P{yyzGR*En`=Rk#%ww3X}Gvy6J6|;Ia^TMooWAwaHsMP)3K^2P5P^x
z+$qZOiHDGN6+-o-W%H9GkSGZ%?JBM&CV)n?Z7gz;YnBb1lwK+wWdO*&WzCr}=4hmO
zCra|MN9<hSA1z3Emimw??1qHRr^UKAig>f_$Cx^eD$)q8Sz-w%_5l?a0(P>ta8Y`g
z4K#4vDbMww1m7u?BBfCUarwzYo2mCiXrSa2gx^iZn(q4rG)tTe5VI_z<N_tf1KFjO
zhazxD-GXw$w3ZRtQ6715bh`o$;UHby@Opbd^uFmcgUy$~&@bRE{Mv;8E(R4$lWbx9
z*@YSGx|M1m4$T8oF^^y(QRiBiHtiYyesvCklu+W3X=le-p?ON?K=5ER)}my*tZrf1
zRKd$4Bv%;5fEK6#f^P`y#Yv2S?UcHV?#@rB-L2-=-HgeCdU_>6Q3`1|F2jc0fHt)m
zI>U8>2B~llib5a~Bma;b*}6*Q3X8Ea?8NW|VLATHpp<LFiQBt4_3J=^*yY!{R|jcq
zYCA#<Gs}62gcY_4v5qw>gn!W!2JO<1kf1sp0{upnTBL$ES|z=2*(jIQ+(u@1AZ_@4
zb4?3464)s*sv7H@bz(IHy0ie2mCz7tXFy$+7w}HF_CW>)jtECfj=*7Zzw>AI(*Oyp
z5S>t4c24`6P>V(NOD7TXVfv|2Y9My#_FA#aC)y8uxP8z>?5GYu{`sZn^)>)JYZ>tf
z*m(T3vj;XFEu9ybV1!@ELi(AzU8cnZ;(`*J8T(h4f7Uvn6ukUf@fLeQiPK-3(m9pE
zz-^img3WE%=$XCzta*0*x*6xXk;Te>?%_}ZeG7-XiNfv@{7HPH%$I0y&<L$mv2aKR
zqag3Ha;k+U7u37~_D0!rM<<e^+xG<118Z8hsrWV0SDe!ANf~@Hg5<Y8{|M8sJx30(
z!Tj}O|LJsK2cB8yUn|P^#qcUk5vLDfy)RJSQg~sEp8;R>Us@zs-N0i3S`Q++r3Kxr
z9{*SU>gRW@FLzY=dzC-HA6O!SRKz=@u3~UFiKBa0Bez=u1)M_E33D4NAj1$4BM-H8
zSJAp2e1`PXuiHqZX+TQF2+}*`M_{7Ch%E8d>^Xs;DX&oD(ymd1W^VDV^&if}%`ehc
z>npGISHc@Xg>0LBQpcU2(yUtTr^r@7l|w1c-zn!dfK4*FMia&DdWM*f{7R@givB7?
zj@_)=OA(qy7cRFh`M;X9cAZjBHRJ`nY%r8{iK@h9m1{h2o-0v33?%<X>cM@@h<?&n
z`it2GQ?^^7X%#ZUY=~g)u}BO&NI@n1NE}{GVq4oEU91@X2%KE4E8)$&FnXk@kzsSQ
zhFEzdR4Rs}{Y&v=gr*VB<ON8QP99{p44Ywc_eiHquc)XBxS3y)Iq6PocmJoYvka<Z
zTh#5s-Q9w_+rr)5H8?B+1b26LcP9aY2MO-(PH=aJ;Ck76pL6Qm_ilGpcU4!<`Lnya
z#~j~hi5?5_g$0>?ABZmxX~ku$^JyPE*Wd{)gB>kM%=31Z`n3DM0n_XG&;JHY4B#s&
z@%#S=V7mO^?Czi7n#6^u@zMSxR3a;Fhl1seJ6-e-;t9!)of5U2*dp0&!)ap`Z<0j*
zZ=td~S84ihow7{c%<gZUvQ+PX>69VQ6qg2JI~>D_JK1V8By?t%L7V&luP#*?I&f)U
zifaO7Ztd~&u30kE)B$XlR)SXz#{hy%%~RXe1DQ6_K7DwSCOES<jzefXo*{i!-c*3z
z+weP$uZdqb9lV3Iv{=RSJy~Q87*swk<nP4xU{?<A{K-*VQ0L5+LmP5~u3VDv5DBOm
z!_;n*W5VB;5wPoXLHzMynEq5j8@?c3i~S3U#l|d%1+SJj<D~$l6Y)(Q%FS_1Jh4PB
zEH~U=;S5DH4S~!)xGvt>XwvE#yok5X;9T{q^RTvJW!A@{jg=hjI>#*e^?xneIJKE2
zGS95vgJ!#jt5yveBxTp`lp${koixH+C*|!+5E3Letim^};8;GYKGG!%%jqmEhxO>T
zC#1xYk`dfh_xBAo3TMfkJtLBB0{0#XC1eSGAKI6ik>41{f^4_33zj|}H3}NsKMAD=
zzR$v7<8%NPkM0C2TM@v-bRI<WuY+xup4B+5f9u$?YIggKtjTOx99m%6{_J*+lDpNs
za%wG+Z%>dC4MC5aca$^}y4c|ZdJIz8Xk0Aro|z`4j?p5p3lEYkpMdPG*|9;EDP6*8
zL@Zy(k3rVHzz6gUWmva_?jZimr_s!CJCE%jLUqi;7ueNkKh=i33tz|(bqS}x)@YK%
zxN?xPVRn~v?KDb^jY1L*DkViZcG(QC1-E7-2T{0_b$CjGYY8Pw*v__gb%{cL=P@;k
z_K*Z5b~|46&5k<?9^qnP$yDIyEHX|AfN1ujCFS}Nj{POx#!0`RDx`F?Q6`Jh%Gy$o
ztw6RZ2@`{V@-Y~h+RA0^{e;oM^6jLZyP6;t&C<c4Yn6&g!F-DCJW!!5h|d7`F(ogT
z#DtHBj^;N4fX63hYhyi)pp({taNph7&R@>eCUwq+kLIJJdbk#~CxawN79U*jmpm=9
zma6?{h|&?ZLFxli9cJUx1<J<7`SMkY>LwK35nWr3;JKISirMF7S7BTKk$!9Tmu28q
z4%tsa314qXX9&}6)P-dqoGNFPZ;Sdkl};T6<(PVjYa_Y`6u^%Lw`>ult=#j4;&TFJ
zsJlHo2p5<-#b|?{suR-f8x^<xGe7)t8t$@}#)9**{mu`3Gi{I+dtRJ<A+1o;{b3i8
z!ln7MQHZ_&TyE{ae10E(YkwSn5}JH}&977_iy5*A_YTdb$Rv4#0$ox<ouBOd=oDpL
zr7i2YJFImQ<-bGJp-s`*vEAw(qXs{cS!F6T_&WjA%rj)G&a%_1Y^~`7UdjY|HQ2L`
zqLsT^4m1wsQv7iyJXO@x`i9T`@e0DHbJElKgIR?X^kk-dl>K=%=jT@vb|EdQEB3G^
zw~PPSx~4*gAGYq;s#q=NZPdIM#O=<x+4yI?NC9Kk<9}@3QgF@?+e9RKFRsaJvlama
z%dhj89b$e72b5eDP;F`aS=HN{AkKn4SFg*3^EBT}g+W>}R7>WOXy(KlhOEb(d}gbg
zUT!iq!)BN@h1c}UYdEMNo7);|Ia;8VQrXZx1hjoRhC|W~a}cG?b+i%bfAA%2Y3RD9
zu!ZS-(Y?7ASoaNC+2_)ESC1^x6ef#)@kDI1%#Sh`e^QAAw+r><W}L?~DH+Fwra>s_
zQH6p}=VID|t5H^v8LI9MM`lP~#RPnq;YA@kqDFs}OSLG3V8p1GE=8{jSqjIlTXK^Y
z-9dHpBNo>UO+tW`it-<_-<B(BlyN;*KaIh<4aqz4YTFz?GXAmlpWuQ%Nl)#J(8shW
zU)l1B7~$=jJ&h1TNcmx1WygPBo#aQ5>68I^Gu>{8j~-J`PN7LEp#;8+WDbhfM_v#o
zD}U8WPCdq(&({dbO7XCmsB#^Pdpe1`8PtnMOf#MNh@^(xV)*v>;AQ7Bo1=s46}OS&
zN<-Fb3uM(9PD)mh>|eU!x<xEd9JPZ`*S<P(6_v;Wc|>+RVb6_=ZK1<;5XGCm=zZ1F
z{ujrL^!wi&^DfY~l=y4_Z!zK@j#==*F)@Vh|4ZJrexc&tx^AcI8QF?hZ7&=;C;J-v
zm%KZL96a}b$h#X;ws4&bk&v#J0O}&{gGAlG<z03!r}i^xj&(H7kN%k&#*h9PX9L18
z+sK!C{6Qmd74n-%T0)BH?85S5l)Y$rbXPGO(%|`DR69k7d+X2;<TOv?se(M5aC%5d
z@WsBk^XB56F6r{XyzxYi!O4LY8P%B{F6*jnyo;A3_3dG9%O<~Lv{FUZQL5xy#N&u^
z48ehXerU&A`9@fi*+1C=h0PedD6a-P`XY4!TK?o3rj1|fDoljtm=l2?O*dfm<k0ox
zg+6;lXYFe$-<^txAR@vD##13HyM>)_Oh8D-gDBtO?kPakM97eWio<VHdd72c@?(T;
z!`jzmKUH!u>$fK035WTw(E{0K<c<sn(D8@8LTM-(cG=f@xqf<!tw0>K4-9%Aswv)V
ztzwXQfp&}1lzUNb?V^I+vchEu)s@1b#4Ic@RG)vhEDl#*ZQZU%x5IoIpzifxcneNZ
ziBn@e#b1(oczb&-{=VKRbZK$lrd8WTd&(G<`kili&N-%Y04(OuDsdj$yHE~+wNIFI
z$v?iXftB5*=ZCMm^tZ2j{PLHt%j5Uq>oWZ1>uR31@1U#qZ}y4jxWFkeWIRBx`=UY}
z2#zDBefYXTbLoU{Xl)tt%kW>;O?Z>cPRC!8j5epmrT&4K7H{w~v72>n*m}t8XE1}#
ztEfh7f<gM<4SFHF{tIFTI}D_Zg#)-rQU47wv5Fy5y+eutr%4%z@67i~p=Moz7by&z
zpRyJgx>lG(xDluWQeuvroG@y8l3QVwFH4dbtyC@)9oNz90LqlVI0@8CN5hUSgU0$q
zwUEUIqCQx`yrJLXhOUsFp`Ymcs|p0V)ffW7CWNRaL$71Ge*2j(3lfzv#5;X96-|Os
zsKfsYF-MU8KZxmwU*(ZDyxIy|6m9|#j%98wR0_j<b<n1G=v_4i)N)v&MM7U&DS)$n
zsJJvGEI-t-ruzP);@WQz{I`k=BnRyNt>Vu8EK&Qnipw8a_5cP*>b3Zfipw3f8k<t~
z6?|N_KA4^iBbNF8f;geMykI}MDsmiyTJp}FOB1N2$CME9G)=h*A;FI*+|7j-DMgFD
z0}y633xAeK&-1iQ&(T-aq(qV6Fav{fBBQFA)4xs;{TIaiV)w)|e0!ZlXJ&CW4%I03
zlp?aLlXPD%t$h}uQm#=3RJtv?7Qw=bkmVF4hx|hwWI%e{HZP~HD!19GwLqyWmt*i-
zy=W}TRkK0drZ;2+0w3zfnA_JH1HoL08<FWd>L6b22D2svK9l5jjttb$ujv*ICN>>g
z;5H5>H(X`7<01<F8GV@&@+985+qqJ#Df0>>!5)HBnZoe1VgD9!)t-OVV}PF17tF}c
zO!q>O?)lo?x}|E#(p?=|>&rS(Sua%kgTz?3y4HSlhmud^Zt3jheh)Sq*}~?ioz_#s
znr^7+Y}JDHQ8Gd!zv2->5;<w(g~njy#}3n^oFLO~DY2UQz?T@PBH>0qo=RZ~VYAl%
z!j~eGHK@Qo5{~Gn_YscIMwSpZ75T%BSf|%x=h}(2_H?QTLgJ5q<IAR|f?v9W#oXpr
zc~Iq<*ugNLqSEIl%Kzq<{b?WklH`M5lFn^J%S!ysFXijn9h)xx%`eFgtN*Rya`Xmp
zhgjFZiRdC`HUGme*D|EbKltU2e$b*uS(JaVeBM&=V@CSEf|iJ3<7ZRzVCxCJtAkZD
z(Ro`k>0a`NZD<WF(05t5?RN=O4GsRftsiag-y5r})CawN<SetDk^gdW9};AHovQ#L
z9QmC%3@Cq9`epCq|KNwL++4LO5WnRbeQmJMYe7btJPwq+#iETqd$+rg$yx!{zI13j
z6SruqkuOmuChig5(c#lOvKjaP<V;Ppt~^r}p%6EQ1SbR}SD3wQ+_!g30r1yif_V8Q
zo6*q@TQ^<}IyHr?F!5Y?T=|#>@r#D79pXYji=2$TRUo|F^#f46h)eO25U0ZXk1E$Q
zSPMB5+VzxxES%6KYjNVSGuem^Nl4(_c)u->S>w(C7j&_qvGlohGogzP0uKAtvi_A0
zr@mDZjazvDk}1qm@u+OKgpbZUjzn&^-#6SI{7H1KjmZA4#EpbAxxvL~tcL`PHam=G
zXlTeAmzP!#`8!>V>8~>z9~u$|9z+qnII#~B+R9OOL`qt&&M3ERhObk@z=yS?fk1@+
zV&nqxYjnESLW!J-`q+}ktZtV9;hxumb3=nXuE>`O!gi9QyHdPbjg%qhDHPSnKyK`5
zB5^{&BeHUK{!5a3xjp9oFAV#i0>qsUvvI{&WAC?TkWM6hXl)y->4Y}8nsq8P?Vl6{
z2-fEIhP&&zdv@c{rO&O5ES*-JZnaxWzWbx+I{NVyLnrFnz5RL~f`;%6{xOKDI|%jJ
zLIfwe0IEM7B@t@UUUR~lRYkUKl_gkl2<TxTWo={EJSiYKqnPGCb_D4-?2*kd^~EXR
z7npNuQCbA^>!0>Ivv(hL=@D)oIuQ6%AH2r9SC{_ywJOz7kyorHNsk-St;G>}kBBh^
z`0?+#bZ(@pn(spgFfGY2WRQ<vol}|KrB>VLIBjSPc{0&ZTceKlxdgqJ37GF=q-_U4
z-r3SPjElkE)9_!ZjURA_a9^#ne0?EEo|0_3vebmYZjT<~14eYi8J#xedW=824`Qs<
zmxch_*|n%`rP{8hgMoW-9)9O=NDSM}a#&_UA+j*jr;L;+^4CpJ%SMBQd<6zDS4tk9
zZw<_l7lWA)2{DmO1hEn8h-N{SE6Y9wWr<}~%c%1Uef8&Rui-?N<_9l3z|3QDrLUGh
zjD6pv<ef8gNv$`hYan(=Y$)d6e~%!1?U9$2FuVzSqE)c*i4STd+KAE8tB5ODT40V`
zD-C_-O%e<T0?{iuatp3a_5Na@-qsLzY(J-(r+ZY9o^l?Wcp1<$4;E5%MSUB-UWOTt
zY|hS^f16gyxo&dRkp1I};D$TZQPS1;a+ut5uS6{c)OJ2eNag=VS{;7W{~7gELx!F;
ze!&R~%F<ZNAs+jVH7V|^rFb4rqFw8k(A|*=g3xWX(1V6MEQYXzJjS-0S{E%Q0UdEP
z-9F=?33NQhRdu@FK?SxG&)IhOC*4%@C+14Be$G!YLLJLXpKRhX+{lQChoXC!VtDo!
z)AsruU`5a|X`ByZF(J;YW(Z1D%Cc6VC)Qf>i?)iE9RT3;u!~^AqkyHO;AD4->*~En
z49P0XXk^Fk5S(kht}d#vwe;o=oeVcD150BVFl=HN;ja`%3G2a2vum!~3`7uo&YV2Q
zo_H}3yE=XRD^=Tdu?n!S7P<P?R#lealS<TbJb!vZkR%)+E$TT9X}x}(g`AF>F-?g~
z+oStgiZDV67oZkRDANQRIz&rBK>0VgBob*}Oo%>W$F+Ur<>wBlE`vOi#BPI(kXYQ6
z)t1Bx<|gOJ<X_wpUsuB<<cJwq3ki7BxAEizU8tfUmK9_B2naC<f;A{<>ht8L7bj)B
z{Y$S1?sJ>Ke8?m4iHEu5s_+`m!xKRmuvxGS?&~z2EoQxWL)fGhUXG%iEeFAudz9&}
z?GJP7GI0K~N_;#R+NWttAUIc#G2mjr#Bz-ue+pr~b6C_e{U;2p%yMOr{*Bh{k=XX7
zm=%JPf1dfFT9k07WP5?Kkn|jQObhu8V}7FEAz_A<gR}>_ADSVl=yXxui4-jk4QSG)
zAO*sN2lMA-SptUwJ-6)K12;#Ql2`$9-ZP2*j#CyoP*C#<jhJ4WyM7126UlAKv?8(O
z^rvsCaFx}79M~e9medKA$E4asQ1`Xx5HgAHJ`mNv5<~1{Vho?H)>hv746%aQtv+|k
zTh#;GFMpPJNs@O8k}q=|d$hJWtkp;!0();Hm(Zw=^fNlcM<t@g(>o4r+>kxw^_))f
z&)M5sG$6I_Ci=3vQujE%AB4g5*cNE*{j)J4Bfr5!{o>LrWxL)2r$Y~`s(lciB4U#X
ze7jIDi0l-vW`)_}!fKA@Lcjf?7qhKG5P2r8A$<Ictq$UsK~2+=g)^Rd>zBS?kc_=C
z=t=L9ISKW^g)YDOp4)F5fdhv#Lk)94>7u*YwLycN^X2e#3>7<!P?O&Pz3+ack3020
z)WqUh<{P?W=AtW?bSa290bgRpc%|R+66W6Z@XN;3s`!D?4QELcgS{LOKIs@09FwQi
zRSDNZJ;WnNQ7ed3&Khufb6^C571RK`9Dw;C32wL9r+#GKVg*dg<|CWK;;8pp#NTS9
zhjkQqf=YdZn(_dTu37g))-4@=nQYV@aGv1HACV!lvAuow=3FH&WskEYWq<gx@+V@%
za3$4<Byx@FEh_85I#-k}WG1TM$Mde`*v?=VB3L<16yTk#95EUztlO)qlyz6pJp<jo
zeM<P{9c>=>y;YXqw>(dp*l8e#MWU!K>-#dOXJnsyLu=%O$6#gTQ~9=;sh0*gX@zk}
zN;gr#umHkuhY4E%4NHcZMF;wrV6+G+I>=ESQLK9?5I@o1qAe1A%=AR+ws{4?rx|Xp
zmfL`2<O`j+R4f9rcTAJa`1a4N^3!Kpzy)!>3y;wkb~^v(fSAsjCFoNk@`|05p?aQp
zT3|+74W8MX$)9O#%YZ*|r?%u_P;)YY2bh8x6tEOBMqxbqTvX{J#%dIOuCUPc#&QDE
zy7x7-H(A_suc3Y=Cw8DpNo^7jQhl$?fsy5)9w-=o_%38PMGW9-LH3hsaWCt=%ulSL
z1$65Iq~?tVhAdmy!q=-<W`I8B-d&aYkZ%DTgH0zT!Abss>@${X>~7AqEpjzSL3d<}
zu{EseleN>K4w6xQdYwVStPSX+b7@J1HYJfucyu7#a{H6|cV_Vf$FL|2c%Zl_3`e~U
znpcaJ9@2Czp9!{dU5M~rO_SnD@o!el)1Bh_!WXlS2m!xSF$=J8<Y%X}%_%)NYNUDl
znG!PO>sKP0t#1wZiuiQf$Yo6k*$aiToySe1%E!rw;<!f|JQl^?&PJr?(Wl1t@sd4y
zFrw4aVk%1^b)nnbSLk|;zvU}R7i7?#Zi=RQkUKEF30<S9CT{|V@O+<HyW$&UpfsJE
zbDHR#M7Vy3dq%3w7`F{k736|DJf>dF0BwOix(1>-Aq*^GPU33b+G{1}Xb_%;u!))^
zzeGHbbGD6C<S^Vya%x*=6_3URfyyo)9CX#d)n-^jO*K6#8do`aCX_C5r{zyiLjt@y
zokR)d8YF7A5&0sny|tc2nfo`w($Lw^n!)|udb}`RxB(=0eXduF%9aF|n47>)s*#4y
zm|<U~*@p5hin~^NWIuhjoGLAn-+zE)KRU(pv`Ke?xtvq)wkp&Uu<tL+QJohrsFiX5
zMbrrO2No)F15=Xfz^rzTvE+O~S<Wa9&q29-B!LoJWu8fTDzu&3@z?XP0REwLrF~m~
z?VL7qt)ePSVLm47L$V+tb=($2EM?X#KV3v6p6=b9qn7ryW_n7}Q=Cn(J`Si@P)H&Y
zjt&>3_9GK#4c34(5C^InwLtT!17FgEbDGkMv|k||2Qsel7+q{$qRhUStCAAl%|lcc
zBPqI{|GR?>$q+`+$zui<DF@+(=vy?+j5OmxDk-bUNQ)&<IJ$>%f|}*pT&<CfSrm+y
z2$_*%bHo$1VOBtEU?psPx1gwp16d0}i#@Y}#~T_qE*J@Z<L)Q%HX1)8krS{r;#Tn6
zPJ^tvW<<I=lX8{dcSVtw76FR=Wg95{tMj`f37!i0Qrvl`ivcF{Wg`M39@4J_Jo$b_
zX`-PwipoDq7IjZ0h47W*kvYD>Vg0C?tJRd=D?zji6EcxMsw5z=>6Wfc-%y`EjLBJU
zsRI32D;P&g@Yn)wo_FzQv*ZZ)9QC?|=@C)a*qUDwmw{(dqQR)_2AnkGhw0l_f#oHZ
zC}vJIjG)@caYUb6a1i$R{h-t@$S{Bk9A6MgI<DXx$RwFe0LQM3sf_khG^-j7okf^d
zg}@tyOONj|EU+wL$x1Fp3)m=UDUx)|OaXge9x&u63OvF!!m2&Y&ume&x^KcoX=TtY
zrFdIbAdOwI1^j4TvmVXBq&7&&6H&=8XbR<=G9n8f(ZNKE>Q*Wg_Hor=u!$@f9|&_j
zP_s&#uW>Ejp>a3lL8p=l$AyCsrPij!WLkdb4XA3(X+U9NQmHPU?m@xHqz9fbZR&Ar
zLN)xczPyKuL~^wtr}>@pSRJwlXJC37(oNivh)agTa8nUss7I>xd-~O^^HKT?K7>Gc
zw2Nb9)jII!lq7y}Z@gL&MS11Il(~Wni!WLjCme-0N<Kd1yrBQ$73!wgvWweAMK)F^
z!_&EIoBa(_6h<fNb|for2P}`#9d=rB;5eXQS|wC*ckGqs28V26)xg89G#$Dap#&Lq
zU`S}TX(D18)tf-lz%_95nOa2<R@j!%(j(4ThuX7+P_R72D#oS|<-w*pWQ|dnZ-3u8
z2$aSU8^gxEu6QSzWV8IOXAh6ypo7)a)NTo1pPdspHbaxf)4TPvo5d@+IrFRJ01(?Z
zr$TV>l8@sx1OUg0Pg{hHm32MceX^Ccqu5s{)f-Ws`y2wqg@2cthOWE!)OX%8AanOi
zU+XmP3^nrZHWk~NB#4V^y72ZM3mC_by!IfkTQ6BbP;?ttScU<kX%WYL*{)nX%^u9~
zqZ^ld_~p%bCs2sd`TPaP!J3<USCYvZo9RFl6K8fV>v^MYCP-+hU+?1RVWT(e9*TV8
zxjU7{|I9SN?NP(P58Liml^`L(uog<CRDEw5WgiEx{KkiH;^mtj#7fA5JDN~*^|XK}
zQQ&DI!N@vpa%n~smuj2O>BD$Iu?YY75TtF^%9j;tgV>3acGx-%Dn{y;T&S@g>I9A!
zh_UT{<<B0Yk7Tu|nxKc40KcAhpG6a~4}J4pcu5DMe$L;Iz7c^ub)zas$F*CqSZDi-
z+QXG#;Yos6_$nk@L~%Ew%=ihelMV)yygZ4~>e=zC;IKy{L_<&d1`+u8Hi|<Q@!lbg
zO~X18e8CiytT_Dch}o$Tgv!)1(X^)*9iRTP4;rec?q6Evb2WEE{;AQWYC%?n-n7B@
z>PxrPmU4dpsyhANGrfr8NUtc37WE_%{<NLr<KwsYn*!HItn6z|ooHAMCUvVnVrYGR
z8}GCLpbo&)aj}}C70x4tJl<*NiFDsZQ)b9Y&uod!NAQzU2qIyZ;gNktUtPleARX9}
z(Rm!15Cj^>jldM12sDvRoU3cz*@q2RM9tT_Vya6>Sq0cFVEx6eE9n&0y}RhpcG;s0
zgSXwBrhFjjfFg#-#MdQ3Ht3wvhH9o3TI{C=V}9!Di3X$A$%+d@i$Hk$1-#*F8Uq3w
zn39kuX*8bMrvH;~XxFE<Bg}{hB?HflFT&9H?ib6E=4u>B)qak%+%i*y_NY%Xk_P>M
zjFvqkmw)jps^h)Fjj5hpx~DLCfWzGs8V2z00-Z}jp9t>neKE(1GLbtCLAzmbavdp5
zMRrqqeohaZnFTV&0j!0#y$lOAv-$8uaOM@HA}ovJwD^HV_7HPPA~y>v-?NAFdpLQ&
z{pH)WGP!n&W7eN}Bt$+LGx-reYYF0mFUTqq0d}e5*H!^RDW@nLjMtz7JC$FZ>xTWm
zZS`jZUvHn;Vu8YQ-@CSe{&SxnUP;Jcnm<eSgZqzu<jOu$-{DM<;e-TJ^kw=n$D%Ie
z0|cQ98jNTQkYZww8rUS8t7|+6OCTx-RH+fkzE!wspYCTZza4!A`*Z>0CsTs+)?=!n
zQVN}+tIau8nh+c4J~s00x)-%G`t3*LY0WT6?`(vr9Eq;lXb|TzxOj{aUe`5J1(3P^
zJA2VyFn$37(9vp+;)O3`tYWE2A=TC!`beS;{>!Q6teAOXJqUuWF~Us+>Hw@x?L9Nt
z8QHIp@d33yjNQ%?j+rY4M+1NSkK1m{ko}(BFa+r<{DHBz5B3*RMTkQ?et0x-`j$3R
zIIVD{qjZRY2j-(=dEJBOD}H5SFGlehZfFAj1us0?rDLTFjZ^D;q0?LJN@ia`@9Ywa
zatn7O?)?wl`tldx1^pMn{(Uob4q$ym$JhF$mOWQ`i6#NnP=isjp8$-0XH$&m>7P0G
z(>P3zA#%%+zFUbXadNtj#m@VF<H%F%jDDtHr&EejCZK@Y04MZ9k&)0ZK}-o?Q0`Iu
zyhD>Je#__wy15v)>|Ssij0t2W1%$I<j_)`N+(qlvnt(GxJ#chPqa>xKq;QE;qpk-D
zZ+(92&#<gp1(f~0Xz4ymX_5JshcYlYp2Ul3a(NtTh<86_!SL}&4jOsas@;=vuapyd
zWU0}gC7N&$^YC}3bQ1z4^}0K;sNf6n*t7$KdmbZ1^WhL!y4^A6g5w1Ye|Yd@9t_vy
zL0=#qJe7{OhMI&?G}-2_?lWYLWrFmeviQSn^-mvD(#D7;oE+tq`QZWFV%Ksk3fmll
zli!***45cH)r^1)b3F##jFk;K;*E^?+KENn3K0C=!Io-?fS+io#h@qq8?k~YXonQa
z$hd0obT*L=+Z?y3@9pC$WX<#zj84tJja1>p>X1KNcCcmu9eG{MrPJqNx5zO^Y|m-R
zL+F8e(hAo<8cp*u-KKHc^|6n+6RP&I`|%C2G7KZ1ZEYkugQXfjmjey`*=nl&@GLOX
zU5w^hWtYg2JnK?%)Jlw97G~(pSuwU8)>G0vWS-18P->&*@#sV?0N^zQ0qXn)F?qhv
z^I9AHYp<W5){^WR-#u^FW`AM-0GbqS^|2R|O%twP(1cYVb#=UbJV0n7xp)-}n=P6h
z==fbPv`JHR&a9e)GGJ7X_^sR$4eoXSsB)!?*xprqz6h}5tlGfza@-Wz3r`0{X_Ry9
ze6FG5NLV%d)lBM=F@5p2q>Z;TfUVL5bUhX+VWZ-@&t|2L&&Z<>avvu>Uu&fr&-#q=
z(3k%-Hwxq$fFi%gEiUX>^yX0YQ#Ai<X3DS-Or$tS7s90sqXH!de?~#{(PExrezk3c
zH?>?w`V#M(@JxyG!9sDsGwn=wK&%DFcdb_o`@cJ`TvlimiDopD(F_NNK`l4MZ_3HI
z&?>NE8}7m5jBT*)kI{kM0WCVee(WN+P+)=nK$CM<2(Jd;?SaW;@sn#0F<Yk(`Z{8f
z@IR<4+0m2Kv!1F{FWCsQxQN{%G%QmQvwfR^vq_g$l`7Wp)qp~zjcoHOnVBe>YUPRA
z8C~X_5Yc6VN3tf~xtXRfLo<VyibUZ1s?Dyy5g<&+NO%CgqLBF*1wof>@lABx#B99{
zng<%E8_|;pKG0*EIkh0|5nMUMoyF|<cYK+8QW0rgUk=N2HnRE&{##54r_l;ukxg1=
zXOsk{cKPScM)V{X`w|^=J3JaOkJ|P><Msq^XBNLe`?K_S>vOx<mQqp`Y>~O(^(SK^
zIM1gQv7)If%ts7+0%d@5XimAEsZ)JWR_7;MzsimMY!i+pDxy#K5-3a%nPGmHS+-4b
z2!_P=2bOW@Y*pq&aVZQkM|&I_Sz8zaLZyk<VE`;mZ_jk)X>(n16)it8n?K@xVkTx%
zy9FA>cG}CY*+#<}PhNn_9o`h%*7ut`*LS1}D1Bw-Y;oGmh}oZdXX<DLU@z?%X&%Uz
zSG#Zkn77YVf|(B=A;$e)8i6TmL5uAL;pb#3v4jT$smjQ~Q+$wuM4pzv;P`OOvPQ0%
zJR*iq@ocak8Z;?tf?x)4CGgVbjy<P>`jRuU%3YKs_QX^Qe<6MNoFmJkT92-Wp+j!v
zzfh=9=S8b=dmIR>Xj-h6mG7D;jD9D7_?#e1)%7TY^U9yhg}H`yhe={dT^j5(ep^t+
zAn_ZUpzd$wdu)nq_tWvc+yVHx#twT!?mNub=t{*7G0&C&<(wvY0-6)bRE%7V^}*7`
zu$|Kk+byYLIUbn&CWvd8_51}5WxI_JnX_RrXpfCC1LZd9o5smsGAAv>vf5Nf?QBrd
zu;mYjBD`KS6t`m}I9;!R0j$3;=p;%A7|I6*wMOP+^)JFn`;tW3okH5gv1$lconFRJ
z^^K-F3`n8C00w6SgN|Ys-Gp3=5Qs-t)kZ^3D_Nwk>;{Vbm3t)N+oDW3O=^L$B8rpI
zD6ZIFy@p))xQKyspcrcr{>5YNvsuda!C+i7by!VbB*P1@&x^bG;@+P{<o3^2U^`ob
zYHHE3<*g<bQ5#+XDRpC61~pxL-<z0_UDS0rOXDBjb)jgDLKi}Si+E^Y#o}c=6xXjh
zbdC$pqbvi-x1$vPN|)&EXQyZ2T8ZoI6}E$PJ=|pYj0oyKj7$j<8cm!6X~q+=FmQ+G
zqH3!D;2uX>EPHd;xyz=muM(qW8XXRYzpTZ1XL5lbgGnaHy_<`#x8F`$4uV0SOQtpT
zaM*HDIjMXi7=Rag<{}0{*#zFrPAAfPCFH3b1@Jnj8E{0;UQOKDhrJ5~zk})MyNiwW
za^2UF3hN|3){*wCqb?I)2NL5HFgQVE!}%c^=f^EFxJvEjZ_=4c3EATn-)J`BF-Vc2
zLfR1)VT{U6+speW#cK&GV|vBM%JyxF;c+PU84t=Uf)DVPPBlO{{{Bt9vNCzp`CcxJ
z$=MFY*~LM-5u<UGlC@Z-vGIi9hdpOs&ffzD;Rsh}q9q6CqW=un*avI@Wt%fo8hssn
zeE13TEJ+!(i2_#y+Z#t*=i`H+fN+Sm8v)-4+XXgN%JL0YG9uPG(f}^8anP9PGO53n
zWK+|WBn5uPjVd8nBN#MJGej=|1*k=TbUu78A$N>MUh_|TmQCint8!1MMvF@WI0>7)
zf@Hx`)*{NBMUN`e(0!%p-u-LFx?4D^#)%6^e^S6sdh`saPBRAdL+SQw#NbK&9E_X%
zsO4dGlpXBfjvxx+%oQKmhQB~VoI|jin#Q>1_Jfkxli`y^!}~32MS+KCDk0+O5yY=_
z9#J}oj94LzY=qam`;n|!39ir}!lX2E^N~{oo=7KQfi%LC<r+=U>jZK^n<0bYL~Bot
zN{-1qR@w`rLkOJUXoviCStsIv3i6$el2=9A+>rZ&-tc{<s=RD^K|-K>y<lNWb%#}8
zr!?BltzLgMmkB<v^tn!CgFcH6zm-j#T1ti=!qpb{OS2KENhGYr*5sO9Lw-M=Dqo&V
z0S6-tml^^tL{5W|u(kKBL>ED7I`li|S7`!GV>~M)l;dM{(y?z*TmW@;5-e787i?(S
z%c!(|UJd9*i3<G6GJ=<6#!|`F#?=joE4JAEXK9SQi<n2|+5_f0C5y|$o>mdrj)R1#
zKB0G}$$$fW&msw4Y-?c>2T#2I-zxFN^kW$HN`7c}PIjkf7<wMe;WR6ec#qihEl|OP
zN9>mtbOow-o?z{HI|39ma6z#EEGaKj-1T+$=6AtB+AeO+-qwze1%&dKLFGf}%WYHO
zZXt8DiTfvtH_q{j#=H}@Y7dMq@5civXI_)j<mRswC{^?M;t-Wxr-7G}EEe8bs0ze|
z2<QV&Rh36~dVRMOZ8zHt0}xxE^=POVwqZQO=0h84<RB4>o1mt#EEc<0O|LQJFp0YO
zc!!`2t;7xHa7}?j+!<afmoQ?*$(Nk!D+)RyKOFi4vHcfnZzclc;rrTzz!+G%lC9Kl
zfYW+RB|p=Bo5Xp7o%~Qq6ZM{mhSzWa(LBA0m(W{uhUFN3o@o6wk?t-)D{!80`pqI_
zSQq0qL6v1yTV)|p+FgF^NZaE2kp*CkNKg@eZr+o4LocdOK02`!d3qdl5({pL#Wh-J
zzQf^UyZu<i2I@wrApDpCH>3&7LzwbNhpKzurUWj$v$R`06weGOJK{NW>o*}OU_S)h
zQnAjMe1^eiLW>F+PSqW^1jeT;ie<4nHis^xzhL%Ax`l-Qlh{K&;PkqBvlq1n>JD>R
zAbm&4(;U5kC@wivbWGr7OA0(bC4MIhvqL3#g`k(kh-HVH;asR#l43?XnXcaYOH{b%
z;adry*xNVJPjEAlp#X0?g-z)Xn@}ZLnb=zpk;reZK6x$vEBuC3G>){R!IC+Q!my{u
zEW)`H3wzQVWbE6N3raLG&;^452>)0lU~l8rtbOX+x3ij+mVGER`6c8ndj;^+h@gd0
zDHGJaK;-QNr+M0)Wv^}%#Tm0Q2Dxqh-{N(%3g+)A##B2YFm#4&sR-;$SC6b+PV$Dx
z2_i^W)T8gR7Tc_ck6G2J#9IeY0xBea7kskqw`?vsTK&or7vF2#saM<3$J^1MT%<01
zYCMQm+mS*htlAJ1+Tdf_;DF4crWYc{Kq|X#e+Q_R+MuA{%yO>_&!}Z|4FL3SlZh`_
zD@A+9A|AyH$-1kt1{+l>_V6}yd=RI;`m96~&{pS-z_ESNAKW%vcnuNHTxrz$2Za&m
z4tY_VmofVe<Ma)XOe*bh?T24p#_#eu-V{%m#Y-_IN~w}iHN`7_qchJ@JuOE09?V!P
zaX2+gJ=d<dFlCmOw`PvcRyj@gp*BzUucdS_;j|Pf)L>9mf>Pg~N6R~?m*D!3cY+D2
zC=rMK?%A;ug(4<)nADDfjeQjMcEQJ0q{3jN^owWUx}P#fs_hJkJTrvilCr8k|C!I3
z3~Qxtk>5UfW`$c!WvYAFUmq(x<UM99vAY<|9$BwpQu8d%NPJSeO2&3x{X-&CN4_r!
z2Bi*Ze~Q@HNn|Ue7A8h6P*0hMl!qz6Jrl!8^P@AUjMfmZ{y657JRa@zkM%nDfPqWL
z9Y~blPAgBSL1@8p-hUp(yH{k{P#Rc><&DASu`vAh<$i0;)p#bC7)>Rt$nbrUW8Z}H
zbdcD*EqQ;deuq((0|UndU;+RDSiqr&q*l;O7d9OV000yK0B}C8{<VPtNd7(pKK^Tf
zjGaLmmf|3DOIu54OFLU8D<?bK|DI&hMN*3on}$@36b#TE1_wa<*U*0^G5na?#@NzU
e9b{u~{V~<QhC@OBbr<-@{*kE*m}UX{IQ|ceT<<af

literal 80685
zcmV)GK)%0FO9KQH000080Fa6~SM8G`r<)G|05CxS02crN0Aq4xVRU6xX+&jaX>MtB
zX>V>WYIARH?OS_q8#faF|A6}rgnED_L#wsZq-ldo3!R-bM)PoEr^Uev3Tl_q^1NDZ
zNv;*O7vMh2eYE=|H#6kEr1dMd(_F7<k!ZQ(a5$XDZ-(4o|NJM$dVeudA{M;&i1iX{
zbMq(+UCU^}Gd>p!k=YUdrO;v&sfB-M!ky9X=w6U(aVEtw+|z<v@#bJ(%w#65RN3f7
zky`n~V)PHAvd?-$nk(U1oC=L|y^xVsM$PPKOtc#meCIQv4G_Z4t;ziBoNK-i7CJ$X
zU$F@qBbCkMyl#LdX?~Qya2-SAjHgBnt2a|_WMrD1p)nRF(lWPx=D*6toEaTGo>bD&
zd^ws+n-tT+2n{n@ln}~>R^t8+j-XLyA`L-Uz+`x&(gKN^@Q|l!oLUtej$a0^j>1&U
z6*UGNTk&y}XY)yqEoE#InEBy@{2e?dLe3LgJ%2sPCfWA(OJ&8Q?QM3L3T_0`VkR`R
zirGZ4nMzZ&l-Zn3#Y}0zWM(W+Q*6Qa#xwPZO*ETi>_7kdH+xM&ZoOtFuZ5$IlbN^u
zQWQ=M=dayrAubnyCr-3Si+E7;a-0ZYdcjw~KRY?i)G}kzn4-x8KLt%Sq49H;JR9om
zIuBSbwB?|gxNa1UG_2%j$ns6eEj9%<LU98_>;(B|xB&K2*rn2^hV`FHEtb%6P&2k%
zE=M_Z#a+#OM-r8P2#kmdE$s>#-q~O-GNCzg6wFFu6_c=&npGylN&z#D`)k-r705U&
zL#8VRDw&DMVyk8y%$B?|P&ETeW|I!mLnKI=5Ob4E6<ClNvWTpdMTN0y0keZxp%tu}
z$wjW!84B!77%S(rk`e46h<YxejhI|`nW7@Yzc2+csq~y@V5K-_%P=pXCSBt?mLg*+
z_rhWk&-qlQ;B-KH+<cYZg1svg2kyOredepFQXm1CHxX$L957zMN?=Vf?EgZ<((w&@
zttZ*;h;47LX)DNtv+;{DSX|&{i@D{c%wd<1utCb8GbjmAxpfjG_j>iu)trqpo~|so
zBlaWiQO+a53RBu?2HQZU#a<|IuQ1Daj!uU?7hGpfs(h*n+nDsy(d-1RtJc>PX^j?@
zUq)3WzhBu_=vNs;VixcPAE10{)zJcmK)8raH93f9AH}m*if4P<%l6)RvVAV*JX$#x
zKdO*ZH*vcoCpmjh`|9`!dfLtvdq?4PQq4Bl@oG~`VpOiQUKPX>L#%Z0z?O-O67YV0
zqhVd(6Jr5EF(UPyu0WvUV$MF_9kP2n_wEmYRkR>*(O?pZD$<y#EG1v+xrJd%a<Rx6
zkj|84rpR-pf#Qh0A=$iucSr~Oz}gH%U2w@!0vZ9vhXx3IqqtdI<f)9D2yg_rHO<Q{
zLQ_=+w2rhj7GRU9xmf!|78GV(2SM+Gg`9)+i-F&mwu%|tqkBV;2JSK$eAQA4mAx)f
zLCyEE`B{;X4t-w;Ek)gZ&-poLJg_M+aGZnUb<A~GIu~qth<u%F80V&!-3Vi}*mA7{
z_D{A+r3$1M53T}XtfE10*nl{um^Lv^1O32DAOPkPi9_(ZGIr?dq}hWtvD>TC4VxDg
zSPZL~o3oxbkf#SO9GGxf8l?&Ia`up74DHqh)LJBH7cS^b`$#=!7(9E;j&JLS_f3(d
z%Bl5+xB!82^iAt85bVl076c-n$r!b(Br;@6!R7*-wPiC6`bFLc?1xt-Ux}i{-TT&}
zdS}weX(~!!dk*X6hJLG6k#F!%0OH9zNj?<bT3s{=l|TKDl5h>3E7fRX=nPy0t{c|)
zd|bKOmJZrgF4}28rPiadUW{`IHfFU-+oP09k0q|6M^RxWQ%nHR_tnY+;^Y>553C6z
z1Pb@HmjNRo0E$S#dPUr#4Q@D=CG0<$6VTE9RAh6T^jkvg4@S7c!Ek5rw$~Q*&ww^<
zmy#q36Oi7wPmbG~32BT?XhxVH)T7@tPMAo>!>xujT-AWS;kgWa0`(Yz!A`LAWw5im
z1q^rXZpBj9E-tUQfqM`N0Xpq#mG1-eZuL(2RHWFwTN?nGMIupY>~g~++8@T*Ia9A`
zK@2m-m>Mi4f?C{nigVTIhDMlcs)T_E1|Y(0>?s+Jh=1TIY&mV<g6DmwkbP$!{jIhE
zYz;<d*nP-+zX5yvbp=oRRy_xb+P{OHA0P&IZJqizfDV0W#e(QSK5RtaYth!P6DRXY
z@6n{UHDuV0Mh)54q&J-Oh?DNO@3(;T+ciB!-G;m&-t-YoiPbKt*~u%~+tPbLKA2zX
zJkYCF(8zRa(^}wfb(*F;7RS;OHy8GVt;e{v5$V<)dN*ggfd!ni5pT}5k7MZlHwXo%
z8$(p?qUJ^@L2@`psqj@+=wX}#jcX7YGsZO#I%0o^91JlVMxS+r>i9eI85TlNq6qdv
z0J<altPE_##xu~_^U4cD=ISztq6ime9F)YR2Wwn|C$EbZ^Fqcvix93dhcD{X4pY-n
zuPvwd&Bu1IyxLv{!20REyWUHjr0Ydfvo}zmXA;FiB6I#=1LqJG*uY++oCg5VTrICd
z%0Wqao$&j1LtEJOL;b4)Q<uk=4b0Y#7@MylOg{HL+I|`GA@IqdH)SZ_t5gqF@*IHJ
z%ON#skK0#S6MePZT-&#Fb9h~^QgQb2{fXJ|CnYm|GpLFsSihNb%DElhaM?9V)zV_E
z#$+~ifs|}^!)09RD4<!}Mp9lfa)&OU7Caf|9Si<?#(z8JZ3}R2lBdDK)qetX=w$5I
zGxBSRbNA|!JVM8&vW)?iK<Xl<0#I8Y0yO%bXKwhXOV}IicA6b^y}ky}unV-nk@Y6{
zZOf)GKEf7)8%qSVoeAbQ4K0EUt`<gFC#D35lE+`jZZx0GWJIJmNcPOtMzMM=Ytx2V
zv=%93IR?wf4YCwps4Q#~OoNy>L&>5efGh-bYPMpgFu9DRDh$IGoPg#din#1V<~U^u
zIH<f+maa5a%s5IDONHPMa41ddd3QDCSR<e(Xur1dA7vWj>ZzLp%rLbnQft;d0{(fw
z-n7>6w)uEHHNOU0xQ3ehT0J|a4Y+k>zxRnK``WHnb^l6f*A%;{jt%9aIwK^E3&HV-
zXI7;3L4nKw2rpbsa=NONzQR#cm{W+%)5gP$yeeY)qYWz;V#9hC{1n)e77txkbZP`F
zU~{_U8uF;KBE|C@I+<8GI%iUYxnQBkui(a-T0dM7YgHAdZmc!#eEp$Vt8+4TGpyCk
z;dQZA#o4ETwb}=@C2LF<m?DWqPA>XV;N(x{8tGMwlDR_wRZH`C51?XUF;DW&B5>!R
z-~4zyT0}p|`0=6AuscDu(x2$$;HT!@hD+@G2I9XPz~v$k1Bab)i^mJDWc?;9Ou<uj
zaL9NZL$m29(0^!{s#f%yg{cFFb1(v3DvF{*6#ldhA_1MLf#IV9MPRuAogmzdn2#q;
zp~xQ?cU+x9aL{0;vBy)c?B*^2>_4H#!|_Y@w7}XfGZ9$3mTHn+pv~j9HqU5iP!0{~
z;)BQ{@mYB@!56Xvs{%|Hc&4(|!k^Cv1`&890_U?t986c(10o-w!N3E!V3zXv+`Y`J
zyDjB4i0X#JjU(W-EaWz^TAkbOz53x`KiK^Waj0MkHwpOK7$F2~86b}+xdYSq?GRkU
zG`L$HhL+9Z;S<C-4r7s-@NC7Nf`p!-fbwFRN|U%U0S2-Tae8w*$gD`&QvrPg#?fN%
zd}NCD0fyDMYtz>G>T=B#09S}dAmPq~aQA+wa*??j7X;BD!jl#6&jX25rE-q85Pn?M
z{QMSGv-Vg4%N5>EgU|&)7Ym()d&%dt&pL?0O_lQVPeCc`b>`dxWXimo-b}8_Jeh8a
zOt}$wKLYP`6p$l;?jr7wMG6XBQX07%VBj3}s&dqZouL~AX#d^!&)KZVXnQDK28SON
zh~J17BVxv1$`Bdl`CPj+!sXiv;6s^it0{U~XCfR7iL#6txE8$42EN-OmQ%BO!DWsD
zIX2|k&~HN&NTJ9qq#;<LBO{E;tgE^sGHqVs@{tFP*QYkPsB{Xs4osw-eT#RPg8Tbe
zIMX7h{OolZSQzZ^{E>@M-dcHqN6wb7Ql&>yg-$8MiseuepFlCJVq|Dm!1yA>OE(}y
zEL-CdaR{*n;v1xOKr#veAV;TQ@w*ShoiD=O9X~#(NCznEfCdGAkO9CLB@o8qpqe+R
z<_+AuCaj|@yh)IaA_E_@=6dXduxbd(s2h+U@~o6`wr1%}a+;afu@^KZAdLx1^$Vx)
zJAC-?s|R0x@p0YL{X26{h7Js|5&$a%<;QD`@BDAPhXe?RXDFgu_g42m1#iXudG)N8
zz>zzbJ~%Y2zq>PfhySr>kTYW~9uKk;eg+OjOTbr%40m_X5b3B0a9S|eJQ7#}u@N3?
zg9o9~n6TatLaJT$->18C&Ter&Lamd`SJKGwWNgwK*Cmldt*nYv${xd8^j|4x^rVMT
znP9PWmp;YX%#kW`x^0GDj%Xe<M|Vxoph!iYDQ2`KvVz7*))d;gYJ+RdwVG0HZP7I}
z9g}%fK?uAr3@pwCMuP5(yWi~{jWuXaD)#C6+BcB$osM^R<~#IfFMV^iH~tR&d+jK0
zgX}Q}vNtyP`r(SjqNJc(aX-6DaorW8wVQLTPVLIgMLn-uziD&!=@oH2f6Oy@Y4JuE
zgo2G&A4!LA&_qGlR~^o+<glBUa@GX<d#&gAW!^zCrXj%9-4tX3mdJS$XlYK#)7@Tf
z+2Z|E2#)1>Kza88QS~xWU?#M1DzD54FCkjzdXAw6qJs1D4rqH&i&YqR-c%ALh|I~z
z6vinIiR`)97-GgA%#N4vSdqu>{D5q}{FWkD(BE6^6oo*q8=U)Z6PgCT!u#8F76v9<
zUdO3E(^$J1)89<75An(uem%jCvEn<pafrCKir;2M<)f#qt%ZCF`u<1i`bX;ee~`NV
z4>-d5;fh$f`nIeaCLeab{?LQf&dJ!#4pzH4ye=@WIQvvEdAY3mB(?td57SRvox9&!
z>JxjVv10Fi!jO&K2ZGXn)AU-H9QYBefAnhndQg9ecsa^<2%j#gyHB@LwE`yv?hZy(
zj2>5v`qFrV0ot<jZq|W&UzM41b>G&VBDpWQ<N9lpuKdB3@#$-3_N<uR!ohH@4Zqh!
zqB<DXq!w{?GF&eG?#_n0T$KA!-Lr>iniuVF7wWG$g2p#Zy%WH(#`Zt(69!N*{P5sI
zKVuj|*x;!tM_}WyoPJr)y!O2VeX~%mq4m8&ueGxBq2KCK(WO2evy~spkWAq(`2W99
zO9KQH0000800o0NSJc>EqLeBD0Obb?01*HH0BvDuZd7G$aBN|8WiD!SZ*J^eZFAeU
zmj1po`yVjw&XwIUWxd)`X4+lXX;M#})EoOYyW@CVh=e3wQ>02#cGWif+xGw@_=*>j
zmTk2$ced9dfdk;+c@7SM1L%)`|2Kqo{v$BwWPx{Hp`CdcE`wJG2hp4M0=sxd7Q_wP
z`1h4h+NQUNzXb=qPIqi{21ciQV3DQct!cVTvRFDeB<+6%p8M6#J}bcV+z`I~O#Hz1
zTv|@I-J$;%e_xOgTR5aO_=CQHS9lf9J)b6hXPdqkc+(IWC|E6*o*(|#g1@5`iiEIY
z7PJZh&2`~9s}Kr9VO$|J^?Y=W9q-r)J>&fNz46n<4$b&Es>2fd80rC4%+$j1OdLj4
zj$gscaJ?k7h#>TBcg9Pn&9L1w;?BZ3eC?*MEi%O`C;S;ZE0*udCxN%}P4d?FR?FSJ
zHZSEmE32fESXN;A_A;*1&U-IJtAJShXtD~CONd1*6nbchg8*TFVT9o=XdnpDFK2Nf
z#>L!QIhFxgjqix@1NJS`gKWRF5&B4w?FJ#i7L|&^IYGbNd;V>(#3nI#HGe_(bK9IF
zJ3tok?K>!P>U#^8{OlMd8FqNRKSzIj=KWL_Sxvu1Mb=i=6#x+m+--dzGlmThMaV?~
zhYRnU02u%`LQz4nL)*tI3$Gnw(!W~!DQb3G{CjI}?^@sXT$2?olcTLtlRxtEkP8)M
zBslYC=-9>1I<(CI`jYqrr6jum2H7rgX!iyrTrHJNnRwo9*Px=Cbs;4rqKrh|9r5pM
za<Au8wT8dv&84v9Rn@kow~@BICm|JxF6TbM;nTK={!eVu?yzs;i9@m$jRXDEq9U15
z58@t=OuWJWY4D`R5*mh~T}$kGL1Jxh@}jPi(so<vm)2fl)OKLdupOpJr4_$P(q%=m
zmsx2^@$aJ!+bP=iQo_ve(@zH<NU^d{Ja=l(POWZMP~3}|78ep`>zDbIttIVM_~3%Q
z@cff#7}OS{$doNol1y4W7eRi5lvEQRVq14=?fU7Tt;80ze_9fsnKbO2LXO!y3=R?l
z7PR(J*8C+O!2a!{jFbyvu6#ROCn9pSqGB?Qk~N+gRk4P2s!{2LyDJw<Vp1S=v%`d>
zb^EOYMdMogy4;3k8m;}6YyY|;kx|*Lrhq+JD`I4`%6D_n&P$8^uyfzDR%QaJxV|C2
zCAo@ZS-d~&(3-dQTb9{kf1s!V7f}OZ8Pe=5>+5V?A}N&`9+fBSUf%eEf>J{EL~J_-
ze^<cko}AY`J+Jj8De~#5Ew2F=@mHjFPf2aHYE(KYQoFaU)b3TFcCRkAbFJM{YWFHq
zyQm<}u$yS4zX7m^H^=9vHz%tg^cG3>EE~0H6SY>(Q2=Jud|AM9jDEjZhU;VB$7?2)
z&YgE#SJ&C3kZw&KzJjeUeNVL8ZPt9ToNPnODMa;rmXXy_(oa<J9Iz5$srh8J&YIAL
z(u97jVnVOW+Ah+!$;j+9r!PziZS#1!42oDSF<GR;5{Zjg)$sR!-knvYuPmvQy$abX
z@=CHP2-(vTve&3VVlhfS_NwslNruCkd@LGzDLtBuZqGvx(HK`mj)WfZMArDu@yy%P
zbK`rMmxt?1-=57#jvVTQC2DBpiin}il*QY`!R~Dkn@wn`Np@QkXn*t{1%din0`(g-
zS}a6KpT4M)Jfql~W&mOS^VIR~195j}3#dTQ{!<Wi>C_@<zbZj<m9I$9rPG+8=W#VE
z5VEf)WU-YJ$SKgMC0#|DDd;lL(q&Mog5qpSf(*n28ElLogGvM$Y#~7gRS7cKT7nGp
z1Sz&s2(o{EIIB2hl~bzeBb2OVQz@5%Tth9nhD}-{mZId^P|UUA#<(`D#I@lTa&1_Z
zYs0PO+ECB6Vk>2sQ{hq1r>YE6aOP0UnZs&z6z5a2<WS6#!;P`zuo6oSw~!@=RatVl
zwJbT*v!vL{BFf&9@M0Z=WO3?FJrNA^38Z`}$x)Femsr7^BQ0}|YE)UASxKKGF@26U
zMxUcf^f}r>`W#iI&(YS>=SWYVVk-qui((nhPmYE2o_qooee!ZN^hpyd=rhvNXH=ug
z;>=3=jKuUAZHzvnO7t0RA$>+w=`-3|`i%7SDYjAoHSlmwps!}0zg7%E#Z)RH2_$OR
zRLG&A)L2WYaorY(B`A3{7V~PnF<y-;@oKz<yc$>K)p%=pHP-X0*h;Fh%;$Iyw3opt
zPmz?8+Xek8jxqcgrz&OR8*gH8<pL#W@&dlfg||etf0mum`-uu)!kXvsC06W}ru6~=
zMSwQh>Aasb1}N|PGC)Q3F9EcOKs7+)J;AODprV+e$S+Z#w6{r=_9~(DN%jkCqO`PM
zDAukLrM*fhZL;C`G$<8qFcx80P!o2e;O`GBhZI8xyTVjvj`gE49vx1PI>uplI5h_N
zXl#rRdtKvjdN?wNooWAYI89Y5my_)majKT2)@nOlLf)}M{E+73pe|5CR=A|}XEET|
zS5ZUSf*d^rsUBp9vELZs$pHjfmom&{?I}TBgk?S4W5e8U_tbD_>3S0~Ak)Jm1CRRv
zcWZ==@u-W9(WpBdnUkYFo>&^Vm&}kjl^pIWgTEQL_bS8vNk)POa4(GpD!4Z>=uZrH
zk!2TQSr2y}TG8&S;m*=cI}_3yj<L}nVAB|k2Zsj6-JxOP-lW?dTEi)sXy9Iou@I+{
z!(A0?u^G7cE5rRs;xHP(y%dX~f_syAj3<V>C@@2WWj)*n72(d(4JSvv>9BWXkpA=#
zoS9C?7>_$6V?+j1Lb?MBk9E#WDPlsLN)C5b<iuv+KBx@$CyA<P0QXX4g$nLXqAQ*l
z?xHXY5ta+hp0DWXyxD)Rh`%oS?j2#Oq(qjkgNH}hG^a*?I2aiN(jOV%%y$9vhod8N
zJRD7j<5b6TIa#=iQ?(?uR{QRvpy~kM5$l3r-<%i0E~#Nlrm|;o-RHlm&@OF34()<e
z4|3h-zcxnu51Fcz!7gh~3G5;y>%pEJgz2fl9(nH5(XiK>n#R$nb7Tyr9c)a7eajdO
zN4@bOvG8PMX~16c+{LNnU{`tW8v%Q-GT5KQac=<jlH;xddlSd~X~8b?+eJt&wwf1S
zY;l7I2hCUTFXA`l#+K3|(bu?japP#);?wBK%?i+-tEkQ8L-uNJBuEPmmcDmqTTs?P
ztggfx;tHjH&eD#n!>mE4*N^TiF_u0l+%*s%`<EXzER7r)%A?#(Av;$>b|jZw<TF}i
zNn9)V$xYS5-ar3YPL4xt-r`xw7G=?}m)>`Aowf|R2r3rZ+4~3LCg<)oDC{C4s&-^@
zy`y_OoTs<A+(rF~awqti)CIO(-bwia(c@onlN1yyEdx6#qS8U{x*#O&FWQjL`HzV>
z!8ZZN`142ppION3Y`S_x$bzE6;r&bnO7!d+oxYHsNtOrLiTu%If$XLfP6XWAE;H6|
ziA#Lj{O744jf@mYf&}>gj8C46(?LqRbniy?f(l_3S-#K?ov7nq6VNoYh*;O`YNXul
zB>~!fWBcSDJI)@uvoSg&Gi<KW@eDduB6_)+ICd~kW4-edCAl*8;2rjFE$^Q7!R4HY
zYBh~3l`#?UFYi7;Yi~ub^dUH~oi+bV-})jsjyDS;<C1_Wx%_6I%ApVhV-(CM9`>zZ
zADMJljv$jA0)s-KAK@)_Eo3h!&gkt)ci{EdGX|12x}4hqn%VG<)otPV?1Ci<Qutpe
zg4NCQXV|rWkAM{*H@-Y3BR7Z=1~K`N$1#sgyu=gRu_>V167|k}yqr_d!xq^E{s=Kf
zA9_0tpqXE@a_NQGiEK1rhtTVv#O1QQ4gs`Sb<n`FO>jV%uS9cxa!<U)!gIOpIrC<p
z+&|-si(Z4JFk!OnT7ZLZzCoV^1%28nrjLCqG{*tW!Nwh$YDZk7&!X4YVr>T)MhEf$
zbr(j*V?a8EszO`8K7*z{x!EfGi2~0L(PWJ-?FC`>k6IO(Iwei1tdq+hK74<CiLe>k
zchJl&S51`XIIe6YKWYI@oljd!jWtji8$(uu6KFr66E{L9AAnDTcq}DWL{xbn+{G7U
zNy=hrp0Rs^)nWld=<fub;UI*9Kg4DYeS;SGx7}P<>=ko^ef}36WitAJd__s$B0TeU
z`yFdf(wES25AS4ZlrN!w8g(r9221^bcDaMTr!w@=VtNS(Z}M|kZ+XwsKCIN8Q89Ml
zdUVDSu32(fr`72je1~l(8miYakB*KWAr4ox|GE-Y@7Te4>>a;CQ|tsplum46cff5}
z*a3C8CEh1X#U~NxvFog&t`tv^tIP9O_SfYI%UA!k9ne_8OPC~6@jkt>k~&QH)V85a
zLWH3|ee&xHyhcmnA#w3>ePh|&;rYlbr_3Cf-m*q=UZe9WJ(A?X)RPMR6;X(WgiHyQ
zQd-0zNm6-AA<)?esrXF;;~<zrPg*~c^@A{yMF!ZINGQ4mskxgKS($n0psNcKU5RRW
z=8CQZL>@RuaR~O^$h*fAZxv=lP|4T3e8~ZF2JJ=CV!G16)*Pb$8ek=Dn9dx~)di>x
ze56w?;~u7!FunQ8n}pbQjdV6@TLxg>fHL+PAzQ1=Cjd1zW2deu0>vMMqp8Fy!i)?G
zXZ5%U$+FStS#VGRz#*NYQj=t|89DTCbV07|u6{$TV<~h@&vBATYBW%y@9*fxHvj+}
zqTQ44-|V4_bpUe!v>-u1m*SXQK*&AJOR3Za6;+<aw&{@gEqd>TFla(L5XbOK=Wgsq
zTUte*U4=_$!tjp?K`^(al(1cvHoEE-{(Y}U04NfMRgDViqeeusJkf1;p(#u~K+Sma
zjbjZiusMe|s_<Cu7M-+6M`cAu%Ar>xgU3PD0)+Z)4cZFt32_UPbG|UjI!Pcaq>BQ)
zKoh%E>0T^^UbgB(cM|u`_C1$cnSFFjjRUQ;2Sr2G9dBj9WM4rRg;FZ(zK1x7X@dcU
z9ILb<ZU)PZdLk=3)zQ1i0NU;>T4hS~lJBK5tCIc$V{8W@^hsPr@W?4={57IC&gOWN
zkcqFui29wQp04E-wGjUmu-Az+D3}#B><-Z7$$8AdZX3PBx4@^U#+Wf49N0U8&e!4G
zbCag>rmO<02HJ+HN0+zgzvu<$(1cfL8RaqJ)$q8GUK{-{U1nMZVI&&hen;Kh+_1MB
ztSoP@Se|kK$s0)xyXm7u8GVG;tt&H3fr1}xc5||(@Hj&<W}PY)sB$^ZeH-QrYZw+4
z<l>Lm&(A+FE1D2?mGOs_EAC5*K07m7;N{X;mnrwEN)wWq_73f0bUz~@GJZlPncl=j
z5Wl@#Bkqp)_`W>@m98dW+V~BU%qw9gC;G3!$#AfMDIW0;a#uYD2T;v}VhR8F2dhAg
z(o*?<bUvd$x}UX5R@t%WNtPo{yycoMf}b&ktFuXc3HnH;;q;N_lS3hEP-7z&59N^u
zz^z!c?;w`);MKB|#8e7a!QpRi5Q|O*xBwJ`)5sC2VkOx&0mW{%k<2)~^{9X=Q&pAs
zZ{K`mUU)!Ui&BJ^PN*{!v{N4%-{STHrUP-|$>rqnvUy-oKOg4onNriTsKk@3&P#G}
zU>gCeeInV26$Dk<LyV-Uz^hcbahuaItdi_RBOp4Ut`q9*qy9cJ=bi`t22*)#<@e*^
zi&_w-<*ZE>ju*2Pc>NBjDR@QI0T_f%3$r~0ya(x-K1N@E{oTduufJx!1_KHk_h1^Z
zK3G!vr&|v}`lAo$uVMUSn;PaEyR&FW4q@6A?P0i3NQiv+8`47xAAEjj5e%sw!gro+
zF_&ncm6B$Kx`1y)ESqicfE@6P=oSlh*BK$vSQ-^Rfu6r*0%*(PCQZnc&dX@!sYdJw
zj#p>tl<nJ6KLJXrEO{l|1~t8jIV9U>f)`m%JQmg8NWejNv#?`Z)aPZ8%B}}9Y{2Z>
zMQ6ERhM?1vIWcdMJ>^>E%PH})W{SD;s$smn&ODP-=pqb#OFf`yhTQ8wr@5;T%nXf;
zi5x**Df$x|A#~;<h~_HX^rYSxm3msJmFtB`&GwNm7;w`jb8WDqm;zrtg`dXCc!-y#
zoP1Sv(9~0aI*wT_r!41?sT1pbtBQV=0`fX{O5{p$Un=yy72R(K3mrb1J5?y8>`@hK
zLA@%aTGifEZBOb!-cY}de&(H%vi`BGVusP4c;eU!()l|!O^*%siQOq|&?hOEo@1Nq
zPp*DMVTO^=rJO3`$)Js*40%hlfnA7&@P}q{NusC{G97h#haJ=CV`3VE{=_tJmkbTF
zH|_P0dgd5grmQJDcWF>hw-~0COUMIea-liW)X}bl$|@xSsS#MYbgQKvq|%=q({Gds
z0vc)-7XJ=T)6(Qf0+;WWX5uKkzrSx6{bXjC;QyE4P_a-yaHtGkBNa%ab$bgObB8*E
zbx<jIS$b7?QB+<@Qx6FVOXyH)Z;jB=B+G{4>Ehh^pH!gHwsebiH&{A$K7_aMgBUE-
z{vaP)oT;QX{tRl(g7#QTo;?ONAGB8pL9G>Sh?3aM^6yp2C5Z)bGxJ(!x3Z?NejI2l
zLv8nx%J9H#F?n-_Bol2bNuB%o16kPbwSfB~W2dpIN!1b@NGc`#VX&Lzm%%DlMq_o$
zwSmcv4>_<xxz&E!tdNPDQeCr));umFzmX_vz0R~||Cw3$%4!YF0gL|rQ2{cZMiTQ}
zJ{fQ=%FQ<=g<0uGNj@z`vw30*aKYxLnfjKa$scMfxPTvZreep+Z^~{cD3_O?KSd&K
zM=^D&If7v0dIIWNLY}qoON|L<H#_dv81J`woR=RbQHv5D;Ak2UFF*P5_j4{DZYZ?Q
zL~ZJ1^NO7Zjnh!gS*Y(M<VF^;Q=oGOsyhL>!X$%!ox#4=Ag>$TYY*zlU@f(W8!}6k
z5S(Ls^<z8_vDtaDW@I+DQi|g`atmhiD#(uKJi_ssddF&Bj?+BKaT?7rn)13tgJUx_
zkIQV!F`4{Cq5wuLjY%)7tXT~D7ZrQ1(zTh{;ZPj%kT0R>4|S*xb8LsYpXCt8b@fit
zoDVB^PUZ7pTXEQ_$^j<*nr_|mUR%-hO`r2pp-6q4M1G7!eS9R}G3w(Ym5zxB7nmDF
z|Cf6_U%d?;2WfN+q++Ceod|jDaS#1558d&O@&aK=%%(a}b9_VBmtWMejk?D*9s_)u
zV;Q=o<=l8!uqyiF7TWRPi#lGRJys#^!3`Xv_`;4)h<1y#y4}n%iI?LMj~RCNc*i3u
zM%@WfM4!shc9kRTsvmo(cHBV~idQiV@1e&V{w~KF<N<iKg73ufUKPgZa#ud&ctY(-
z+{w!^gqLFoFUJrzbqryH#}8^#`Q@0wmv+pcf}<mLm8&>7m7JRj#|LD-N<}}V!Eu4V
z(J=wBcT(9ispV}{3jeQdm9{&~zixQHYV}ut^JAJ^A2{%UO?mTq?%wU?H}V@t0KDA2
zTL|#^((c~v6~d)T16E<}@~?OIZciKyUn6KI$?^a@Aq(C~WH+U7B4C^D-Yugl$(IHP
zeIV5J0P|BVI_UV_u|#C8;GiVeOOViG1PLYT{j1-(E7(Lwe~LEI{|~jwrL>Bvvs>t`
zXsDrS(4TCewdhhycr#hw-~~qC&}G5Z!o9Jl<TpDAfm<hho$v=Q2-#VH{Z?x)EhG~&
zlaaKEYa3r~^VMHND``q)ooJ&wl8oD+noUP}@TU$cvvbpJyv_G-VLfPq`f+6&2qxo?
zU`?Msb%3IXzT}S_9L=IJlkC!{%)bjdGSB11d-A7FufN<iTxouy+;e=K;IdSFgCMgc
zbG3M%BzcXvpG=;YyN0#b<Guu~iIh?=crD5I1fYJbyM|@vGn%w2Z(~wHx9BFP;cRJ$
znd`Ym6yWspJD3*(WY(E2pXkf6Z}J!n5?L<d(nSl3vvfJTHgXtXg8WM(LQ!1We};Gx
zd~^Ka9g9{v_wI>*F(;0*pZ@tV!dv+bRC@p9?38~`|AY^6m#LYJC<Q9W;soP`7^cH`
zKb61AFPsKZCrn62@j_iQIt!J}BMS~<p@vDO26!G{0Zm*3I@(A|GnSxsM$c%qgnhM4
zU!f-nl533b`Y=xZ$URK`rXqjT#ICZ*m?X}|ywKD6&N>^+5CuP!Hjwh&tFlb2jOxls
zA5FdKlh&O|MaS(ViiBjg$5qI!*A7-@fgLyR!Cif2uo#wPQ#>|IfO5~J`lO~QiYH>!
z4{qYPkN5bFF4PfmKy79$GYsR~eE3oH>UDm9V&Y(nARZ(V{c0*3Tw7XIw2FHjl+=`4
zJUF8d+GTMGQ3L>U)xq8(HgTZ)hObXPq$shn;l_M$0;kzzUO4imOj-Nrgh$T0<eo{`
zWlf4_A+(+J$Ddi)(5H~=`ZT0v`{{~tHmq)8yY^zWK;3rlDA}Tc@|dAwVO%vWPh~S7
zZQn#zKKf2WJF$cI;!!3JZ%B1#t(J~WPsFmO!-UNaSq!g<X>>5Pr*R5%%^)*qBfe$N
zH|k^mA_<|UI25BBQL|X4vM@%M2R>-|pi3Yhf%sFO=ik*2@X^*nH0-^^=e@+|y~O7=
zi_g>ZO_$;^EXRpB&_-KQ**a`z$lqTj;_nFp{x%!$CjdlsXFYu?AeKJ09QgEkytuyd
zBRPb?2e%t=KOQ&YFS5i3ssi)Tf6A&EbUInVXwgS+n4+h0tYG<(F1e(SWH%&zG%}R=
z)lE#d$qLiDxBt)Hl|CnqEct(BV)nzn4R%%_biVzBZiFs$0Mf*Z384doP9%hmzkUm2
zyWKVh+&w)rJI{)aHb`}3WoBh%mg<)Pt`=7Y_%2EBz1n$)jJsc@{<V)lK2!bj==vQ;
zA)l^~yaV~nbbP+vQ>o8P$Df&w&#m5nQ1`jY?{s?6`@Rf_@V|Se<9E(>{`B#rgzueL
zyq%ozx#S0u6u#TrXQt!Fa(5>=e7Y_Y^O@=R($^Qh*GsN_W;*^xTk-9gj=%2+^mk@B
zelv`ZW;lM+z(+0MQ`H{<%=tTHIKI5Te^Z9zulW4}CiAVZgTHZx<2O#l_Zx_tPQ-_&
z&da)=8IB)neP%em*DT$o!Jiq9@5yldeJl7+9|SLbf|h;=Xz4GX+4yg9VEhB{?h`Nn
zw4BL*3ugaOr}M8#(R=Zt>Cec<{C5%Lp98}A*ZqS2%;<c_-t|W@e}9Rg|K3=?Yg+V~
z(fKBz;u}FX-vqX~6OZr_9Kuad&22EvEfCGyjnFsE{9Xe5%;@|j`nm;<`6wvnM=0O-
zW^{gScCLV1E~(fjnB{IT%YAe9-v_kvS`)9VZ?|z5Z#|RS=h`k$sC&+={YbFM9fSRH
zy+hyW`XfOlpJ0+tFv%yF<lUp-?;k_FfBycyV3ALd$R|kT6D0EEK_WlWB77VK@(KR<
z1b>_r;kI-9<+`Ggr|T|<`9<+R0Nn9!2<o^6=J*B>#}(kkyP%8TApyZhK^bqle7(j0
z(LL<HHrV2$Ad72z)3>voekp$Y7{_-Uk??+4zUkAp+&a(W*Qutz{z3I`KZ^00YWm3y
z`tAI_<u@?i!*3I9`WyYQllW{Ef6^XB@wdu8{iI)yk4LXgvE5i6e}2WI#|`95CMtC6
z<gj>J*Ur2?v3gQOuNt{zGajd=aX1AXH(v5ROZ2DHJKgL(l3um>w$tlStv70PHU=PW
z%1#N(pSu1hlb?Qx4@C4q7`12Bd6M_($KOt$PalJWcWZ<3tFNy%7{5vY{)!#I0{ylH
z<UEM}*Ai$An126w`ulQnzG2+y(ApEV4=={gU!T6cK}-B>fLJT?z8ocgIuiGym6y}_
ziL^_Ak)NN#u&Muxbb4F=Xd%k_JkFor-hAD}Z#Ucc_2p!^TKdv(UsgD8dOcM+FP5i@
z4^GQ_&#n@Dt;Kigey`Fk@~y&ux3hPjT_yioi|>;EUZq>)pTu>3^;4J0Y4dH9KOTGd
z`MpOsmF1oGuByz1I`@$7`aW1(t9*Sr9r8@|tGhP|e%s1bTE8xSi_EiPfwk#ntuM;`
z`oSHVeW9%zYW=FlEt1d5^rn+bx9`y8`-#0!{uZe(<gqyg3a@qG@#eiM@THA=G~itN
z7Kx7{csZ(viZ68F?X!E-;9`rnG~rF9TjW0qCA-|+m8bWp#yhRv(vS<)ZVlrkHeg=D
zC^?<n%QnxZvdqD~FBb1=nVV{KtB0#vb*=KP;XN_tN*gc5b*<Q4a=X#bO#xo1e`%<1
z!?9nY?6iCR(Akr-^y^cg^{{8~kN^6g$HKsQ`p@iNm)d=D<LM`;!05pzy)(3Vx4Fl5
zetjnB>&R~ztfBLQ2fX;#k=}*S;G&!Ng(c7N?>hnGmAYSo)VK7eS0mNs%SiQwu)ikj
zt041qz4E`G`n&7R{@aa)uNiqE7J0pkFv5Nrf`6k6MW4C&>rH9AVdzh<b`pNQ$dFg6
zd%2zW!tdt-U-rMXn;WnXF-#m>%NqW~)Q3q3^!!4gc)l*BKzKv`iM|)ega>B4;KftG
z&7KYhPs-BmE;0eMvOc{NqVwbdZ}szka1YnTlCM#y-y}ZJP6QZhmC>n<Q}p`JD0Mdh
zRAig~J%JZ6<iDc@rRvRa#&7ZoxD><MvepKC(og@fHa)SyUs~AJseHOSj}vyj(2-2-
z{Ubtpqc9T)Q)P&ihu1hyDq#+@rbaJlZo%@2p&nqP-Mf*lrt@yPwP~cx4Qe?v_(?(6
zcqDHuE{|hubmaJ2-h?(!ShPEjtL=Il1xV+QRZ{J>aXVH+55==g3rZpk%QkRQbbw|V
zq<Kt#G$#{kMpK)KyV=+iKA-XvYXATL`<59O*<lr<B;(-iV6MWdfRbb_wBuuEj+Aga
z3WWfoAwe5MZBUnGqY+J`Z(AZ?wwcs8^KvV8nlT;}Jt;GtAIA6;);JH_RQY%*4xBLP
zGrVtB$yN>90}XQ-Ngh`muIv?7mUa??4<M6iMQ0DE983~^QcB~-oga4vR{C(0iJjZ?
zP!KKTWaEc`kZgs-$7&gwBg&swg?2o!gDgY5xs;C4c7S?E?YLP~rsSpa=-~Grk&^_A
zIob*zBU_yCb*ZTofntrlzN;sOYO043E&2^nW=SW`t%;*dc4N9=&8Z@IYNA)0xSb$r
zwGp<~z6NZ<R>wjscmo?{YuY<fNZJh{yYozrqBPyk(8PynB-EhHA;Ulj2YZOy$>jmD
zSsEJ|$k92hec>1xLtBp5!%!%z24cM9Y)Q<B!mktj$b^u$TZv3)#ij@iqS@l8u}u@3
zIwmC|ho{OCLP4yG&V6#nwUw>thrN(ZlZ9-;j?xd8vn*~|L1Zmjcd>A(;|{e)hAPZt
zdDHFU?QEJaq)uB+Ihyk(`Jf?nwxOdLZ**`OPh(5kEognq;;G0cfIlv`gPl(0jJykW
z+ewn@$}EVWU5MjNHXU@Rq41{V(S|>q@5n_Lk7<<D2hqcQUXRV5-SW7UOl!Xvc8cD|
z?lhBo5tdnTrs-Y*h<3IPCUFexuq%#b;|S0@W^j=$hSqG%jPq{3?Q|-e8d4?fV=tlV
z$vm*VN|z@xLKlI%cc_+)kkLGLCxX>#Or<8yewra&>$yigrqUUW8QiEJT6^CjQqLo~
zsKDh3-J(Iy7#_;a4#)XuD5!cKg(ll7vW_?>o{NCbd;o?+@;YX3LbFMCnr;-XNjRG`
zzZ*>udDxTsIc{l(PSuCGUkREMFM%B38LfMpgRAdts-exEUdQ32<hXgQ=se>jbhBUZ
z9p6(-?aC8Cw-N&-E2(Dh^CoOh#G>Nxez=&yh0>0*6MaEX#m8V9w}8GGli-L$a$Stc
zsn^VnK28KpUzT$%a?LESEI>ye9U#h4iariXFDB9k?L^MR+$}~cMl(P9+RhHrdEsN4
zqlfGug=yJ9e93_$*+hI%B<w*GHI3cumtzN*bx%zbOq>+!jnCAR79JKFic8jN964SP
z)v!3yEGD(vBR<0eK^RX1w(Er%3TcN}K4#F_#+Wp!x!f3nMhh%GPBAyy#Zfuknp^om
zb@j3J6>k|IH`sB#C5XBRF+QD^V#?&Tz4IYxv4WspA$l<Lt#Zm}5)aj!?pXt~+6-(g
z*$#&Xid2uoUUPg(h=)g0z+0$Nprat+2++^Y@PySUgnVd$k38R4p$$VqwkF^tK?DdR
z_vBD>-OBGLl`pUAMXN}hQI=X65q>!C4#UA<-(!$OEFpyogBi21-9w_vKviMI0ivCU
z2oVjfP}s8BRN-ZjE18Ao=BB*NP07d{K|I|PR79D<sxcaHtgs$Q)sSoU)^^{dDJepk
zoQuMom?kCdI+(o@seZpgJ)3Omg%ivzS<?f37Sa5cJscp2$#Zn38OK`K!Gr9$aY|sy
zY@ovtIr1pk-yJqXU!xDWz$r=Z2J*mG!9!+jdZ;jP<}28lmUX?>+hd?7xlzIHOjs}G
zESLf=Ci(5d_)>n4Y_%q|b-5PS8~HRglNkY@CgmAbFyeK!V{10zqLG*Gq<yDPYHc04
z4}DF>b!}~vVWDnOa%PqYy+ylegs+on5J2Kk(29OIo(u(9XCdD!#D466dJI1~(>fiy
zV9s{1D7WxfK^@$|)zBIp7@kD=<#vWTaqib#OomIG700B9s0!9WI4U``w-%Y@#z72m
zr!Cq#$hHzE$`mq~^M`5M#34JEb}Mtblxth;y^ZKPjP7O1T<wwd%wDbG7BS(%jHMLS
zlyWyqC*EqxEDN^+W8pUFp28elva|JJYz)I=X=0FAL^GJF#t5Aj0fw$sb?c-wisDnC
z(?f`ghS_?Q<Fg_b`3W)31wjltY^_W&GD$1m$*NlO5h;{ISBo69QK%mHLkka%F@h}I
z%<2^~X_ggMjd#Z|T|o{ZL6kHK0(?-mYgmqB+~b=eW%V^ljflhET?IR^_U_?<;f%~~
z?NF)~Q>7t$q9AIEj^0|KZOkRUn~!onU?XcdLq_6^H#Ort-qeOyVs9~W$9Je3L?ffi
z;@;W_TsIjNd_P?A9zk-mIMKuupTH79nXZ;iYjuEjvqesOrnCfuoihAzrRtpv*0Jr9
z6frpf3hlK(&Yfy5J(NG$KK(8ITRsEyTR>m-?65IYbka2&(CIA6!hE+DmuEU-7wM=;
zJ$6&RS2t%l%WYLNQNcSKg(H?=YUr*BuV2u<Oi>Y-SGLd`;C@#tf=T1Grn_q-%WG>M
zlj&i~wBAH^buh+lfk|U^L-H%(L1*)U7tIMWS<N)CsLe^9axpu#S9OdAOI(&#mTz|b
zI?Aek^Fkk)THTl$F%39|Qr9sf(Uj*jkri0pZpdsmnSxP?Q)!&xjVEhqW8-BqWdd9z
zCpl2nVB>_kcbX>!qvj$hA8oY{H?y@4c(_GT$=-;lj3O`TMx~$};qrb+0eZO|7&F5R
zSIcoZa-=nEbGtk$5+7p<bnOjme^R^4(kXB+sWP7S##4I98c4UD9>@}`5u?VH<Mue0
zE0Nn~Ol!l(X*Q|Ov@O?6Yh_BqcZj33ee9QZJdV@z9DAg3Agy4qE>{h=gBp9dbI$aj
z<a+3^fbdFIT&f|tHo>GL=3_)6W9xK!(w{sCjD%Fda$fgiuUdt>Y#ka_)r{(*B=Vwa
zj{Xo!64!L>O}*r#M3p)gwao~FLTHy`gA4*8z-Dz^&;^b}+d(HpBwUEVZY|e`o(M2z
zi3vgDwt>seQk8fZqd0<7WUIP{4=w5O@BlAYnEh-oED4zAZo?b+7Uz|HhY;e<WwL3k
zY2s2ViCU2xu_46T$PW`1j4PAI#Cd&#O@dG}k5-RCNSCw*+fe}4U@{r^zPhT0`~8^Q
zwZLanVkp#_PDNuAG!SD_7Gp325t^VWz}LgH*}#x}oEYR<*!Nfw0*`txNW*UG6kE65
zEfmQb9JB*{M7onO!CV;xxh3s|vLDP3GC!XJx@d7R@SAQm9JoSAg^ReK+F)>=b6Qu>
zabB-idva}ONsBbQJUHn;k=R3Z0A&?#DhQYxc`X+%H1WBfT^!dQoS6e`w3A6(c<{S`
z{K^rECzwO6$G~;920ZXzWUzJ<htToh61YQ3j^G5CNWrc<uo1tv78RkGz}1XscO?=I
zEqcx*T7}c$X@QbAlXx&koF+CnkJv5TdTO+jXpLZ13S{JCAQBm_WE~?%y}P6ArU|#Z
zZo4?&XJ#o8TDVs+HeO|Opr0)?f!QoS+PR2I>4;^-!!Bq^3iz}_7Vk-&>`*0de7RBr
z^N9zm!7MP^L(5=}f)tnx+g5ENhdAX*b~JOBVqt;RA=}1wa;9@@B`bCYXitiH?mXQ)
zfO{3V*9N_qHpucp7dTu1>V+Qi%|ebe)sE5Ae1TWH*)r#?xymbWaGF0S-Y*wgQLhb=
z-%*s`k_@nMd=}S(yhi<WKNU<W0t>GO0vR_jaNIhzI})m9Z3FwY1~$t<mYqqDB6_)A
z7JI{FC}nf<4<GE7De2ONr5o1V{vUha!Q(ittov64-v`V&@b);T^YDOm&bFMx?!|#D
z$+m2zR&e_DkCZG&$s%R<bkDZFb8&aNn=BTKRmEa4NE$S)-}S-o>fm?5&9%OS$ErS~
z!5`XS4yyG`y^imuN^U*LCsrES1@^tFj%MjB1q^6c1AS_}Px3Y4Fh9wg%k<d<EkH7d
z4FmPQ3gU*^Fa+eC*sRGew-F0lEzeUS{ZNi@H9kG2)B84Enk4p1y1rt@<Md7_<`Y~)
zt@6b}A=B>YV?h==)#0HSt9BdJav@1GwL_Hc3-1EkgR*Rnn;HHvDfYAJHt5R?%;!^?
zOvTtJo0uxuT9#>dp|j0pn0{pn1V7<GG$4elqim9H)egy?k|ZT61H_<g25LV$YnRp_
zdM=j6)p=dWtdn3K6sRDGCCWhj<-VLA6{yNSHZ99t`k+Nxjbg6RDtFjouT@Pnf$yD^
z^kOexTOINXeH;}Q%T9``PC;C@nB)@t2C~_U8)HlFm_u^V$};3)1N5`TMrCMwX=Zt#
z24q$#_rY4INX2R(F55Q*RiF2kQlX}R`7AP4=i5x8)Try3UWDvsp%V{}-Unf5r}`ua
z`Yc3isb+N$Y;<KVHD<=pzs&0FNam_yxmoA=SgTS4a{~zSxB1=x#EHfIzARSZ80;q9
zM!g-aYPID&I*g`uQt!|?Q7wQNk_K~0N@|Y>kxa2)9JZRx4WB49mQ}tnD5d8US_jIS
zU%yXU@f2B+;^|6so1TYL)Fv4ZuEvpNpBql;Am1MrbH!+Pqw&FgI5k(4ah#u4B!$vL
zy<zE)U6SNRkM~=BE!ck-6O{w2jFX$-X0C*iY+Guy@~ITCnVBS0>E!OPIZ*026eI_c
zXr&XH&0^VMh}FeZBD$Z?=iNk}&5OD`<2xzfqlWEHF`VvoDJnLivw}iRCaZAdy|@o6
zyKJ{v6=u!ka-g@?1))Nh*HTDY4VcC@7K%2jRhCcX_Ty-h6qrOT)oBg))KF!4C0woQ
za4oQ|?MUDv`-N<)HlGZHcd$rUrknXG3sw-lck&Pl4(EI~xQQMLi%MUuWa3PzupO{s
zFr-(y-9#O%dd6b!5PmN)U`;?byVN9{7x#xqRMFHykn01wdihYu!L@5YIHlp(t0108
z_knG$x7$X)&Q90VYy={&c@2!bE@Z)Sr6fxrE})xyf(%!MSOKU)L9RC19j;r|wa%^p
z=1_UjYxN2{F+9!AV&i&epQM4m4GOh9HK~BbZ>0y;>vb?etjPJ8+z#^cVlDz70rYQN
zXW=}ds#&nsF4N?4U1t?`+SSE=Vm8sYhhnbK&Ps_?GYM?BKBA3zr~~-zNR$XBrv83E
zE6Y1U;Fm@4OAta$x*Eyv^C=Mjf`w=`Ut4s`S#??pmU_+IV!v$a)pow#+81+VjTd1G
zquP&C>^{v+CPiwXb8J`DX>Ljt#dS!D?03anGubGTQxW(iR^AoDzz4?b?R-`4k-7Dr
z8MD)=Ry6qCFP96x*in1TN&z%Vv$Y80vU0cGY^p=KChPLFOY+o&l53r+P%aPat5p6_
zNU#gALZ8u9p}45>iv(DkSNYw0o+|<K=@*MVfh&%s{S2%l1{@iIF=DqlDHapu@HALX
zfVEeoy9RPxYw28ZSKNYmDhTEhzL6E-9G0CVs`<_?uJZjsOc>1;gWxFIP}kc<uivQ#
z*?wh`DJ2Eg@Y~XQx9#<!Qy5(cVz;S=w_10V&DF@sat&l!R4b!hVp-fL%EdyqEN0hW
zp**UzdVtq#0W5_>Ei$Q;Lt1|vA66o4f5Qr)w450ave|rN$z{9QLZ?{hWW%{^INQp0
zTEFqnh1PuA%x1|@D3h*c;{sTO#Nse#p6v~W?QT7hpH!>=&pz)@(Q8&@j_08q_cc`W
z?*oOu+i$rzO7-Jr^T~wmt_3A?{o_su0AWC$zufJ!<xSmEiv{ca8tnP+fvD5l;Q<aT
z;~s6tSf_mPPWl~d-`>iG&rls-t)froF^~T;Zf=}Tt{nwRz^7kii4%=WHi{14V-WX7
zG0G@rKKjNoM3$@)3swusk_xZs@w{r>#4#VeQdm`%M3p7raKg)CwO+e*ymsUGxyk$2
z*KN0<?8W+v4(c6SgF8Ybr7dBLA%`-?$<s$)YBtZW+II5xcK)#f7&%oJp4e71_ZJzR
zev$_0`lDOYA-ItUEGo2#fME=g@H8679?!RP+P<sXp18cA05t2--w9*q*ibRo%O}<u
zTDNld=3`ZK(AQJ7(}`sFOEA`MtNrOIn+k5*!FLt@JiRP~Q2K%+)!{g=ZKZob!Ha~)
zJMc#HXmn2A&f?m=mfM9Fh`^t;#5hhKccni@1cbo@8nLq+j7sixkfZ=i1WE6Y#c_4h
zsD!JZ5P?56_{QKHE$JdMdk~&R3gULOjGLs!JBJ1j@J9U2bsfSuy9}o;b0Q{&O^oKw
z<9XRrwCX5B3juZIGv)WulKT*uv7)9tI1O`;lgKDIC1P}h(^vt+CLlanpb1ZQXd>{Z
z(^Zeh@T^QG>{JRe0yWBTqBdHE-Nsp)j6UMjMpY>jfj@QKxK;Q0Lexd>U1tf7`5;Le
z9mT1QE6IzKbe}Ixi<#rwfll&-PngVDcpKEH0H3nbeiFw3k}$3%!y<nNHtJseJAlpE
zS^OvI;84IF0?6f;5I<z($}L#kcNA{qDd`#=$El4e+0(0SpDS9E4fFYI<6S0OrFLAY
zJK-$IV?S}K<4RICUkiFpocJ>>#1peEL_lDLnR6cLF}wyOXLt!s&bZY?d>VKIZQ@pe
zj}pWs^x$a&JK%D9XJ!{VibDyn-N5n699CRw!nXrYj6?W#;EY=?PYQ}d2Cq@rq{fN<
zeBgnCZwH9L<@7#Dc-B!IN_g!C;Nxrf!|B_AC&nRs8*s)gmxglUkics&u;k>oiyOC?
z<LMiLC&nRsBXGtomsd)PLkh29>zD-okotDuiE#+u4xDkzrKO)ZRPfq#`3AK!d<*cz
zID~Hj&bYGxQ$2Br;5B({;SIiOia(&f6?kGC!nXov*js_Aqd1iC+6`zAPF^~}w*XI!
zL--cpjJwTF35!F#<}CXH%MSdp^bNoh;}E_9IKyEIfGUbZ2(Q`846JVr_!N9=Km;zQ
z4|WRhO#;0za#8gD-1fvgafwzNi5)anZrM1Vg?6v%%7aURhkt(X$4A`?m|sjbKA#I8
ziaejzv3<Vzs_Km#jOx-H9{ssK%;rw%;u%Ls>FUze;|HT1Z;~7-@7@IUZNsVD>2tXO
zPB1<f=JGYGt2fsFdL(%lk9B(e?{vJ*Mau%5A<lRE4|(5|wLbY4c<?FMi{dwa(yjRU
zev5Gc4x#*&MifOLzpJx#53S^}`Jsv#iP0}BVw>k9?<zRR*f`L5I#lX<D)}|iHva3z
zvPWqfpQv^#k1g)&Ekom>*n4*cKhKTSHN(GL_)vGTJO9!76F81s1Z4Aa;)CJxud_K+
z_>Ajp$NO8{oKSU|W>pn_aAHnzyso(F+L7Wv=VF`5|EJ$&6V$~gbldviB_fSe*CDs=
zHNJYNdHNhJ?hTS#VIIG&as03?DiP#(6XVkzR}J`K=T&h$v+=`D;#Z5<4?90t+780A
z?jPB@!H*Z?Ok&(cV~P=}D5ey@R5*xre;1n{qY^Gp5cqd!F_rTSk7|le{}jZydWkbo
zLO2M_9av8T2;pfEAv`A7J&z`Y^N4B^Ve<0_VZ6v<jIPmw>nwJS^PrwcViLHRiYO5^
zp9|p{<XS-0p?iS=r9!WJ;r$*)Zr8xwHgL=mTm!Yw*hl)myX6?)pFi5pt4!yDCMJom
zY&?c$q1XOB&Bx;zxbJR77h-$)M08IZlhRi<D*W?osBL+@_x{~g`9f?jSLJ)!n3TS<
zDqrdwI+5RWn!vv<^WE*rdN=gdHg!!Glgd}NCriiB3H+Y6<n<orcQ>d@xxL(~Y=~o$
z`pTx|;Z`MTV;&xE@~j`X-D1x{jQMO6yZev%bQ1<mR@4Pd2g0zTYclx~0Zg7?6ToD#
zDk!YVYHu{pv5&XtZgH##oiCosA1lrzZHcH-POmrH;qJjK^qQB3XviI{CbGhNc~t1T
z`)*5SFZbIwgfYo{WuJ}tG!SY-9<Kd<cjYxD=BT>x^?o?>{PlN0SNNZ_B>Wxt<L`h>
ziIQsm^zg97J#JG$|2*A3>L7ak-!sx@yuG~T+Z(FAMSdFpGwdz;)A-*L)^;&m|2&hs
z)J1e6U(4=LilIr!W+mZ%%H~)VUna*x5J=<++=$mp9`YPqpjPmpK3E%Q*Gp8?N|-4l
z%y|d(>M?@)x~i_b+G6S*;`K5Y-n|~A^>i0N_pbsN6>w*9|0=*0KJ6;N=YQAcSKkG=
z_@)nN`Zdb%8{ZJ{PrqNeUbI8y{^|E;MeLt`|6pl*Iad7fVnjO9?w@|QDUHjIQ3;nP
z2><juS~>spyA7O2)Ia@hi@WI5KmC4-?`}E%>31jG$_yuY_uHC}fBO9a+%{<Z)9<dZ
z-}m%SzkeN7_D{bfmb?|Ahh3-Ncbf1|zuV)%6ycwKe~i1S0dFhwx3wkz^!p<?8<c<g
z9hsq9A^NA^9pRsT_fNkYKvsDF^t%(BeYb!5-4(aO^H0Bj73D=gjq9I&w}*We2)#qU
zX{7I;et&>h*qeX)-4VCq^>BRo%h?@DF*FI;tR&n|*&M6l%fvtZ?h60(yIToNz5C?T
z?+?0j`Hb{HX5cf@xCe7?%~v<cPz<9OM{kXJ6CM&_cO2B)1<|uwAk7xKZY?0cFl~0>
z#V<@d)pHQJllBBcKpq+;bD>Qn{4*SC8-h_od0o{cVbE>lO+VlgFa#E?e=)(RfE!@>
z7Za}VjV~q~KQe{ebyUqXD&cA;MBq<N(kT9omUI!BJqS;u193Y-M*D=(K8*5#S0c=>
zx<J2u%I|RETq0zca|FdWks!0Jw{{Ps)$_1kb{MTX$_PV1mH8|&o&;#z95{Z;>wz#a
zTDr7|4-gvG(PfB}%rL)J=;a%Qo-EOXCwnx3e{9->XKgZZt5ep&=?7}02v~~(3l}<t
zahlo$s$!W4{CT=Y^V#A&T{Aga=>xI;B#z+@v7vaKB{-EpxuSE63o#>ICb|W#s0|)J
zTg>-YdR%naLD;Uhif(ZsZ9@<^wJ{}q-Q~}f_r;GN?JO=^#-V{JT{wL{Ay)jU0^*73
z0>Wbs*M!#@^$ag_>lwEiiBAJ>giYKkGG^M+f@^Z;8n~R^%_2}aaY*1bXblDCIKJ4Y
zKx!`wU`<?H^?|J7RK^%#<f7=KVxO!=tBu4C8Y{PK{IforOdBaNLRWZ8%ecph=v#4k
zq=KAhg!E1FfclyEQ)$LW75%IH#MO=-O8D)(r->AOKej_uF(WbhWku{7bUVxVA9t1i
z*L^>EwzqLzU+N3W_J6?L_{f?&ME-UM()t8@MdELFT*2S&!0kG!W*U`nwG-mYZFgMn
zS*!P39K^7R(b%`y<#3f7MjQVA2Bztm@MM4{zR3Q@Id-(N#KvWkE7iho<Gb%{oZObb
zhk*{XJ&bG3^tUbWsz2Vgc$L-vqAiN~JM;M>gxT4X++HU_qi;BsF=fZeZz8J+l)C<O
z30CEg5a2}zaY(o(YR^C}ias=cn)|_@UzO&*37a3Om~Da^r#@C{`$+gm*UxJI!jvmQ
zc|WWDoQPdxGC!+*T^?K94q5G+D*;IT`ZWn{M=k=g<aYYR&p$g<@bk}?_{RC?U;Q0`
z`=N*513;v862Wi$^8bau%qy&M8%xAk&)nsC4H_yA1<x@da-3>*j1sS6Rku*pk2tSp
zA+$iwk2s$du^(}Mu(Vw^5^fyV#|zME(CCO8`(H<psLyX*=CoXARg?_k!<)~q84{$A
zPWa!auqlnpk5LJiCkXtFNK6Gk1KVeyQ$7WduFm=llrS0sd#B+81O)dP*xi4Q&nsb2
zyxvkkuV)iWQp|=DX<&S4M3BYnZ8PEngj^+03J7F<d|C&Cu-)zhdhK5*agUpjA0YC}
zKcJI)Vyn@0>1Y%}V#VurjVlWuw0iZFiSs|mX;#3UTKz=a75qe;d&$@KTL8mPEwH=(
z&q%->Usb|Oz#(VBOzK!UFwd#E+w&&oTTAynQ;Bn$?dL;^emd@IE<($4`RTZ4MeG_#
z`{}r=;@HxD>C)Q67Vt}??&t6>3i~-c;)@0Keh%-|j^>PSk;6N_-0bJ^PWS*pU*z$Q
z@+SOb-Yq^r?*F`G9$HnrcZne|-^0e0%)_X_gsbS>#fI5$#QdlW?_M(p&dE>vKR9*Y
z<z9VRk#yO=TaPmDV@EoEO7#lgIHjuick7S19ifMJ>xqToo%|d2*SMA8uae$}$PH_S
z3ULyff7Sj5o)yXj?n>FzFYH#n`(^tV3lS-we+yheevJ$E?)U4TmgYy_riTFuM?WD-
zd`ATFgfoKhAF9Q!bE~|+$3wM8^~529!69-{^lsQ^LC|U=v4h6SEgS#L8|Y>{`N)FN
zk0e}NAUDbWssjnQJ@QW<5dP@{qwFsgv1{i48=XG*l<Vh)Yw&NMKP>5IXpt)U8QP0V
zw!--I1g(GO74y$8h%KEiox3mMZ>5>HuAX}!g&eUSuaaLLqBW?0Sm5eMo>$WmT0rMV
zp3jQdk32tE+Ac|U+b=7Bycm&=Li(pBZA#<vV^qTB2?Bp#2va%Fa92~@iS`;Fdv+2(
z%kF6qAv_HvgvXq^=MjZ)9@Xtq;z1||GxTt9P2Rv7<tKaoAUh>81Xzhngvf3QNn~B;
zxNBU5ueiBz*GSd^s)pQ);;1s{_3_S<S-|Z(!ofHQBmtob$3CNuRux|+nCA*H_9qY|
z=PEUKiD7mbaev~MA1QR~r+=T?s(|a~{nXMG{M3?b$(MHfd#9G1u2Z{*sp$Ej<E3g5
zKO=NAU`J-}zhi>Ht)E=FDvoDAesYQU)gtzjOCKz4msPu?llgd2B4v&I1d~l^4+rRQ
zkIZ5B*#vgaP2eZ8uub6-?q-2I@7}^wI?K(lF5w}i<#|vcJPs^`$HdlCBMkAW$*oHj
zz)bN#xW?0GpzF-NNN|%}1a5xg416gdBy3C|3Ja+inl$~K*hK+XzA(G|RdZtYe{kx)
z(>2>cw^1_AmH{WzJMQd}iZti=$DY-{b!%0?or(O!+Z8@7@#f#Ub;6gsb*n2pF}J+b
z#Q_A<PZ69rmlOdhxpT(%xpn)&()$p(VJ$!*yevW?a2KKwo-EOXCwnyEWl;*@S)ok0
zFHVhTm`?gdQyROFl>MEeVK@BUFXCRy^@ZX@$_C#8SEOI!O74f>m%VQ9b31$S;{&%3
z-92_oPdq7Q0#mFsSe=0>fCJMq3#TWV6<EA!)Wj2>8sZ6W4G|D9BHL>`$vDK5%tHhi
zPK8^Gj8_6L=?KJ~u3L<GA?KPyxCfs8nz-dzKwCOo1HWM~hb-PycEc*>hO38xd(tsM
z+)r$0rl5DS@l2=4!HbK6IJ>DU5#SQSR1e${x{K58eH{)_JQfV;EHzDjTQbU<uCmG-
zwRq0Gdeaj-9kJsJm+X}q*b&5`hbdcur#4_57o5nxff;y4sVoD2_UJ{Q^qx;n0r;!1
zGrX?H&hWA_JL5^onRrruCcLiO&Un(y&UoEg&Kn1KwseMRRpxz@H;VQaZJ+UB^0Z;o
z8)?ib$b^SVUIxT|vk8|DCbPJV+K!BqTgD-c!8dYI^v*padn9(ySh;26pY@!~<9zAk
z*H~@@^E5r=)1I&;(9o$Js~M{mw=<vqLCve;cr!%6KdAYuMeHBc{G|71>?1|o?DXfq
zN#oxeGArONas1;8SNO)q7e4FakcwLWAA4!&aYXr=fYQ1?^dP8oiz#o$?<M^Eaq3lZ
zJiEG!Qy*&VOX8m2J<9xe34LT__#qPd1u4YWNEYduj(?-arZg@;MkQRHAn=ppnEHCg
z>oga=NiWxKP+~6#uV+s_K!BHjKqvRap%P>nQ9LhgJxK>g^&vc|KZM8oNS=og;%*Px
z)OEl+p-F@xv_FWfbs@=Y!F3wH#(8)Ras>8$8`p5$0;)3HciYqswA!ex0HQz(a7Occ
zs$Bj?<v>3ONqnW&L5g2f>!5<5)kbY4FaxU*Z=VVM##(0x?R6?=ko%G<XKDvpZPZo*
zv?OYrsC$dvzOmL>a(kWPSrosd?w!;GjR0yx0cpc33WuJ1h49r6Otp-_iG(G+*D0Yz
z@k=V<Nm<Ycpf>b^gX*85k{CM{7Cf^F;h9y4rw*Y%#Wuv<mfevV;$J4kf5V+9PBu=L
zUj2@d1d0>i&I+Pl{n>cJ<4vGs8Ri<SzaXlo1!Tj4K-FmzxBbREypGe@QwP>x>L?o$
z+>JOMQr|9FkvI<@Ay68<1X_sK!g-Fi^%Mku(Ih76i(EA&qMibSz#1Iv3<|_kX7`-8
z@HXE<Jf%tyZcAL427&Lm%=R*+s+YQTId|YU>!xEK6EG0J(8J&)V<2!^!%xaU_*!hI
z#b%=B&NF&w$X#zerEnmAsotWeb0Bb9!%yo#_<DP<w`Oj}MsJTC<2UE7y}yIk#mNjo
z;I!r`Lj>U~u!91JPMMxx<AJ>=mLPti8e=AzAdtC3=j@Iv`|JQZJ-nC7ESQTm<W>le
z_hlWA-ChG#d;#-1&Kn#`uySUVHyOSUj$w(OEzo&q+ny(M!Y2cJmJloI0-hEi98tN1
zaflqX`2QjkzF4I~hR~`Zs|?iJYmvT5B9E0sc$w0`<iUv-0`fu_yr2`jy0>iCEp$@8
zy4WC~QgasgIZC0IPp502RhJ&*rDyO$Y&o7MW~`M4VBkS_P9r##P+6Sm;-o-M9YrVg
z4^SYC7LYaQ>P3OweEun_13gWp-zSL*OEJLLjNeL<vZWM;W#GSvImhxCdCF_QbJaU^
z8edFb&<c7Rc5g3ceAws@AUj#e&Wi@#%gY;IZTyi5|4M(Muya<yTU>sa)^tr?UZgTs
z&(P_7F?~TRh&=43U<^sWaiR*d5grfe;$}cRXFu>xh+FW?CxmBSA@EO*TkvdC7Mz!h
zw&PA1k|j{?dEDb{aIUoRNTceq1xsq)#qC8!Af8ea2yd!w;c5OMp6&yLca^vBwCY>H
zH38V}Q+8m%%^q$W^41QnaaahL{5&znFVZ)Nm*^bCbM|B5W&MJ9S>GU@w<`-Tvo8y{
zc4lh+g%KPT@+G!s!OaFyn0Sr{ul8x-Xs6#{$d5gJo~`Ew{m901Ts%GO8;Zx@jkLp8
zA9b^%&vW(MpqpGg$HdcP4i>84VZ>oKpXceh@qP^tHyN4d3F7A(oPe2wZ~|6t!U>2u
z3nw6Nf7{_XqrBC8GrW9`q_>@NJ0LyC;07zec$Umd{J7x)pCR#ts(Ds3?<#hyUe=n-
zJHgi|7uIW?_wYCfUga1tFEBi{yn5M^?`6xqC(d_W;-$gB(}BQoqzJD^883ky0o*k1
zz3ngHDJ+%uPVhyZ;z?n8broK!d6T|<2!Kxsn`L}<Z&@`=AD_x|n&DAEn2LZUO*~1y
zAm)2Qgm|B<wcu%}Pfi4<8pb#wj}iL#+yzXwyO-$Xyp0p4iX(~)RSM<{@z$G9Z|sg{
zEqNeE3ZBCq&*6>7aOSD-#W`GY5TU2I<Q#{%P(>&D3oOS;iO>mpv>i-ge2DS9;Hx*E
zU_qwW!K(8FpAepTh48*t^_0;=xEQ{}@ISTlbmIjOn!sxTRlzO1=tDH0H54}7<2Q{q
zBrj>od*b$ZuMN9N!n)7tttQ?LW)q0M*aGq_27#yFzh#X6<TsZvq>n6lbgA3M4^Hza
zI#q9j@Ie7MN-;EvJ)xf-M1rS}N8?8?jp1a@w;NF_V0phMuPI)Q3TmCFuERaIKz;Uh
z)w74?pIs!p#7UeV#6qp`<dq`NcT4OKnxoW3a8Rz!$=xwwdKN?{>%#j(z90P2k*q@<
z+h5zuBw#(0U0~;&$U%*Mu)GOm$tqE2A1=I3Q8FcSu&Cou1h|WRz6Zsucj3oxWVZEI
zFHRhW!Aq~5N8h=BXBh-8Kf}>y1(^r#p(x1O-guo4erN-ORr}j70gYOyUfa5B=jIo;
z(z)yOX)v1{tw^dg*M7FGuZ>WARaCjfQd2`)Nm;8hMYC!Mtdchz+_()1tVS`EM%@oB
zRE;4hatsKf;b`<N9D)BQE9{12Z6@TC7X0-Wm;`_u{?~;#PR+l;Qa}Fv$B)pN-`;Vk
zPt5-K<4EC0Lt1cjR+iPgu4<Bymqd}JHA#8<@dv?Es`f8c=DDkufYkRhNm^H#h|$cC
ze*@TjPQ^7@06%O3e2UHIT&|k1{Zfk&Sez?gehS8_oVQ9i(pYn%QQb)fwv{&LL9=7|
zIHrzms*(=oA1CK=VyP$by7Sa}(gc#?r7W*WhFfU&97>yQ+K5U$wo+vrY{#w#l&&o$
z$HeW4wUhQaFvSWK$KP>e{1$^5RhQu>bkMmW@{$5-Jox<0nX@DDKZTPa(URa$38=Y(
z(rum-*M`dnae?}uQ0Umk&+9fkxUtJ0FDA=NsR4td*C67nKTtBO%+OxVPbzc#`;D4g
zwOf{_va8xM9F%Q6R~@~qb94bc<6|Wk{KkHUe}?T!dT|z3-8zP^fKP2g!mS%C{jX`I
z|LwA>_FpiC{`V1$W4ojxF*^N-_1l7XJ>Z_Gi{b68T1QQ^6z^o0&&;DoKCL<b;+(_%
zJQ{lo$8G1)^ZaSk6N_|DW@$KX(JM)uznBH9pFhZTIqzCUt}8OE%!-WKhBYt3tiWIF
z4)h4J4Yc9tpZ}$t|M>$|N?@M0<p)g5e-J+&!~oXVo0bRZIGNqW;GP3C$Lakx*Kw=;
z<7UH7`3dqk62z9%mV|a358|kS#JyF+&1!4dZYO}i|2cib=<I5Z-~1FP5%d?X0Dn>k
zU16caJ^oD%MZ=MdsXrkwa=f$`F4XSlN|nU_xpwT9ojUl-8$*fS*cWm0b+?;IEN~;E
zmcs^$b?|t2yd)4XMLibytjxIvH7CRDnK}LIzu!)~r|~2zlBzjv>D<!1Z}b!z+sB5t
zN@ThMf}}*yu~XCkDM&<1(g<Mdb8cs9jy2rytz!6Z_)k`&@8;A;6X<oP1E&GC86x0+
z{<{S17$g6e0+a?A-@mN?UYh2e;9&S{ar@(sAJ&i7Pj>-ipvNj3jy}(>);i#V%B2xo
zto^Ww&o4ix_|}16XWI!pr~v6+{&-vMzYpqN#qbX0?7DUDL*F<N1WINntv>!`dB-w*
zfcjtm{&_46`us!uUpu;YlY11yA30JxlKJZ|dv85rXCc}k1#IuuJKNZ^?ciLm=A0*;
zhtfPxEcg5h4`-Lr<?Qlck$DrR-&l>+p3P?~Q5M<Pg0%4<w=;hv`4$HMXY+mSi<PtM
zXxOb}uV(+hYz1<ox%PBiSH!f*3!p<jm==zOp?R+#C8ExowQ%ldRXg`?!X_DGyWFBF
znKC|KYIXr3A!A2nrcff2mw00p8Tg-)0o#%{v%tyWxsD?62}fBPPf$Xer=aTv#!jfF
z7bQSkM#vH;YOsW&iz-2h`*YFb%8X?QnC)7yT1W=Il%Oe|SB=N87u<$b3F~9q#0&&d
z1Sc9z%q2yjw4cP^;@={epV<Ep@O7gZtHI4~U4${M21vjM^#340=mBb4E}W5Q^{0Gf
zLS!{V#f%t526LaJhB9xF<3HcPf51{!px%HggaC(cfGXtp4Nin_+LC=c76iWc&EEN%
zV!mFlc(W2fhXXPnD8^g>r}qDF0*JIivbgxaFx8)o|G^D&?d~>QFE6AlK&v-c76%LP
zuP*$5#YsLp0sqZcR=UuHzwNB~VrSTmi|qrmiD&4@T&$$~?LvA?r}R`g)0#`sVxP<p
z^QB?2%=g+_w6}YwxNckM?5oR3KCVc;+^F6wXXU(};+l&=Nm{Rykxi+rHy86sIX%cz
zowd50Ejc#6XJYM4`#{EavG$x!q(qTqmGpeB?AWQ02qr`^MAC)Brk~B`>iOIvODz_Y
zY+0(7v$^-*|L0{PCX3p5oyZiXsa>$sj<zd_Oh&KlVw-(G(wZ+L^9mcvhbm+&v}1Ke
z*^=q)w!7S=rO{4oY^NP%S=*DnSWrG>nuR?xU#F^3vP35rsuUa5g3~#B5L1Wkm|wQ%
zJ1rkAiJ8o1TuQaxTg7H$)rhBpp?+ako4!YdQZ$ohc%>2BQk~68PAW`vE7tbZp&Vkl
zVUu4lbHIo=j;}ZBi0emkOh=W;jaCebVw~<Ygjix1Owb#0vly!V1}!ur8gro2QYKwY
zPRVg97GI{)Ot-OBTa{d~_ugIU*<QQf)*|^DvrQ`^zpr%$*=Z}gisj{EzuKzMZN956
z*1K$6P#2Zu;9Un|N{%-&DVKZ6h&apBn_OJjheMM+-7n>GWOpJacqW>U&&iND&CJ=#
zJop|et(uA!pA_@SNH4ybYBQ#?;d<dob3F^sD~h@e73fWUl&+^`M(0zT!aPK;#<jwH
zu<qAFL9RaBkj3qG-R~wFe65rcTBA@x=h;Mu$*f8{b<*l;?-jAi51akyv~>uN>f(A=
ztkjBwe3wejN8Qvk_Z|<oqXkjg?pNz&y($eGdvaVY<x6x{3T`vq;x^CK%e{S6Sy$JC
z#%h@FE{iFlR^)+vsM0Dr-M33UY0s{fSzhS2>MR#p%~PqZSPkwIy;iwDpz}Q@+*xIY
z`*kdz$aI68@%wUj-9HqU<y3>O>dc|CYIP55swy@QwP>?gtCL+?224+v(`2Jmh)#>+
zQn9$^0Kc(9s#cW4gL<qGllGnEzMB)Py@pzOU(<X}&vw`et#+H)W;`#m)cZ8ID{}Ej
zXH8`*gB@8=+x+ysD#rIan%Z>NIia3U_DYdMc<{~)(gICqN}QZ(X7jrQdnokiM5(TA
zI+1Xt-Icg`zqo5PyYVTMc@4<9%!2M@%H8B-G4F4M71`~{R6jjknDX9|m0CGUHx8ZD
zfYkQwZdhW}3OQYmz&J$f`7XWCsP6kDx6Stt`Pq7&RZ69f-s+YMQ$D|aAC~v!L$07x
z%`D)%wFXM2<hJijxgVWmYqDBO9m2zURBr8JBIJ)f<klN@x!wW(>IFU(pJqz?b+ReY
z+fMJW<||}(q;yD*>Wh*(0DK%cEtH$K<ina(=yh7yCib;bKS?c<`Brb+*)Zg4!U`Rk
zNs`m<yciUs`DQQ9G^SCm*^e`|T6z-Pa@*}>`#y?Ifm^5B0-vm9<=KKM=-FK~ER%^;
zV=#_!Q<~-UXe~kx3c_T!N!3$qr4p;M#r>gDPlQNq-Q0*F)5rAl36d(sLZQeoDQv1q
zid(HYrMm1dn_6zKZ+1+J9<4Wv<Yu-^r*(OrEDKeoCKM!nvSLD^;W!jJw9*G)`2(d|
zARFb7Uh2|=U|(GXCrN%84r{qgdlNp8Qzlnghd2F7Y8O&lp-rWciUa-J_vp$vG7mAK
zVJbp1y>Vh&$b=?jC6!61*?6IO$b?CXQkg?mWtwAsxN9{^Jw+iEF3rqido3Icz8{jI
zMtT%#<>qX?Fq}{t-);g`jkcy>Xgl+GnhOu+m1R+^w#v;~Nhu6zO6oU9Qoqp?r<EG~
zU8Nmw)uZiRBv>j|W|4*(E^Xfj%lEAyWNIO?Db*^Sbd^`~)HFF6*K&vVae|&?w)$|&
zb_Pwd%XaHrzPv1IS}0VIq(q(UZS=}28WcB+sRCTt1n4lAiO{(wv(gq}hRkcJN~y&k
zD7G1#w80+>u|A!s1gD*GbXrw(eb(J=*e);i)F@T2%!ZvJFaavrV0K3Tgz|fQNp9zp
zZd0$!7ERc<ejx%vN1<G3S9<H2x+>~LuEa%XVbyrwce6S<<0zx8Y)sb&OFk^Omx)Zh
zuf+4q#J<X<W_*=pL$z>)ln>!pHe6|Tiy?-VYlqkr)GL&;Ca={P1#EU7tu=SiSSvA2
zO;hdpAfgq@nM8TCtS6>xiP1~z%zTt8)?yht-fkuLp;V$V&C|15VYHaWd$kog-07^i
zY?NxvTs+t*Yt`L$Juh||t8u?NYU-2PfnL<8X`xGttxo$8pVcShS#%fgN9F#yAtcC_
zvZ@PNdR#4xWJ(2nDJ>H3x#Tp}n20ki)(g)!N<SH@$y_~JP-F4DAhXHDtleHtg?u8B
zssf!3hjLt4oJFKmU0&D9*>p^*RBG%#Icrsu8D3D!Q&H7PCf=Ag=M>3J6Wdnq0OFw`
z9bG5W84&yp4y_Eo9jQq*w%W{vacG)ugmR4t%cg?LZWe8>*D1QZ4d(_2J(G*1wRdXF
zuE5;;9u4-Uk^X)*&9%vOPU$u2TBSw~_xa^uKIwHD<$Wh2mDwUU2-oA0TD{ySduD%y
zNpxI03<}MCd7q$IF4EhJ>%(ACDebcnxqJwZ%XB(Zs;_ynCZw{_MmpE0NU^H7gNc28
zDCOyXV+1-|EtJFKc6U#Kd2Bh#)RIjWC^WqT<GgS8M|7eLeP8#U|7BSO{11S>ycfgU
zzL3c7w+ql{ofqfQYE~PWe6FeZK9|*Flu$mj7v?xOcdB0C<nnaUDy2ujG`dtjI=kR~
zBqVCUy%uG13RXGlI9(9dGqOv~;-aJvI_r#}RSP>h+oZank4rh(h_x4)^0;E?tQ4fV
zPCCPn>m-=eI+=2gN=}5ySYIdDQL5P(519V`Fyln^u(;62g5F;A$#j)16>{y_y3oky
z=;@XlumgG(E-V*fE1Bb`Dp~5$vFxm|n4}cGT3}PPOjZJ_$}Xn!E)DHOF0`durn#B4
z5A#KR)&(+LCK8RwqLyeT;+K3U8mtmYHQ&QIz;9^<`dlc4$D^1MnKow8Nogf<GS4In
za$-h@btbD*BV{V5XkHb|c{*0jkBYtcep%Hr3Ya4zTdKL<Z8}Z0R$7XM-6XoHidog<
zZ8R(F24ZVl-p8k{-C@lrlXYw@m^OCgG1wSK!Mv<)ORLa!5?)PBeiE5kcv=LEtIZab
z+h$5TKH1nLnPi%8CTBtw>W{>-JwDS0)46_#(du}<5@++?K;1@kSxHN>y4^70B+pa*
z>13ggN)5i<*cTI%K9>y5Ln|p66hmMMuo!QKc{vs5mcf06%S7cG@LQvqc1W|y!YEl`
zx73cMiglr#Hu_kLM1}aWP4$@2C?5-J(b4~B@5-AKN0$6oQ8+fXyMyTm=JsrFuLZ~;
zPH`HTH$ey?Kt=~fh-+fL`(~9SEHJ1_V0(Jzwf>lCOC?oRRvy2s%q+Ue-d<m{%b=RK
zlYBEZP35c4+jzS8B<6H}CJ4nxVUf0~m348QE?P}v$#O6+y&Oy1_AS~<r)#>Dt*zv7
zc99jLJw*l^e5b~CqgvODJU_?oo;HBls<ZG|SZ`~ISqnZeOP2LnGMWpgg@RB8td|r@
zp=M>2N{0+#yxS$`V?fl;g>q!e_vce_^VF%9+o7ef%&y{Fw3r|(A=zk`p9_m!sJ^V^
z>pYArTkM2J>uom@5)0$ZxHH@FJ(!%-M|LF<Gpu3v`EJ<L)lGc;WXOpB(`qkL3x#zv
z->SwzHVmsW7sKr6VaIh=Ln*4aLdn~w%3Z2}aTl!L;x>^|ll{yv2GF$~$^(9>fbC8%
z$9*Zf060`N;;A$UlKiw?a!UTW-7(YE7C=oUD|U<Nezqv}S*1JXBgjBiChRO!kN4NJ
z=7W@e>WCKK+_1_po-{RBqfrt(kw~}FNZ#G<#HUPey&g}Ww$qM%KUdPy<913ibG?+Q
z*MUDbVK&O?#;Ru&6J_m|%N3VT^5!lBn6{wLp6?oW+eFn^k1A$WZn-q*hDvgCv)ts8
z{c3!ktVDZls}*0)w1)+ETM{3O^EOxqeLCx@_Bf|)wab-Y?CQL3^xb<)xM#w>jl3&r
z>-Zz)g@;rD*ekI#CY_2R)Oxc7l9y=rsq|>%+x1$$8kLd!Alg56gt;|r7V}S;%xH6$
z109#wXI99t5+m)IFSIfW7+wJ!8BuPgQf>6z+k&|s_CS9PL1*>jkK0!ER>?jNALq}_
zRxVSWAbg1RR;%17Pq^%wYfX)I#l6>pdnLFRS{?FBq-$D32_DqI1{Iq&U&lB7MP}B^
zCZ3i;1LXUOe;lS+5d>&cggI58d)cD48}I3@+_mI{q@mC3RwKmsJm7|6Ck*sXtY$((
zS?Rg;GOLPVYnQ)OifXzmrMETdp_kZBrP9-=+f8pYE}KxwCa-e2++D41b+x%x=Q}$t
z#y84*K9`h6#a&cxY0sM6M6|4QD|hOy$F<mW4dyZgd)}W5shAv<6a58SWJk3IQns19
zQLE4g!uJ$F16qWCWRp_0xJxz{Nx=~BfDDUO+ibDJ+QSUcGxyNt$0hA<mIOPfi6Oue
zc_4qjHBUe0#KJb#&(9muZh2cRbD45AUzfRNl}}Va_x2tvu9+=9?XnZA8`UP$dP?E@
zfXgPmOhR3uVK(D<ZKcg<muy$rkuX^Se-`EF9LZjKG~J19fnDTV;0tkLtO&SlTh>f#
z+?*P@;sWg1ZPy&H?-CE?l6BX-6&fs3;*rPab_B_()eFI#wP-O_;oG5dW3HsSqb|}f
z!;<_sS9m>NDXD6#S}1~T0Fb}VHrs#`x$QQu^Jon=y+*lIi}K6jbR6wO)0SY>rHpRo
z07FV(OHxLy+rGWyT3n}EsjSpQt~}+{a{D1Y?nxFfYj*bBtHx78!HA~|(RF$pNr|gu
zJoMDPowk%tUka(M4wvDgjnz^OZ6m4iV$qGO{erO&t#GsRuw$o!u(IN<YHJy4J?n|W
zPF{4AtI%q^2q)#5QLbiFDUg|=F&ERx&2F_5&2Bg(v~Qz@dU!aDv7NAN>8V6?J06c4
ziL9K}t@%)`r$9$_YIQD>ZZ<?Q_9(I1LhSXPBDc@nHnP~TjS8;~E6Hiws?Ks+LCVjJ
zu<_I$mDjOww8HbUn#ydu(WIb_60uah+S!U7Q&txdp0|)MFe`2ZP?4=1TP==zZS5JH
zglW2x?aSanG@pfCIMf-djnFE(%S{R`vv3z5J>=GHSr3J+LZgu=f!EX3o4d&K!w7r=
zsnQU8k*vPm-9{HnvmH`e@Lemv%Vm)7+6wh0wDu<8iF6BObGBZWTP3+a6Nit0yv9XX
zc}ru#U3r)rfD5FGnh+wq7Rv!E<mP<2R#zIlwXAP)U_<AVX0@5y=#f4<jCD)(ZBhb#
z8`6qdu~z`+x6lNCy#xm0Nf>v9bvrwsjCIfvz<=G6jO>JIvfyjyC1E-%$qTvPu=G}9
z*t6C<E|aUVMj};7g6x(aC2WW4Fy6W$>R^~!+wCwv-)NdT<=`ejs9s|!sM~A`@Gm%`
ze6~1g<XN--5PE1<Hk0kNV)3<Xsk-GdLQ&Px76#vni}E(D^m?4wwiLNxT9VQiIeivh
z+-^5qrjjgkLSF}+B+oaw2<X6gsg~vEO(8Sej=FNczvS?Ex6|oF<?3d0^t6C)JPc<#
z!e#kJtx_>N^Wxl^_ZxyL_QZLy&TIL6r}UJ{?s5rv0v`HM;x%r<tCIxy=DfOj&MFTe
zJ}r)GY6{miwnOkE+KO<CFk++9<G4gV(hubm;CtORW<bZ;GM(Wz+#2ju2yBU3W_4u4
z*j|Fq);DoeZM9?C<8aarJx0ssY&~hV>U>CU6?%6MNlnIj+n8<E&1STZ(1oTqDrRK8
zY&@}<qR^YpfTo;Tc-$nW+%}Qta%^5_XW%G57OG7cE1LsXI9wHyi+p(5>c%^TTe-E8
zwQzcV*KM<GwmenX2AivMxjGxkuo1S()~kQxzjM{`y27$TIDD7p*|-KyNGy)_%-LqU
zQ)`qG*&fgT@9FT0D9vPj<OGY)hL4;uNPD5a3Tt`d%mH%o#JSRP0!}Ey>EzhVwK$oa
zFZ=d9zlk2Edw3ct;Kunxy*xQfx5r5%2Mzc2fPvB_oR^P6Q?03DGWNU7OHRwr7}Uua
z)X5O!>9zi#)C#9J6s8iy<rMW8KGO!L3Y`jS?_1!GPfqeoemk&<X=zu4RPEUE$T}Hp
z-!~EGb5*g!)M1p$6l92Vpo(8rL>Mjq`RC9Ac*E~GqO7H9A}(pSQ&6xRFsv&xAOh#4
z5x;&Uk@hE?7m+kDLY5V5vB}9;`go*B{66VPVtJ(`&t<}#T_We32MJ%kbvHh=Lf1a4
zf#$Fm&)JkPD`IQAF69}`ir6+-Nw~M_i1b5Q{xwXr<dHODahaDo-^{78{{GF}noC*x
z{tX$M@881C|J=J_+=%$uk0B%RP|i1^qf_`t9NIr>)^kame^tmF^pBdfQ!Tkv$YsR;
zw27MtJN~Dw_Xyj=0sfOTx*uiY=O3PiF!puhVrAk9HXfTmBIEI4jLwS}4&QG{Z#G{w
z^Xp166`Y2Lv67-8A3@a5clhBovc%Lx4{!WUYGf}4=0A&9@hdMWxY7?%yc&J~;?>vH
z9?rWGeLdRQZ@gpi>e)Vj7Oy((eipC(EM9%}9+5}A??~@aym~CS?@_!;Q7&_N?dq!u
z1gKqo^=<%V=f3sNs9lZytX+NM+EvFyea)cLsd(Wlr!QeRt%ZVu75@>HtFa^LVhEM1
zE=?RY@*0@FDp{o=^$DPM<YFE^e^tE7jz++!CWC7TPmYV^vIZ<%<?#8I_{UK29`xY=
zj^8K1`<s?5YR<b1R;wRA{-Y6GHUViWg4t02(kXbx5OfmPRb`{tC{3L4t;v9f$rxjN
z)~a1s>4qnb#V?F9X10dKtVKH%iKsJ?aa(5=_>kIP7)_kXj0wsIwX#gRiHSa~=!~eU
zFR@F2+J=U8KjZ2WlMzj3EvqV#<la966l1%c?<bbs7gW9!x4GWqtHxiC?2%W8oh;Mc
zTd1atjyaT7zwTZ&4%{7PT)!@GgTSAa_Fw!OJ^UU3{NbL5kmJpGZ+!mpFYllH2yAxv
zphz3Pa$L4;^U)^{LONIT8@{l5dhmKi9>eB+c&dKd^E`GnInGVe1zhG)$-YlPG5Va1
z07jTNEP?>0!%L?oGI%|c(`0yU+YiYQ|B=and7d==xZm{SzE$*Zd?vwvUS&UdCk-(N
zj=JcR=F*15H%&{DWO;P@Tu?BHPBZTO;i1U<I$PDJJ7xl7?Ne-weQGZXcTOR|Zq8UW
z)-S_2g~Inkd5y+#^3vHPC_nVQZ}eX;Z0;NH*kg^F{i^_{+nozckWux%B?;5)8y;h)
z!<zJi4$oy2`3#thqxVhUXvBv-UOZ%f<h*bErh|Uz(`VSHZl4LNENx%Tk8k(lHE_Yw
zK*oL`)vOV^-t#?}nJJ(j9~vn7+*%UCfj2{AMEtFd8<dxaQt$?rom6@MhpL#%taG=$
zP(Oe9(<dtE8~Ae);RplRPn*<~dD&9B_b$0tV|@DZ+b8h=W&Hk|$8Z8aoMQ+3x-`Z)
zcQf$pH4oqaA?uPclG_bFYiM&rhx?yD@xmt`YQ90pQzYrl8{o1L*6ag(l=T4q0q)R1
z(Io{POO6o8SeaP16&{QihBg3)4RFy)9!TQCUxta@<5r*vp&Jbus=?BD>H2dg_Jza)
zrv>J`q~LdGqy;ymkr>?29W%SoY(R7GXow7a;q#aO`|T6&X_5Qnn_lO9Qv>UO&Si(M
zeVc!`9q*TYx`n9YG(f;5C`(ozVJ~)Upo8#HKCDCfU%w3(-~X-O|KR~jyx`a#7PkQw
zv>Uztuie08mf$h#40yq=Dr0^{yFiSyYRHdvDS!thsRs71@n)i=il(WIovcmpr9^-b
z%zx`cbN)Z~e;^Wrg9n;nAnF6wWvwi*7Gef*fED<_QQ**KG+2wuasZQthi)bW5_7bT
zfTY_U3BqBP`RVsRzlG=DeTCd#meEC}x^TlF>I=W{?kWsjK57g<CQTp4H8n6}qvUN8
z^S)?5m+Q@N)@GG=QMT<lto@75A`$*(Vd?C6N%PBXB;E9z|Lcs`3Gi?FyDwq<_1TZ1
z0}th#<`raq4qjsQQ3I<78+m+yZXinzSy8`-@;Bv`>}Kt}D<PbI5Gg1|g~^7-lm!h>
z<Y^M^ernadR<$lssuwHMbC1rCm{MonT+5>*ol2!o&+1a2`N^C4!cLqe%uvL62)=_P
zsZ{yd5>;a91a5l&cA{@uLrqz-FYHa0_pBX4*<-r{XW;z|8i{_oL8mq7>CC)^(ncTA
ztrL-<<I9&c1hwLqGkgKtyU>C6`AMLYb%G-qQOCqyhwW>;cnLV3h6|yT9XKYgzsO*J
z@pLa|_l!>Xr|4Io1~z`N9a7}5zO_^O(k~J-Tw6F$#&+Kl*ezKf;PC!{7f8HF*CTG3
z1@8!uEJ(U&yJ!RFH%^JKG8e%>{2nb7#Eog;AZ{!N`+3)!`}@7!K9)uf@1uPB9sc>U
z8;}2VoLM>vMb|MuziVI0{Hrc6HPM`1+!akv1So==Pz;$Gk>SQcQ5m}EkeQoFlXU~7
z7oanAy%kx4`M>y;JzRrTT%yX-)otWok+2<|FvHIB$|p{RKJhVBsuJKAi*Fq5!MG~H
z!-W*xF^36vD|1UVO7G%c!sm2d;L$jvx}{(OA`6fi;G_YRu&Op0k<sNf;}YCf*EmN9
z{~)laDw1MYCIe=|zZ-w6@9)ghf>+#_0>Gk+g3$s2EauI?>>zd-oW*0nMjKXx`Ha>K
z?OfjfVOUFK0Y87rI`|fFhHHN(c6jd3{R-n7%ohsIBfvb;s-o*X7D1Ku$#VMHUW*4s
z1r0n9QT@)q7!UaQe&!fjq2Ld?e+WlFM}MKCcZA%COeX&ZS2!9}@E12csR8hT6UrFn
zkS*XZ15lyKxD0k_kn9C`?r|r=w=&#(jSFq|9PIaH-VBGH9)$e?n;$%I8#OZJrMJn;
zIS51+rXLn=&CXFqH*_FLhz|DDZ7dFA%M0!uG$wlxM3>;;`!6UO_0uwNX<NsMp3pIU
zAViI>z1=(t&Cqp+jG`O-2F2zk7W@jD?E*9WC-V!#*xfTN?9u(oFb;VcX1G1-`rrD=
z5iv+#qBs=2f<^t>`?3t`vS}|cg`OozxqBT8v4~gr(0j!P);ON4>&nvjuion|5QnVd
zy)X*?2_`;g1*omRnFzg&5M3Zf*9+1Ih|-?WFT!+IhCJ6o){GSrC}fsDK%{86)V@AS
ztSAJFq6v9cfzUL5ff7-pi{f+W3JB`Z^&_BbbbTbkMi&u2qKn8D6yKrX91ooIZ+nfi
zM;D2~O`X8_8Q4g}T~zTFbX|kO>5N?vL+2W~v8brPY*!hy>y24JLw21Jdv^o&R^jN=
zisnzR&2ld2^ub<83Y|a}(~mM)r10=H5);5g(V8a;-VA7#T$ALlhCU%?yf>YU3`!<9
zsi6#6ufLySqp}AysZHlKxWC6Az*YnccoEnCLk!0S5ie?8OdaXkN4bbJp^`D?APnYH
zF+eLRAXth-GZFi`(PV9CpQUk-HR|+^JFnm-reE^1_o6^w#3rPeIe{3|fvvznt&a<6
zk?aYH1Q(_oE&SqFc8w(QV*%n<7lfWpFF{~&2^3noG)d#^qrX1)Y7iqSF)F2gNg4{-
z1E59!F7ijy#z75Ng?U38&L*{O)<|DuuJiz?Ee>-9^8W{+{$KYSRsK_cb&({Nv`(jD
zJho?WI?V|v4Nd}jf}&*TTmpFm|L{~_d}M+qtxG`T4v^&GeG>5AlflRm1S8-lx<TP%
zlAy?ii++jTq={c1^R?sxefy9M6vMO=_7KHfCI{9Z;(fd@W9jz4j0NLMAc_<|uVdj=
z$Lc~BN815nU{qY8=;z|jeq2XqA$&&jdKB<aT>5;xTS;Pmx}o5fj=4Jc{9q|>=mhL4
z!xYFgd5n`QnMg2^T_N}5u}>5op?TQ^039qNHG8QYLkiqpRYqiNzs5a2X6OWA4mX|Y
zcB*M6>{*-^Oa{Bol<%z<BH}R8$@2C^beu?L@3n$(cf$@SgH{A7jDsyOX0!#SP*BbA
z_FC(Ekcq+zhiND%v*3(MKw@m^3wbOrWc~cfo(Fx=0qTA8ro0?DGj*Y(BMTIEjiE!$
z?nU0NBCn^*cy*csu7hd;v>xc=_oTf6a>t0*r?71JbATy6+j!x#vXr&YUw&aOkohm<
zun`3TPa(lE=1&_5f=Y6w1BYW@?8LFu7>tKE!>%bMCj*kC<vdFg*Dxse`&p<ToBx4G
z?`{h*?eQ^I#2!3W@W#mkAaerMgpc^ul}sGNkoTAljrlD#wuiG%Ds0yqa#+T;zf=Sc
z%A#*)JAN|sYgJC}%FEgJClX69Uy@Jnq0c?vf2GQidbf4A!>{;20}F>?NCM;cm=w?>
zZh+xt)PBW_-uBQQNNbl$c{O<eu?#Gje%1rK^aoj_PQZmq1Oo~og&2~S$iA-ixB`mh
z^@4dInil{n3gS}H?X-{Kkv?ZD?GQh?%t`8iJcJ7vkz#%RN_GhDgfju%aON!?alrR~
zffLSL?1nP|9dQa*oQ6-&iptx%<1|A#=VTy(*+*5_V9v)CCWPLQ{XHy5ATW1@q6p-n
zc+Ca1heA2=Bfh@eGa-uFRY;67j)EIg#8S{jv10h}Oi|IP`S)!$V3>D91w?WAn7k|h
zhIFA3Zx!cW4}(c_A_eH!aMbMVE)en{oNXiYmbk#dLOU_Xv50>8VdoxQpD}Pc7J^hO
zC|kuGhyyfO<fXa4A~u*CK#T2QVX1z<)9ZYnM!{YZ_9A;rw4Rd3xa>0qJWgpq7m1SY
zPUEwg3K*55pcGyN08X$F_88FE9MJSCB1NG!s20S&NI_20=FnBZIDoCY&Odrr--t+~
z(?AbtipnXC<9JB>B!k0k3V3=PvE6TIoYPGH`3e52^NqQeBw2p}KLvHLf;d-ybI0m3
zrz(g;MM8L_6(=S0xDJ%_Q(+80X88Fja=Mm}u`M5CTfQp<=l|Jz6X&*#WO4Xk!Q*bN
zWS2-vmXqxI<*=e0PhT!Q%W;17Y!?e6AqguI-~yl&CFTG9>+U%)00x)_2<mWzawQ@;
zn4_of?&(3RDkqj$WmR*Cpo@56O1AqcJzCgEooKv;ZPeN>axT(_qF@vW{M0cVR>bfD
z=aQXM9hJn@4Yj?!+7*tv70t#;{f}LgU5+tRU!Nky0u_R@nOx0}Zj`K0$%{%>s8lQa
zSS_=>+Sn4cn8H)$6~mLga&oBF(JI*drn5%D*C(_#ag>Rir!+1p1bJa_yF7Ceghk>z
z*k2=wv@*-3XGqPML^o9f#4Oz6dcsE8+%&ANi%`H$#-W84QrV88ZobDAynXmg9y%#Z
z<N0dAb)z}E!)Ji`NZ6r@ZJz{lJc4KCV{EsZg7+cK*QrrCHDdE}(7LBIC}>x=N5s;)
zt&ppCeGyJC%4t==#mLUR8^2i72D=c8MXX))fc~9c1{<;mLA9OY>Tx~((Sn1l!9&_`
zk%~wyTZN=Q0nR4gu@FkHcw)4JAazoHTSKEaaq1enR-~?vZ9GDjjk};bLwK+#T|9l+
z!*@qqYc62Z!r(7z0yk?S3{~WT+qss2U3g|epHiewyU?x15cQ=x#&9$`4&lG#NjG?=
zU%}vJ?_iVZY<0#qVIGqM7QKy~oPR7fx6X#sg=lF58_OA((!hU2*G^$IDU}g{&#QSx
zPI9WsfPd}cC#tB>bPTYHSv0A(p_AG@F6P57iykUXziw9ubK4tG>TWmNaVCW&tMW4_
z1~wF7Sc45s4AD4?qH;0hNfdZrToy}R39{LG-|c)#Em#|1*K`~O?<+^fq#2Q5VZi8=
zD22vF|KD1u%lEVPfyO27)izuB;bL>eXT5yg1D7aKvnJ@WZR?z}ZQHhO+qP}nwr$%w
zW!qI#_v>EWccy1%t^5g@EBB6gB3?KS^cdy-O?T$kkAPuVpHmT~8qNpZ$VpMR=z3oG
zABd;{1b2h{8>-KNVXaNR7sbzGMrUjkuAr50^P1*%6hq_aCaTc<R1vDm%H=uG5*D1^
zuoGs`zd-nPSSZUpacS-lw}e+5yd0IP#I%t;ow&3(-IE7@$%@(xVr23Z;DUOC6&31m
ziJCYj>d-h3@q>Mg46eSCUqT|)?K<qv0qmzfT(MR`=`{*$C#NQx>0ZChli-2kHBB{k
z47FOybFv0ao7JrEq#ylzx2x+qh0RQ?W$<VmE7)2p_S`s^u`|6ErGL{d>+iVCs@B#t
zn?-DjM^corn9~@ua?+x1MVWg?s>jxb2W=OZXX(G-w0#}>g0Lc$>_Q`C-(L4l_Gw8i
z=_B!QNwqj%;#rxPz9sKMj!&OTUI)7W-hPvH`i}a*4!RW`hK%5|;^I%Py}b$%Wip~3
z9g>)MO0}YA=(Mt!<HO`(AR)d+wi-k_;+6Ibb*A2K-Z!tkgvoxQW$6sr5B3w{b=tYN
ztwo2SEiUoG_n=jS`$j~z@63Ph_OsqV$z-_(;w}SxjDp!dRCaw+?VKCC6fpKW!T;vu
zC0`J5^^Ofm>W)6B$0hCd`Q)>%|4kcR#lXw=%WFFg8OrQKYIL|$iD-?@{&X-qLy$Gs
z4|S8G{J9FW620&!U9gH4z5wk-hHSh|q`>M1n>iSk<8+^8M-Yapr1#z&;@$h%xd|gL
z1-$p&yDR{<V2<le{s_jr*sU2<cOmqVYWzD^a=WiBbUQ{bWE<d$B0Y%NkdbRxWqgHc
zwh#mq-Knj;3Eq8eQ>K#kuqn8gl!^xiGf(e;3bslVE<$tk^_-~UHjtr#IcHKy;gUX^
zyIebD3A-k5Qz5ss((7R{A`cHgv)rmsH!-Bi3)*Pctk*T52eO=c|FulUo@`F|cexuq
zO6D?C%ZF#p*FzWDC$QvG8SM{$GIsL2m#z@~(~B->e+(Ky8pcPm39IAV1pR5d{TIrE
ztID`mmwmkP<m0d#mokSPgm3YnG19EaH-06EQ{aOh3Mgh--a{XFCZf~a{I!|wkFKZT
z)9C5?&i8d%M&Sr*01wlMkI3X{7JYgahYZ@cm(3u|)0Sk_q5ak%J4q@oL0lJdKmsrL
zwo=@g>hTa(XtvJKK9gDWh&~09Xka?gl}4Pge#z|_r!Sl%7%p4U+AP9QAa6DiBjj)0
zW6G8QOrq=L*<c+-ax_zSi%AB_2^?oC@b809)a;=739-h9hGYK7rS2fbG@z`?nF3l|
zAK5!<nqXIXBgeVzjxM;o8{RU^>l4L8&zCoOYXaj3+V)dxh;AWf2MSu+pNUM9J6Klu
ziraWQ5)K6z!L2L<eYOxLK2A&}TWr;dU>Gc|LO}xxm-cp=x)0+5J?mWbb~C!!r<=q*
z3O><3k#%xl{%>$6Ry>2Sl&|~}!CtDU>WydC_t-mTTQiHb-L~DKd9<>QAe=79qHm(p
zPz2(MZ3c2Q1g#(PpD|w~-+c-PWifMsf)Ceo2z^+{y~VsHG%n($`O~19Wb>sDs7z9G
zjwTH%=LrIX36oM{o1Svq+#Z$FJDb}VCl5p_uR98g<vc~oS}+dg1$m5E;Y_6;x*=VW
z9~NboHKVzG^ZhmCvXy`Cb|#vB6^Jx~0K0u>4+6R!b{cr`$Q^rsNJ~pdeP3csW-PX(
zb8Ni8&V;)%W{0XvLI;S?D!`VuNOy!$bAktCzbqL_nLopO_5|zjWWLUbz1p|k<c$kG
zzhepzF$KO;h!8kx>{w!JWe=^W+yT5t3K8_1h;Cz;bqKkO4Z|@GdrK=7uYQYv_k8rv
z8c{`DVCXz6qL?=87qTxDHCHdZmrrQbqilSGjV?HOPWCqRH;a#Esz=s5Dl}dZ+h<i~
zmuA?8tEY`e%Py40ZQS%FI+R59{&K@sj*0>C>$9Dw@)A4};;M_H<Zrh{MTI648~3%_
zfE%63wm@hX5={&3eP{q?Gy+Uw!;e~P#T0pdR`a6ZN9^bDoab7T(6gWFUXZ<<48kaR
zX-9&_pU}S(m#3<vK_;ZBzlqUHC~gd5e;Fj{^goGuXz*I7i_*rH5)Squs(MT*h38nF
zjG_@d@Rw38bCt-!M%9Y_qJiQcG_$W&d&Fm*%*^zQk;A``wj}vwtIf>{h4?X5Z*7Bv
z1Ih$K$l~PKc;&^I5Fts@Yy(mdB2Fk9X+%FbFs~Q)EDzhcEgx#?)8s)?LnpLn3eGCj
zqvh<*95Ggg<9#0!9Y@?{#34n501-@2zffcn*`j9|uC85Omt~evf}+Km?RxttEw`%*
zIswY~9B@j_!${NWtR#?#n1ReVQs76~P(sY&RD|<iUnzo!J;_$HFRlSLHiLd^g#j!L
zDW1_J$xKWqk31|8W&mjcQ_O?0un@Me*+)*-qN#e=OewI4wymK9)ih9et|JAGGcQib
z5(*K1RgN-HWVJ=Dn9~U9+t*&r+yE0}J??aJXlafHDB8q#V&b+l&lYD%DkoOmNO+9N
zcqh7V>A6L-A}9JT^&G;25V(APE`R1CMl0_ge0}c6O=n+vC3@YSXSaQ|yzjayMJpmV
z*6a>2CF9lLZfeUzZBP4pzHpvI%OYAiq;=cP+MUU{>~GZalhmo3Ud@gJRXp&VImK;1
zHtvh983MPi)WL83&zNg=QC#i!_>aQU3?rp$o8mM9kSYGUGHvcGv`n40?m1aa*;|e>
z7O}vc59V=@vc_hG6Ua4kv69?14z;z~ZaVF5d6J=n)yjTZd0J}OImGIdAER%|iX4v?
zuE(@8tI#2aF5V>%u-?KYK(#2Xh;z{N+a#OZ9q3^$Y?l1_jPsfQC<a^s+=YgmZmqxT
zNM~^V*mg60!QOrCxKb*GD@QjRS+#dar};9cQ=$&hX9_L1<?g>m^8sn_5;3#Wvq`Ze
zXU~gi&fn_l4}+tWW6k&V=36M9B}2SVOgk2j(+UoQ2V6hXMh&8g;f~1I1_M*XsL-uy
zc6p1VPeyB69!gk2$vCR52+LQFZ?%=)ap!uml{tKEKpSC~u*{P)_`pbwm6wksQe;!m
zT3ZK8TOWZ#-B-I~Q(d!Jpi;w$b1;~PqV5~}e84)u&<bM2a4y3*zR;`B`cTh9P%Z}-
z)c1iMFXG_9gOc5{+|O;yx6mH77198H?q=OM>UzrrDk#vv_R}?&XxYyO{rk<pRB~_S
zdegX1^SRk*HA$66`Rr3(PQ4Hv%jS&234Y3wrbzS5u7(>*^`hILKH;gvuL5nJa;(4J
zIl<z~vGujoGtE9~)+o)waUF@T6`~aCdpp9iT`X7wZ*<!v3X7SqPHNaJ#vqdZ&y&&1
zBo$m)<r|@HKwK6cnX-dwl5uL8)y%p_<t;949r5in`3yVtnU_TCz`_?Ez_(3O-S*{o
zd;9edP#uBa`$Hj_FsnVs%A5==D%RX??pyk7U##gY0Q>DO1LWNBZV;(LH!HImH&@xV
zX2^LB)X}NC%@x@pA9=T6+@d4zbc;Utpw%Y8jY11s#+70#L2WgKKQ=erDA`0&i3)1~
zE^*1gwwAYRfew!nwZ(^ATXl++wNtWfsC9%xtHme+lsxrw1$oxc18RI_F}z`{B$SJ^
zWpR))U*d%PrH5^_FXGjwhiGn2hDc3@I4Cr4ma2)+ZcCa}hX&2z-^1Av&M0KJL0f>D
zob=1jBZ0+nrW#0ISb$38nFjwx9Rp5O_ISgn2tztmTB}F`i;g5mfDldu-&1%CLC~jf
z?cf-rVLYl-^Kox8-M`%$vT;!6q(J7Rdfvu~fro|S<qsmPV2N-q=eUq6zW&502Pm+|
zqc6db@Jyz)Rxxb!evPWBrk;ZEgolJ?MqNlfNF@y&2?a3lmJ%62{^$d6e|dH=>~T%d
z@l?v%?hB_R>9MZ@29n9&Jxb8u&IFu=Mg?=%;6lbei6to9uUs&)W4)d2ujlED-BL`u
z533bE-_8^<$M1ynh2wp)dAvF9hmIcB;J2xp{ock7%gIefm$m7e{@ir;r8Z9G>Vyq(
z7PeEvJ1hBPA-FjufIi=@@3lq}+<VbN)ja%J!s2m@WYU&l*+g8mH8WGZVs4jZyE8lX
zZ{mzh6h6;Zz@<osc^xS9;Pd=*LqKsda^QV}SiE9ziI)hvOb(S#gRu6bMRb|1wjL8N
z(pG3F6QkMv$W3%>bHs9)F5w-3Pee<CGU$%j5#t-ZM17gF@$WzcWl-DxAl#7tPyMrL
z7?6W^PumZFv8<tkQJT(<-s(G?2uMi126J;d^PpPHovy9rmh4R{>I3S$1(bZEuhysP
zN6bjw$l@JPQVszoWq4MM<aSJQhuoVmEE^a>K`S+&25bOXcUa^6-R!P!^6RRu-tiDJ
z{eG#evWPjeIToQa?#u~a?jk^Mx5(dV^6eomfW$U2!9m1cK#V^mWkE~sZsg(~T}Ynn
zaOR;pT;3IXr4B^gQV}3V_w_Y<SAw%r(^CfTEHZzAI`$zPAeOQa;Ng<>&T~g9qvSDT
z!ua*_t{_?f>ju55(p_cqTm>wle;`aqa3bv}#m8QZeIT8(L4MSO$<2^lav-Oqr27_a
z2=(&&sgzy4KqlRzRK2JY5$5IX*zT@?{3Tu*GGUxi^>>J`;LYrV(}u=8i-XiLitE7I
zEytu}?rdD$RPRE(I2zr~slOZpA-(a10GHSOU-*FUXaY0iU!IliM1VuZNal$R0J9y#
z{6{CB*XVn01?>`T$scoLQWn_JKrz)dn+7F$u}03^Y+c((fA9u=_+YhP1*<fn8Vn&6
z*a5pR3##x0egxNVUxu|>+X1EVcwzJlkTzdLGk~FWC}SoFF^ckt?o*+H`HWE*J5Y;j
z198$O(c>h`xWz<imiQ9oa3(!*p_DVDmbmK_dA++kKLWnLbcKNw%ZRG@OA7C`1Cr&9
z#R}ffEA<ek2C%MpW+4WFVRFLWl{Lv<N}fo!kXA2K>@&Oz5jQzzOJ%*+SR0D`m{4Pg
z;3#eGC7Gz>MAOh+w(kJogV^|>{t!#M3TN@&*cK(j#^Z;DX-;FZ>ddu+Wrz($0<1*I
z?U+>{$Tf|n3hwgayOX8?AWyjb?!Y4bPPV!yU${fEgHuwN8-b7?#$6a8D9U{=CxuTw
z<|Uw!Y@(UA{NOwl^9Q+Or?u0x=qM~}>#I!i$OoMupW6QSR`k2GvK$u}178@-PPqw}
z<b2kaj*cfaB9*`3-H5?nh;T3-+g$yRk}L7}Q%>1SP)!|Br?{EOdymSps()z*ohn-W
z2m8z=Sh2aYI<Q^4`ruUKuw$Dusf5zBk8HGtjRG7{I({^K$rYE{`=VqVATJY}hEgW0
z3$kLT^uL>8=knI(#Kq@|;m-0M$9MB7*P>)^0n>r#x9eD!$j!!>z~8Mvf`PtOmmAi&
z@5+HVq<1hw?t@&Du#}6it8S?$Dr7?le@n=z7KIvPB-LgVhr40vm7O7P;9YYywFiFF
zry7u!pT-%|4obLb`3f*->pJ3`yYgNQq`N$CSzd8ff)-~AuQs0n>=~0JAgx0ru@%L!
zyf!RuK+}^CW<aqRSy)Zuo3Ae#kW0XxxP@5)icOKeBih}S6NFiVH%b^-Rho&wN@(MI
zFvE?ol(2-t6&CoEm%~guJ%5m18D^59nIV+pUp3>!DLbn4Lx>05bP7mo+3}Sdk;Yjn
zfK1V{-YVUnMUGxq09HxD|30bP@=<jvf~Rze?Rc4Coem5k(a_wOxhpJ#J>dzyw+C6U
zN$a!uQ}73#9M8bzG?56;qvH|p>m{0?R|j0{Z6RK_IuXOgRQ-cgX=vx0?7v8AHa8{1
z+7RN~zT`;zE!!}{#ZfjMeRO1Qe}t^Gp29zoRi-OVAAoGg^r|Tw&>ZV#@VA2gQ`We)
zfgHinilpO3Q&nnPsU0xQP*e%4Jo6fpIMf$EPScu9`A(Ab@}v>6Z<9D&8B`ZI873^_
zzp!y+G=HsH(+!Q9?-aA3r8QH~jwhU$!l!PDfQ<QS?yv6$(NL{$1%&yK)~ge)m!{+D
zoz<IjACjK*-D&!)U;wsVo$>Qf$aB*av02AZX+-U|y;ilnVz#gu>}<E7UNJsjjTHHM
zXI1QN0pe0nTJ8&2c0&v7q0rbmBM8GOQx5poA20)w{K=;&jOI>OV$^8+N6W7pakxx?
zJmHf6A!VZ(Hd^?&HQ#k|i6$E+M|QBp^`czq$+k;XZ#C!p(tgI*eG6GH<P)86tL20!
zn<B^NY=O~fumMO%YMvHm4dJ6Uvre;oQQ9-ZzMVmRl$^EFzQevYkp=p*d7`1N)|fy$
zMcOU0{tXhcEqoz`WI~w(aX*r+fPy*Ek~jM_@6_mn4YJmcRVpSp)d)%SA(NC!ZCl-X
zro2jsP2HR62@={A%(hb|Um)rC@rl7$k6(ACU+vE?LuXcpGX3|r;*R|kJ#BQzc$*)e
zc7@Ez=cRP`D1m*cP{wh!77X5b@y(j*wQf0yQiValIlpEN*?BBt-WzKoQ7}HTh+2}T
zY9(Y)!H&I<!BD(F38$AQ8@av=6+!^R#NPudWpGi@ws+n3pT}cE^273A>dt;0x5b#g
z_mbT78-e;*M9xu!Oo0a@?iReMG)CS>l5<pj>ujp-L|mTB6p4?~u{9{s)ghG%q%DR2
z#lzyiNmu!N2>asCZSeWB_uW8;kZ`zx9=_NlQdih|Mp5y!B`3VZ*qE--MfMbQxhKp1
zq-XxX$8W^!lF1(xSC|^jV(d3&50^M;^c&@MkDvXAyZcEIo9(HjJN<D2i!~9rd1&lZ
z;a8@yKkw_!pPxCJQW$oGwlpJ3-?|(;C}j<Z<>Uz*Oow)WIpkSo<$<is5oG6ne@br4
zQI%hrZf3dn{e?MBx&jVLZx{HPJcTd$%i>!5u(y&9O_nnCzRSBJO%DCy4%sTdBh(Ss
z#5e~iZ?)L20=ECCE^9e22ba5;lsNM;mko2}v_Csz)8tGXlxi=1@3~f8WpU73?I{|F
zAO6**Vt$>S$mOKQv3PIbU64Ja2o1#P-hSM1%U#p}s@|Pm1l^x`O+h8rnGGPv#m<{z
z3XrO~I9^{#i`SAGv#~VxrgRh|9UOn*XJO|!c4tTj$|jylCa_JCDK=;n_bW$ZWd1P8
z(zkz5$?|&8>Z%+WUk!C^!4)Hm8MFY<<#wLQ;^=yZE5m6tBZc;*k)Q^)VJ<+s1@+R8
z^Q5k56DK~s{gIA=%CWY!r>&EiW&ML_X=RZftJ~%teoO}%1X}=Ee8kpQ@?jV&RSi#G
ziHqraheWz_afQjhuMMY2hu>0Ci#HV|tI_QbbX81Z(P8B2IT<k+6wtB4Y&(2F{_rLZ
zi%b(LA4mQ9*l<O*#gB7d?4e~*;-U7r?xk^O@vwh)CBZ+E(zWUJ4u+cBn<+bUp<l|#
z1>xA-%DI6X>1V{jGv`Wb$7!@fY{UcXoF#t;2P~gH=rNqNQTZ6cZRq%*83)qqnh}+?
zgon(lw$?ugTZu*vM_YVPP!rIr_jJJbr!2wa2`>!mMQ(<@^JKEc{1F;vQ-nL}`qo_k
zqO6oQ)3jlC`dnVtXTy8i^BtozTDGvi2=ArluyK4k9em#1rQW)Ig@R_wOucQtqU;;s
z!xhbKHdk9m5bt#>I_s;g)z3Kgd_*NCAcBHKxUc{!*I-UbQI_yuhfV9?xph%l;9-4x
zMGb{zpyg^Va_h$V*z<Up49InwD=2><N)<|BI2YnHcFon}E#MXQY<M5vBKd%@pTHU{
z-?!-KId)cN8q8!AJ-*=LXuZxTxR`>i(cDb5@VR;Q(_x{o3pv9W{tBZ+Cbl!0&e+9~
zn?@hF?dZeM*pB7>K-Vo7q%k~gJ2}tIIn58)XK`SXl~43xL>Pc}wj<GV`gqIsV+wC_
z$3@e+@GP>(d-AGydp=uF>HVOd^Hw>0fcr+;wY=Acq8fGd7uJ)6@z=b%sKiC+3X7;U
z)((63azgsu-+rPVfsDez^HxD;t$(Pq)(Uuu&uP<cl~&akhl?V+qoM26Jh)1dUe}S=
zv9s0}Kd)@bvQKq#q3ig_gD}M_+dJ&MFL_gOg*G&ed=@BbG$ai`QRnsnsr3>)R@RiN
z$x_@8gX|`RwUoRc@!7clj^7y^74I8rmtZ)1-}NHI-um)(!@rF7NO^2fP-d^h#Yk=S
znCxpSnuV<Xz+!IiFY-fCK(0+qLon->FhrJv;ucjmQIYx%j<%~t`Cx30qw&`CYy}Lo
zcUlW8c9Q*tR<+TVafT6YF?gvKh~xMi3qa2_=@y7;*zZg6ygJ7W)7)%>MxNzUYAaGt
zTi<j*J5F}gj5f85fDhET(`R-pKn1Vwa`7LR;UC|G6=TpF1(K|M<nstb_eB}qP{(bF
z;&p++-e@gFZf}l(=U|<j&$}}f-C@y<sLEDlUq7LfXpu87@*1sh2b0A%6vgC#fQt|!
zcQGF+G-~1t)0C;zfd`YNJUgj2KjrfJa}w+V+_9qJ!4@>*m(Pqw3Pb1_Lk6Is5?Z}f
zukw0<<sA4~91S|u?1SMJ<&3lqJkerJUG%X}h!cjiKQlcXT1ecU!G={e7}H*Vem<^b
zz8L1A?N7BvK~Mn!Iwp#ui|^Us<f^0F4d@o#-kRcPuQtYYdm_F!YeN$D>83&%b$*Ya
zr8a>s0NYqGLsHAF`-s~aYR*V(K}~F^pBCQboO9=c&rsKl!t^gs9USLj+5Hf+Ada1&
zMiBti&BxEGyLhdLlgO+P+7+2VIBOzIgPx)fn%HjD@^aBq4V)cWqsue<HOxy*FZ(4X
zQD6Sg3ds3q45-=uvE0?Efb!=$>>lI_MGmWOKPBFb6IgIiN#UUZ3o=Rek{wdfyK<5q
z^D{w3FH<=K-Y$q7ypADnJf*5c^<VT7h^JSN9uEwLC~!Ss`5$yENfQ26Q-U^KwlT@n
zlOR^WqIl>vjdP@>OzZp>t3Q!zJ`IO=>chx7Y;lm1nLQpNWK@sKpCzb>8MWO{AeH9F
zr<K?1b|)G8gXxyQD-A78(D_W`J)y!B09~4iZB497De=q+gqGk8o<X6^Rs>0QT8K?#
z;RVdnSwAEo0sN>c?s=Eo;W`43jextL)gQ?6u|jfQFwKob<Zgl)OScONMBCn-EiB}$
zQT7x>z{6p2h)AvF1CtR3W>Mtq%)&2G>3D(`8xtH8#zFP8050|f^GR6L;~mKQtm0G-
zRw(y*#zj%m1Gr&n;v-qqD6;r1M&J$Cp>@zj)2lCObtZvxHq@9xlwa|}Pcr+orU*Mq
z9D5Xwo!7uAP7fSzxSw!3@HyagV%K9Ad(}s-w;XPG7)ZigTue2^W#3=$Tja~>5@M<x
zb<T4;K^lr=cf$V$lf<i+Cz;))EIB7p_^L0f(E7;c2RxopBbBnHw;X@_<^||!^)y}>
z+xvpWwO@1=!9QQ_rCrjef2kxKukj1<N6;J#m6p=b%NgK}EL~#J=ZI0t<Xs(BI;NJC
zD-T2tigV>YRf{~t^)Dxstlryuw-7zepxD`NAL+7Rk+Zlm^3Jc1!rMI4BNQ9yGNwmY
z!<Fu*`dCQv2sfRs!}P;l>%KHDBfaujT!Wp=qX-vB{A0keiH`#ulisz7{Z6+i?&?^j
zxMYxAtaIE}RIfB6ww_>nr7^v!?ADbPjW~GM(^8qfoS-D;tpi_zQw;7l`V~k2WkK81
z7TSWCUVdm7sH0ETS1-TXQIA}&7-&ky=cl&Ww@L&gN6{H$PH+l$7c$=b_EPH;s&nG1
z51u!9PNAoVvq}t{6Z|A8wL#GoO?Y73mlj?xrtmbdyt83=RtBuiU{`Yb%yA72!Tos$
z{*E|OoG00J6h60VVuZ@0{6g{<x^g;NpG1Qv?0#`+nsZTB37zsNP2yT58Qm{8+y$sj
zHSuV*VOB|$z~pYn#HSTy4~@H~W|SP4^B5JE7>0P`)Dhxg;@-yr8beIQ1`Cqw)hvmS
zO!QQ8zK*peD6#Imh4M5T9WC9{C48;Hiwa86C=<L_^K$mJ`HWG`O)_wsmXn>t*yN;=
zJFjN5!$KqH$XP!a1TB#}n!l8_R!6H!p7vsnrUU>yG6O>=+?GhikbWg&X@QPjU`QL$
zKTy!OHM9d~!t9&yY{cz=S}+A?C*NFg(qn!6A}qjaqNeLvp7VO{&wFhxyKLPxv$+}$
zWz6nMnl#FYZ^n`tPJDeYL!4*=_o%v4t|*T%5ia|wZY&hn?22WmZ(n*Ox#VN$9dTia
zx?!Qy%tMDtIBa{}szYZ!naz2d2tqPInxYEaQs@GWV8crJJPN%2#6{RS>T<Oxlgsgl
zmA@&`<uUZ5fVkbax=?W#pX;@Hy_=aA4%}+E7c^GZ{nn8>2QxDoERt8i<XNnB3KtX9
zRlEh3)pY{)`H)^Z)5FZHO6*`i1)S>T8<7{6w%fy1xJ0JWZE{lRx@g_O8R)lKGSqX0
zfS@<%3Uo5j^+%>Y5>tIyL{XM>qr+a&iv|?*VmYXRJPU5gQo!djaXTv?Dx_mr`Ii8O
zi~jU_?gtR92i5_UKsQPWxLD}g4c&U|yWH0s3oIDA24UI`7rZn>wLwHH!=D3~;$80w
zx<U@J2t9-mb74=?M<Q7BJ46{;nag0sor=p}0#9hf$FF3w)C?;feQQ^!=#J@PGz(ME
zzuDe10S4V@$d-y?Rf351IZ$EE6nHH${1%21Cm7zM)edlrwfd3*%~fg42R5%YQs!S0
z95ve3gM;tY*AB678@Byt!Z@7wxv!Veo+A<4aj(J|?<f7M2hshx2NZs;O*yW&)13j6
zXWM$B%zgBE{N*;r^PIuK3rEnmA&(V?wYGPYUR89Nll{M4B_*s&vuUWSk)`P7d5A(}
z3bRKWKUkj2rD^FTCWDs;8jo7dZ*EW~-PeLU;S_4!s8I=gVP_`X;5)S@@h5n}PvgfM
zrkE)DTEDB{SJ>w!R*#UtdW8otaXQ#k!Z>7jMmY(n5&~K-)^!?sSlRDuf4##jEthec
z|Jh^{dfO3{@5oAoJH5uHOgWQ0^_4zuD&hSdM+%U4I+vy0pR_hjR$k?EtqwG5V|2}P
zHIqKD!qd$iSyxlw^cMMGi&6o3uOAWoo9jdsZ}$1(<Xk~qqKI!+Y=r<`Hf*4P%f_}<
z1?!YF6;o$!%g~xVd*(B)1X$QpWHwG?1BlV;!!9<gl-+oH4^TFBN%ElHLC$+w_Q#!;
z>%sJn`13j=6tD|TeJ$|6TIzY?*&`3@BC{;XONMigehk2}CbbaT7?r(RL#x7}%Ke%6
z8rP(GMFN^Zd6oB<&qU0M<`*DFJT$J+>lbF-iF4U*QDXSt{Ee^kvNP`UvcVsul}_oo
z_Lv^L!Ha)?VbT<5d}{YYhh^*qsMU{#9_Iz|HzH{2)IUH~e<-OorlBBfnDoDdCGY@a
z8`)6l{(G4wx5wpCZp3%W5R@+<x%5jGP+optsIw{r*+lsPjQ~sbwAWBob(d6-v$KI9
zXCZA>bkyU7PylLR;$RVA-crDFz5bAdRIvr*esD04EVyyZ{<e*N3y4YZP}PoX-#Chd
zmOONVZ^yHgh<a~(+yTm_%H(Ak4lC>fx*%-UaZ`Tyk~imY1DydQnr?9XCR!dC%lyR`
z6fi*x#dW7&F4%G89Uz`qe8)@a!$x>uQ%NNcigeJb&?`8oX}aR76z5e7>60Ga*m@I>
zryixcw^@Ej1B+V=mmv#ZV555Rtw!>q(7EL{H9?)=xVGdTJ2jtEvJ0k#4|JVs*$1f7
zr}+R$xYCEiZp=R4v$8yImv7&yXXvxv?H{p~v^kyot6O@wlx_Je$Dmd=<FD-2GEi2A
zr)v+P9uHz`z{N6w|5CW&v6<HI*RUEj_=~TNE||#V+l%5-77X{c!J&`1Du$Y&h@mp<
z8m~*=)#>i6^~T@r_pzX7E$plGC!kvU3<LwKeHQKQ)!QJH;simZGSQ&CV9>&qdA5DR
z|EhthlWkSgc6HNW8~)_m+~p+?*y-hdBVw$+{9_*VDrL>;+->paAQrO0fxb`gz=Vw)
zHv`<)!cJ9e?kW?bjn=A|zAV;F+Yq=WBf5HdC%DUpE;b3Nj!RR&%8KmS6%kA2=fITd
z0Z;dGy4;!+<+4_E=dYyztt8>-6~tj~Zf61xmn$0%J@Nulb`i=#KhPT9gmczpZ)*RI
z|49&aYT@1Xet!wR(Xi_<C~!+#nS+0CVNzTf*jphViVfSEUTE)avyvn`R%82hG?G)-
z!2Z_!IIAf(INIsvy<Ad9MH@{Ljr+xGRhh?|%*sL88<SEO);zM)({<+Q6O%K&R|l}C
zS&o||>n-VVZ=<bkPFjQbcxP?-ccapyqxVeD{{><i*#<_Xr=GX+bj&=qhu(NF_~xl;
zZ(V^xlFDY>u%w#&!*<b}mOh3_v(9e0T=pB}*Q2|h7I%e7I^DjfeyCgv3SB$Em&+a_
zAhyC&g-&Ze!JeVJ$4UCRdPY!KCE_)y(R>7&AO5DKrK;H$r#(5|Pv#d3Mim-_Vu(%q
zeh_TVckGl8D2x<51?+||$T{Kgp|YGtH6G{t10e|8lNi3Yg!}gWgb#hV2BIWFdH;Vx
z7xW~P*xqA|0@nOp6ts)C0E%y>0tr+)e5SdMeRKVOY-x0};G8Pq<d;<|Wnqhlx5oEm
zw`xH0NoiE$wRct7X}0tIE4e3Xn9;~qp&p<^RIs1&o+QJNlAv<T#(Nz)j(S^%w>Q0?
zGjHlwScPX*b*h<Tlw5_}n@F;f@9#<i3}a=w=ST+DAxa|Gz`GfW^hj1Ek`bly9m3CK
zxOrvz`yVypyo4<9Lb5Twhiq`3w2Hj<7#C5`kDm?fN?wuK=V#Z^C9dT40mDnvrl=Xr
z#PRaL1!b$W{2b44XD%IYwoxb&aEQO@idVDT!w$U+q$_Nfk3?{#{FY2`iuNvl(#RKT
zK-2B#uK%M}mO1~H-XVZQ{&%%95x4i>)yks)&J;hD2k*$qe$xX|wRd&9oZ)k=e)6%O
z2oP_`ZcQK5p>+1Lyzj#|M;IORFwfp<<<!UXOYxS(%%!H&>MoW~G@UQ6x*j3X4pXFU
zo4Z_aY!Ksoya5JjdTzA>^dNl^V8%(_-DaBt&F`fi8y88jesbE`f14H=^v@4hU6#za
z@(;2*lU^ZJvj5*7;CF0zcA?4dxy5`#v=J5S5A3he*9=xB=1bcx+XFMo!o)dP4MlyR
z@?MB{LXmKXR;d_kE6&3{DSw*B-22#1(mQk-p4EaRBw`a~>c4W{SdZHQwxw=Xy(TaJ
zG~aS0T@W;)vpKkt5Um;)6`mk1MoMdMq{RbVj(&5yg!d$zZxjOh;z>Jw&iqIG25^UE
zJCd+Yu^8Kj?}0AW#NmxWJtnJ?jX}JY-k}kHbOhqIy0$x`ncF5nZVRA0xBzq~0C9}C
z)te}XRof6p4e;sy&|BA3j8<XC<?10519Ir2aUOtu&c4{?pYoT2U}O}Dl@LED5MdEh
zwnSG|BNCnh7gwJY^Rl3@Sdb?tv}H=FI|+}Pke8vQ;~Q_1y({!#d{^I=aV2}BEqg&j
zY6Y{UhsEl*!3?&N&DTsBEH)44Rwp)lnP+|wq~bX5;iUz%`p9mv(!o$*!ovwMfN};r
zUTOLPE4OfGSlgOAx;<*zaj+x@;?DMQ;VgynH`lVlLqsm<$Y!V?HqB{C6-vKMcZWLY
z-*TLqZfYI|<j{o_r|DYpVy5HAnsDx{sPzjai4Unl?e=kw;nx>ew8q6q)@c^2cd@C3
zJhqfe;w;d5^fL8v#EJIH`(R_&W|G^A_hR2%`W#~Gwq{d=hj`GNc;S+!l4Bh9%Qa(!
z%;S{wJb`p-zQ+6FO+moIO-(yc6NCTW^QE%7u%*tSFLh5o+N^+vdwh`=xgZlN5$*sv
z$2m?;UGyJ~+_u2L5=nMxS2Q}k#?mC9H!KXqEup6GRh5V4j?Xt+Np85nuI`v(Xf5@#
z3Y);7K&3|7yqKt{T?_~XYw8+d=^A6Ma##0m_lU9pm0?kJJ#ne{5NCjbWhElug(WuQ
zoXF*LtT%+ERc(VN!8|vyuN-zhrK@G)6RnSGnZnl*1{&=15Aa<0%$i?GKtUh;V$e06
zY$Zp3CBe$;|CR(pRC$>>zUB0Ko%V30Dh8!*Hi7KK`niG2cS8<8#EfNKqRCe+2!`f(
zDczM;52b_KvR9i~4`D2uMul5FY<<RJs|c_=YbBjdV)y<`v7Sreh#Afb%Fu*{N#Z@M
zgQhN!a>hIGfRtH}k973~lMP&heBOc2N0!NJk;;sJ@TLFt*qi?t4iMM$ya3#Wb|yW!
z{JdRVebfHigqgSZL@7>tO^ab}QWP`?dwiM4p7`I8fR4TeQnpCI_Pol&O|GdG##lT1
zaqeMjL;l!L!7-Ge^u#B_dJryTy#;Wm*vg*CQ)WA$tEB?O=CKc}TAoC?uLJRtj2;y=
zrQ$|rX)?4z*cu<IbvdCry5|0>PFnt2<qAW9uwqz;IXKa+hsdG%QUB6jT(#D`I;jrI
zOo2T@JHO_RtiV|JW@AxtaZH)9TyH=0VIt~u6D?6(b<#L%sUxAX@eb|~Wak#!uhNu+
z)3<%ji6PpuqT#<;g5&~<Q4G{ky&9c0H2x*0-FE;fXM*oJ{3Q|mbM6i(+;JOjHJZhQ
z!MPqWkLDZ#)CC!k1)098NfPi;(L{xl=on}c-0S5|xGFp#NvC0Qtf|-=Xk<LI8J%?;
zsVsE>uTwAVVWg!g`T_!(EiyiLjrkEiU@&B^*D%q@1Z-TxJVmzmy)&*L5u^6O)<fMw
z#kbPX{>%+*@G~6=-<**hb}}7uuSWxi2RT2(ngMJIMq{NNym%S|eJN)d5KB2>;DOx2
z#G%6W(D^qv)N)>ZVx??N*hXN!!P;CNW!C4g!7(DKod045WtQuIs!aUlP~4S4IyvGl
z$2hxgkEk9>(TO$;nObq-s|3K@B>qbn5IF_z(gch>=&RN~Z1HCQ01L{VVXdvlv`I(-
zhs{t<@G;2XxWI$_4uenuSU9;z8jM26!Zlt-cLgd$qhDsv&=Z;T?-&G07<WRz2KQB;
zAnD%>al68JZO#+Yj((NB%P_gEcELqo|H~<lm?xh4^N&7W&Dz2KPed8a5D`O)h{4q?
z0_eYYFZoh&)WQBRt^eT)j;;JpJ(?{n7%k=9*hhT3tNTA*HY0W;GvbsW60&X&dN<%%
zLYQ-6(DO_|$JNLI&)Sx*)Xd3}b(j1M0f;;rkqBxD!WJUguyKDrzf{A0zd%i}xe<|l
z-j#ysE1j<q6;}7Xu8I3BZ#ON46rw%z!`%T$<ZmVZCoCX?6XptkmXp6{E5h}-dn^yg
z<$ycWH$fptj5W2l#rHTapQ0+UJrp9!!;a~z;ctYZ@2><={9)2Dj#^9-f+4A-CIQ3(
z;G7!GaDM^uAZ=>7jny+5sE24xkn_<!PUTw_zs*%n3%EBpN$;DY0%Cv)P_LlS1pOri
z!PP0^WX31K?`X!fK)qvfs(I4H2EKguR3JPeJC%BPT5m%jifVyd%tj=1E9x*e6gzRU
zrf9O=#lALl`8R=Nd4fc@cx2o=#&(SNJ3UY{W_t+Ze>;Sz@+!&skShNlq5vNq6cf|!
z{}2TazoLNa0=~g8&BO=Djj;=C2;;wzf<wUn8!1r0LWEI}Lwtj-iYtpU5NR#Qf{X)p
zd;@ZTYz99Y3&t`Fj(8kj&7ZsOr`f^3_F>rC{okknyx}|>H9cmcm0DFK88G?0vNk}N
z4%!kXqKk%+T!*Mh&AOPYVkOs3QmavO#QZs0#Oi`8m*+`;cgziVL5VGbt*ULDcD{)Z
zPhST{e-xMt;Q)Xf261s!8}VfJ1KZqK5a*xpP;-{`nC=`T?EgC|a7+1<bj2foCG$zS
z{!g*!ka#aEwSYw=3~LYu*)h%u6#8CKmgMLER0UA-|Np8$4F5l>;QfE90tL>4FoBRi
ztP2fb>-;qTOBE<en~4|z6xIUCI_uYP`M)`4ty`-t&NYG|I~EQ$0n48FIHhlRr^##m
zQRK>wJTI4@l%B9BefZ7uWcpp5=Ia5;uonup8)NY>VzX=^8~xecMDx`0T)Cms%%-&L
zDYF{)7Q=KYOXj+pcJpo4+QxnH`fsU|m#OXF#EwzOba_W|c_S<%C2N%woz|gt&P~By
zMM_)otwiEDhmR?{ENU|=h~n}M%>7gQ@=ex9CN-tJb}m&Qxy>Res2EBhk_vA#oCJz)
z6=Vhc4p{GCgx!XFO<xN))HY19LQd8`>nKbz*l7EPC%;<po{N7))bw<^L3M1`C3!v3
zM{TVSj*lcJd@V7hiqjuA50X|vd)8Ws#?w-{P8E~UbGg~RN8JV1Kk*HL8i8zjvJ_<;
zI}g8qP+cJJk#?7Su>3<FUrGma;S%PpIw8{Bq_IiM8IR>Iq5J5Hp>$BwZ;PC6`J-F+
zx)$-0%n*(~<JcMsBXTd5mGI>EN;tJ&agr;^2C@i_lHaAX5Ey|>)_W5c1{-mraBc8i
zjOnDw=d*NiouW6De?>%v+0BJRx+J2?wX)>k{`LU|ETgD)n3ub-*ACkq$V!v&v=7Z%
ze7hl`nWOTX3GEUj%c>pTz)yKrMIwl&WQs3^ZfugiQQ5*NzuyaY>_|E`9V`5b9<iyi
zCgZpQL(iTaq;AedCH^-te4U}r!MiUfMjoeTq3y{o<<#3A!eXvtbIS^ghw^!qQ2L36
z;cOB*LrK+0jO9Tz^2#8<(AV0|iq3L1Syu;O&<7dg8CTEEC$~Q@F*P&gr_21Ug)4yn
z3Z{${G@{k`UrMw-v*!HAu}`y%ZXpP3S0?3-fp*Drx7kvUFJrSUW#1oRWmqb;XjA&z
zN`<-X_<%8g2@)~(Dj5N}@z^uve>tH<@+==L1E6cz@>3K^2eWvsw&hlvb81DI*cNS5
zG>e$0Z%kGeZ8;LkxT8esozF`)v5u!xhj^TfPOyjz)}9DU<;oW+G}$7oR2MSCj)1{{
z*bDIIB$q3N&WkxFT0HVQ_7l??jW$~sMbiT?)kxfzmY8DbCdfM$_Zeiy=15Fg3~{#Q
z%Dd{r8|77?^uK-pl?X}{&bCt_Xzk%{k~h!{Yc@bv7k54y0@16t8*~q)$G;jZuZ5%C
zNK|!qm<Qa?s=%W!hynYyj#Et-`RGDa_-`z|6rI@e0bQ4)n*}J0JyB!!?PWKf$H(+H
zGCIZDSxJuGDK6Z+oFLr3oFMZ_pb;UZL((KG4kmSvdCdsHM^bbC|1be^@z1Nozb4=T
zga~(!Y6OJjPx-;{N$Gg%O+l(J*89Tm3r~eR@<X7Z{NpJn!#y|Oj(!Sz|F0#VySh-2
zjdBW9kTbI@Vv&7kstjt*Px>g3V*l$8hji*sH55y&=I{O`?~)2#l*wW1?w{K?w>RTI
z&8*1GJXClhu$#B^9{Pt}Fu7npBD|d`xw}|?`9|pP$5wLt-oG%QtpTxya^Ne&xeZ{p
zYJp!Gck9gh;R3JL44fxrY2nj+C)aZTG%{$$9TZe<zc|qBIpQ@?j{o;W+9p0aUCG-2
zqkPvfEl5<GFq)3m4@)ZC?5(YK1+?==ciHQg1ysA3lsfY+&!&wtf3!6f#aA}4Sx~cD
ztLffy>TD$Z2L>$g|H1&N|G<FNzv)RCJ(sc1iWO&WafPj!JJ^-dHZn!+d+5VlHT|KD
ztKh36G6l)RVoE+({D*p!u)Hq(p2b`^*~}c872xzH{YeRTjFV3z?r@C9Z#AyARl_3M
z#rzD2SW$Em^JZ6@bkn2444FD0i<9DRBqKQiTTlhzWPgtpSk(vRCj}>Bg&Amd+K+vf
zFN#1HJhi0bupFEDEntcg>oosdbu9^WN<}Q_8kGBrv9`9QlIJiG*;-{a{!Dei_MPqK
zJIf)D2(3?`Guu@9?GGvrPz3LDkQux_f~L5P&~z`1W~X*Ann0>;>ttIg!1&q4(#Nen
zk8po&n2aZR*XMd<Vc+byR0biBqAIvQ);L*`;_3s@mrA;M^!B{Z8^bYwUDDmRpOZ72
zl$E{G-Bu<;9X*xQ$UJwFS22OxH=wo*ZjNXR{`{NdJyZ^Hu<^W*Gi^h^xf!Y4jR*zN
z9`3rcH*=`59yUepq=PSbxHQnT8gV6DkxZX+UP*kl0*afLBz=N3<bD-AD_E^2jj5<O
zUw3A87%Xq^#~J~V94-z~A@PgACrQsg0M9+ZfY-A`xxhl1Y?iFnDnN=1)u?#S?b6fX
z)b&_oy-GyDg$Sa%$qE%Qk4u;S$1eOLXI&y(4WE)W2n#HAN7kv;A=l<_hZuOI%0^BP
zU3#F4L7<vypSOAks4$9+NxGl!O}UJTPt7*TkFn#Xqho^ZIfvQaVu_EN@EX{9=x$(j
z!>n#i%OxwYI;b%;T>6XzQN<H8n!bjEHi|l<3Lnaa_%W&1L_?t}n;z!9v0D%vaWs_d
zTrs5_6K%ocO@`aw^_HMhXij-vUYx62_)S)Zk9E!`{QJ$7kc$t#^(-KPa}PUeJ`UxP
zi6FmJXpk>F0x71CgwEsgP%pE4T?ZOO&sI~czOtc;dS$uwpN9H#gb=N7x!?-MqMPQI
zFx+Yv(mKpVqDuFh;(le49&d!P5%0`=+QE&rr2N&?jc88Nvy`aCBTkiedP22oVa$LJ
znF{FdLH-!k1GPEtqLx33c&ia4qZUF|rJ|Q>C}vYAC`<paA_VJ^GR^@-ZdPo8Iy5=S
zJT#@E?;BUEFx{F)^MOX3CyF@Q`qV^3!yQnw`ksW-J)28LCZPg)fU2(!IRwyR0IYy2
z%?b`PB{(meKQ*B#!^sBw3C}2!CLcc@oNLRH){?gar(3(LT&b_zjMQuo3Wo;4MgBeL
zC>;P4H8!H@SHRhme4sUvq^i^x)tI9<|JEW|mW_6Yht#CHB@MzgFHS5zB{oNm6=4MH
z>jeG^b`%B6IXa(Jmp?ZO$F#<D?B-VZu154cN;A{8-nX4DH;cEp#n3@rnoB|$tAp1m
z)GO_uQ{O|>u=mk}YAw~JM|DUWq-A>PffbBZD#CO!#m8js1Y0`<BpVOqP!Q{)^g$S@
za|6-`ALUmiUq*AQ>oL~`Y;u#%GEqQnx#fU-Uz!A9M1hkGl+jFV1-WoR&NF47Gu>zO
z38NQ7f4Mv6rzq&4cI1wINNoRYNzt<)&VboBS}_nVKfoJBkd5-U)4m^AS@p{pGvAb?
zkF5}hq^4F16|v$?MocZpOh3syu3A}3|3p&X@mvj$Jw56e)8>+C94CIR_~d6FfQswC
z%9F?r#u{qG?t`d;VYls3p68C{C%h_3a12lfVa5S0cS9vsdt?bauN@?V8CfiKcI*Ps
zpiw4|NkGDIm_8(*KDY0z*ut)$yYcNmHJCHu#MA3+SU<<IgO3{X0o)YX_Lr%rehjv@
z7k!9XO*qJHD-?p+TVLv96p+aWBVtr&n)d<*Qi+*BR79mXG5T%~E5;+t=3GO2$t+s@
z8u0;G7&#*7&w)~67rm7NramYN3J<M6K$@T!D7qESQ|8EW%Ej62v*sLBS&0+EBJ@)y
zu!$_<hKd!<s=0S~kt1>F{oQR<Q%|ayxpyw|qZ|^WrDJCo-k?;fCoGSFKF{=Z8F9j{
zt+y0qt@dwfGl&O3HOrUb%^iBdN;*rLA!zDdV5Kaoy{@c|7?*);zFG7@ef8KvJpE$P
z#GgZxLK&v7LC=JhL24thr>Ow0m~N3dz!MI)F0P*4H5~fN+OD=3_4>&qG|=TYKDljm
z9qL76V;@E`E3l|JXrY#QCS4*s-hZh;kOKTFDwa7&6dLoHE=ZJ8*#?$nenN<z7<5-i
zzosi_eOnrtw7$AHg#M6hDGgDwKeXOh31bod4-3%Cq2C=#0V13Ek;{E`2KM~`Q8035
z2JB%m6C^0)61R5riylQUV$U%t3I&Qfy8;o5ameyllTU{qH$p%bYPxlr%qQdwnlzI$
z@S)IFA6veshgRBzL7jGij*VovC2{(KFewZMiMixM7^M4p8;iVuk^*Mp@2<mb$QA)9
zAX3t&5(&PDeik)NB0SZk#UnfoNqQT?s};r=784BieZ$p<IK@vRWA+8E1#&Q9c+j0s
z<%m@aT@hSMiy0X+lN|5En#j6qfXs~yRcoorP%9N@#`2Bdag?i>=It6OJY$}5$=<F)
zM&j(r+om0^F1YPH`Q$|js)h1+wJo<r@isfq&95X}YO5j{rkw#63tMz{Rdd0`q?&y&
zoMnC-ow-{;(!^}V{iOd)qYo>f#xS5xlSuqdqd#iLh%4&G5Dj~vB=n-viucMB2_Df>
z#OEheUj{ZyJz5ycEfGP>7OGmwK2MAnXoxoJF=o$Lfa;ddQ4GtIAmuK!6=D2C?Y%OX
z7DqxGztQuL7Fw9#O5Gu3HbmN2I)GQSkGz1y7Is>!>p&0y<itEd(-<@1jOb9uSABop
z=X5_UqKiJM1YJ!&zJ$vKJpQX6O3~$wG<64&lN?*GZ40#%%A{MWakLcGJ&`@O{5y?a
zruJXc=wsD!lsbDn-DO3pfY^T=Uu?Dvr8zGLsL+~S<U!wEy)nJU@F13-BPvIqFvOtI
z8o-dv2Sq3tnyqjXz>@caZ$<?ux(~+Z;S!d_->s{ocm9=Io@%6b@U+}PsIy!LT*I98
z7dYKL8l&#w+E=&xMN0<umf>zyMbah3gWFta2)OR2!}?0lb6!cdZU`==pJNs-oC*g0
zBuH-WW%z)GW_|@pA2%-3ZU%Ws;i)}xx;OweU~F@6%DCnf!$wh=>PtZWAbxQMFBd6^
zgYeWIW3o?{vjBfLN9LB*2rQcSQCQ3uZH&lSytE~tYThcEL%DPcrhV-ADY|xU#x#;s
z*(c`;)6eBY3}QK%8HA6dqa-I1$`<u~_~G@@mvI3;k%pOGcz+C1G}~DN=q#?IbS2@a
zCz=QcgacM89xzEw+VnNowFVD1!%NZF|6ZyF;nDLcXD*!SI_w6Zc1G@RUI0C@yXL0J
zv|KNH(L!Ty6AXOuz7d&}Lr#GWt^aJx&S%apS<BoasGpRyuN*H#Bvap8PI_Q?SPxZo
zY`|#ySqMHvy6Gqi6Ws#VBbI*j86K<mg*M%MVpQuScfr12w{+P7&_*Wa#hpZybNEki
zBYdODNcX#h&7HFiYQRMM;=RX5H@~RvV6&L?pAGB-57FQ3nropCn}zpKFVe0K?0u9<
z@<0gLWLvw(+OL=RIKbsC8#E6y&Vzr~==*I`i!eev-N&UXPSh)7j&73gul>ukY1p}M
zh(6&rTp!tyU~!maZlPK(>+g~{M&ie%wS#7Gxx3nYd~}rR70lhmvCA7FK#j^jkmBKa
zb$^{4*YGM3wT0ZA@HT>mjs8)v%4c`zCQq@WCGX;0xZW+)9i;zXeK!Uh9-jEIV=2M6
zw(xbl>8s$9Rce_Ha9}bp0g&$l?$!IUQFFTa9^%gquf->B1C(CSQgr(*JFl=&TCHnp
zmp?=!Oi#0cwZa#_#^Af!mFed{#sK`}KgQs@zJK#`q=q*#)ipi)w25{*&_c=Mhy!Al
zmf>z;_09|J?-6UA?x{2j<nbMIh$tBnnN2I<8_8UeT$dZ=@WqIX4|~&NSZH&dC|7mz
z&oh5ZVQ{yiddo<~Q^an#m-?$XYK#uJ<sDC1cGm??6jAVUTCepn{;ltg>rmDrfG_}^
z>pWmH*4XaE*Fe&f?dm>NCjxJYI+Bs%>n#nD-#@m3)_%^2+YZk?7T!^{xeZ2yVn|4=
zm(GqBc#rMvxN5qS*3dpGTJ9*60^NTUFg1{oOA0%-yyn4VRprTm)-4qUsc)a^UlLs_
zez->^P@>jfm8B*)Pq%wo-jtw|Qe98~>1>Zs!l=l3lke(ACn%;P2?T6=_MZ;*j31o@
zewDs7@3ERq=o-@_DYeU&&%OwwDEj^=BV3vR7KGR9n!7Nj*5U+KV6V#3`<f<C4P&FL
zw@Ce33&mov&|6gwEt0$ci?X{4s%t@`MUA_=TX1)GcXxN!;BEne1a}DT?gV#tcL)$X
zxcga2_U`U|Zg<r^Rr6^*u9sOg$N0u?`{TV<T9AhmQCulD5Q7`hhY?o@9{)7@?(V&j
zL)||r>-6+Ix|EArkGMqi-(lXa>GsqC`?%s%M?W{g5MQQ=`3f+|2oEvkqqCv{c$%M?
ze1+38pi3ejyl9D6L}JJKJJ8d@Fo((Rygp#GPz)A<d4&_=eVC(SPUwCfoO*#U&T03y
zXGoT-b!mSbklQ5{is|m*m1I62df?4;)6Z+HX2Y}|e`Bkd#k(*~qBp~bhRZVu6zk96
zF3*44e|1F)IZ&DiFsNoeU)xIgNW)d{Fr(*h^T3v#t6>xfo!4%KvE_K3149UHk@sPM
zvHz9|Bh*9^lr>4{zR9UjcQ|K+jhnQ{I3?o*q|JaF2IAiH``_?)L@L;`DmWWV1NaG)
zeN-7+@=745>oQiP;U^*=KDW7%?Lt%6jDJ+Mr-(}5+u$pCbd%r)8Q8WQ(JiKsKtH9@
zS@KA2!1pJGM~SzD2Uv}`auI1<l#MQxVkjF)plpbN#_tTd(c%;?9kTgn8q2&=OSucy
zr7BS1MYe9nI|!Mp*wafeLYwe!fYqm<5C(m*1sqnJy*0rlac-F1TFZoE!qA7Y!>ytn
zgf+NyUOIel5b%r_#K}ZhMb2I`C?GseUxPzc%+0Y6SK^qNdp|aAew=U4jB6#ejqH7y
zBI@|8ah>*U?MCq%xn5&n`g6ZdX>YwEXT`6&OsK#Nl@Anqf2lynCx&KRhYH)9xh*A4
z5|QC8WlCX4tjYb$TdT}3WSBWq9#|xR!pvsvAWcEB3oWwA@50Q+&Fd#3%2oZyxWuvV
zy+coqeROT_M?nLPpg>`-o5i<SNR}Rp2vCVt({$$k>CvZU!xKZJg$lJiUva<S+nJ!@
z>NU43I~4LZQw+}An31wm4r`X1n%)7bLud&x#<L4IO0xXCOh+Y|bxlCFo}cgR!83sd
zTS+Qi7;E6c(#w(Im6-%E{Ys@NiS%x^g*?-r`l7kFu6kMgF${XoqbrcXsm%G5u%Y@m
z<f-5mp$k{S$#X=2`M|THFv4k3WdY+N)sc|)ut(&~69pcU!WcW{>ZFz#VRiDX9f&aF
zYKmpp!6p^Tf|7w_kLU{bG>-)q%B-xlS4aJRR%eAorHiHwO079yv=7a_=|Za1BC67q
zc!iV&Uq9QTj`It7Lz&&E<qAtYM_`|^Y}=T$@<m=(U8X8wq=b#@O%@)(XahXDl`Gcn
zUmkr$UJ6Fs1DMIe(&?q`*_y%u21SBY|C_;g^fvp&c|9amMy}{N*8W{tO(8PqI0Bwz
zw4qouahq6GvAtgk{Wi$ZoxTNB)d5vfp8#=nSo@4ERP|~mbM6^%z!BI`nrR76fSstF
zjWv0$g-|cZZd#L5w0(mBrn!~UW4$zTl51;Djhc!ouWpiyDyKaj!Gcx9w5aWR;SPxM
z!}ETR;E~~ExYFk&(hp``Tx;cpDt=$<Z>1l`RkJev0X?~Re%!BND+9-96GSe+z^h*b
z$q1?kr`{h&D6;vs-l<=ARs`JNoo)xNtN2UlsZIJuEGndox%#_`5IS>%pYN{c33G8a
zk5zs5X7?7sFZ<a{LzK-Mr+4zx5Mhoy=TAjDPHo0gnnvJ04q4#0Ll$j)^HW(D3xZ7A
zHIAlZf1MS!2bSGYV}_45U(;EQ!hXfbjQ+x9f9erBKPcpjrAl$IU(13FVV!(1Na~l2
zb$@4<ahBnYxYzsrwlv$$;R~$&858Zmi}CZw@QVlQ+GW!q4EatJcc=0L#HNsPPx2_c
z)DYQn<t(i}9<7Mino9`bUy1Q|Z{qq#c6NOZ6?OZ6C&tHMB)7)n58U$fbA<x%p=AS%
zQTvRyl@!Yxy)lBxQ~!||v&Us{V9gkTACuoyBg(YiV3P^^{hb*T6Tx<r2Tc!@OE}f9
zbsNHn-bOYq(i1Wl%?354YtE(%*T1NtGc{0O-Bph8#2ma$Sm7Bg_Hs&C!J~~j67F6x
z(OWB-!VE>i@~i=|tS#q~;L#8qz^uuogGYiY%hPJ-f@7um>x<w8M>;~}BcS*B;L|2M
z3&5h~QQsO;j#m?>sRF+HI8kOgR)^S3hL*eXbs?w0FF$Ttrd;nkz(hpY+9CNBO09%?
zV5B~bO{b35Z*)wBwp}<()iKlu&~H2!7EMcXi0`N>|D?@XGnDUHJ}`8pty}jWv7|az
z0@tBy&`J+8JEvZIIdZ&Ld1gPL&7WXjfofq0b;MTYd+Whnb4fwy;g7AIBTzH_Wd1dF
zfq4YWEdG4rB2AA-)$>uL8-{|9PqyN)j&`a>V=JfSQM*vo*dB5btE=t_eX*zTH3mB6
z+wm4?H{qG`;@ay$bMtc-5G_>B+Y6=ij6&w`067d0AY1tDvs~=1um~c&G|PhATykuO
z&!5Yot0N+M-6!X^m6vgOW$EyYaw}?|BmKBpSE#pJ?qOVG?`}(^i#E?z{1-(Z`45V|
z_5VWAasElsgOTB1y%hdmD0=umC_48)D0-GNQ1Ty&ZUTObpbwzvgTE=d|No-s0>3Fb
zAGCT{AQ{F#C^`axk1mi;i8|I^TxpsKdm5#F0nnb67_NzWs^or;1aD&8`r!++(zN6d
z_C9gL?2=22|Cby5RRZ$!1^s;y4X&AimV+Gc!i$;6kxP+BJLja0qDj)|Q65qR5ls)&
zxu@o$Wvl524{rzRGf>3*>q}~7|D93FT~+utP{;oBZ2n4}<GJDwF|8>by&#xSI!@Zj
zMB4Yq(d}PA4JMiWy@;>gZLMn5poEHlXO|#)+8;cEJL2rl^NCUm%Ut|wGKVy|{L?<6
z(9zE~e^%e=+yzk=OYIjOY3)XZrSFWpr%r{`;8zQksW&B4vWCg<k8mgNYoku%$eyIl
z@{)Py#qv}=JX{%m=Kl;*W&nH+%;%lbGjVuY{yl0C9+@Iv<`cCUJZMnq{xU<;J2Bt@
zRwdT1GESPapravDKJDeyWN)b>I{61BpAcyv1S9g@F0;2sEC{?&eIsCn{{B0OO(EdE
z0VfpQmBgxyj2;-&G!nr>g@g$mB{zzn_qv?{nuXoz(bDUCzMjoOsiG8GhA|5Wer-@B
zQ(=`IlZdA$*PR~TEveh`RxG85*|K&b>z|~8&B4bsft(aySw=AQp|F62@e`{wyEjX*
za{BRQWz@plK3PYc%yWqted<8fb(a;d&;O7ao$=!ao_%l3<`88jZM2@o3C|b@{H*Zq
z>IR}XK$Zv^<ANFvZ^wABe^Ycn>#K+JC*R6NcoUFrN;(c%1_w(bU(}NC?p}}9Md_q4
zh5$#MBFqg=KJ-}K?3&3a;TFdsG=hRwiu}GHKh8w^?$Qo)$|E@_%_cik=r<(oQ2CN4
zfd?8ebD05j3MmA}ne`>wA5d27?|K7C@E{!l@OkEp^2cYW>Jvx)dlV$0hf}t^n!)ku
zewhNA)^)NlYCmukxMmqCdK9&Wo`~!iaG(xMhAe(HLDiKOf}#VEx<}2+D+D4-b7%`D
zUwjG_p^X}_J7{Tl&JXlj0p<QU)y(n}!XtUd#~^3{ZmEbI*JrR`3YNaxggxV*%#hva
zt0Iz1IFTN>(Qx>e2cH48m(b_7YIk>o>8|(k&-yTNpV*W!5ka^^lWJp++x}$56%oAX
zau?(<9NgmCzanCcgGDAlL>yR|zy{H+8jtNRM%)dEh;z_Bc@{3?pOfoD3yXJvcve=o
zk)%%mGGbzqcsS%o+5z(`OqbrE{e~SeASLm506aHsu#95}>-6Wpl4p!0|BsA#UO$<L
ztOKo(mI=#=xRFV+H3<B%lwzs~kP*{KjToda-MLT4fk4-lw;S7+9z`qb!{DUHqol)U
z_O8nblf{(;6uZG0`k-NVs}XyrmI!q996sres)$6+KxRrM!=6PNtFnByA+igGJdsmk
zfMM?f*_Ek5^1UxVuE_EIrl_&l|BIfhms+)I<$JWi_lz$NT(`SgD9^J2W#Kfg7vM=T
z3*ZpSg8J0l6sP2bzD<9xRI=M#K2<&Sj_XQUEZkhoQeG>^z%2EeI{L}96<72G{gsYm
zzfEA3&VGtppZ)d>5njHj&i`8nbg4L({0??16Fe#%N5weDuZY-r2X&5%SV=B7ttj0U
zZ|q|hwU<2@QCYMZQr1*u^xk@|tycK)lPR{W(-J=&z@EF-aOb(s=K}2cywBhE+~jWU
zj?o!l&pn+&P4HNhad>wD_WWy7-V!(oz@8t(HOgPq?dBug^NDc=m0NrSMf1Kc6OF_u
zSuJK3P*<aXD3Xcq#D<o^y@gP^PGl8P^WRxH+w21CjdFe!h8Mo2d{Z}_i(s@_HVS9v
zr$bI$%3LZ-3pd46ivtbK=}Nb7P_1&rcd_f0oXx(K9;nk%H)Dvj23;&o{GAN50+L}5
zkP0L)*1hBSGnGuiM_&m|8%5eAN6c%6iJUc%tK$#u&0r=7c9=#ZvwKEt#4Jy9wFR+b
zYFivwj_JMUP~24TS>CYj7wZCAc%6=1&=lo2+OyP$=F|AwL2?>9SaZ^?86#%U$ISW{
zm30cTA!=>AiX(t%*i58q#meB5|8`b4Oum)8FL6^5Dh<t-FtSpUIyxO3HTvsQF7$zI
z>MuHo7SKJIVL1?$Z4+{Z+x5o&_{s|BBs`t%Ia01-p|mXi4XHHboOeqQLl7)ZdR)8U
zj6XR7jkbV85ALzyxQSb=9;X2D@cNzGe~E@S_45ze0nzXhAQ}z@M8h@yENr&_j)rTG
zenrFTfN0p7Op=QhSx#|8Vep^PunY08XxPW0RR32r9E%&#EQ>s+wFiiXBbouxFz`?Y
zjN7TzJi!4`+7O?#`613uZ$}d(?N{wa06n(?(DO6Z@ml~rj}=kmFlr{K%(!FS{TNpt
ztzy5J>AI^=VYdiln^b9JFed0lmvMoyTZM|^h+0S|m)Pb)lGpAeT4+zc<i|ZjTsd;*
zgrX1ZkctN@FhUx=&!M1M(^}7*t)eyWSodTpjgNsqxal?`5<&@hUNhC|KGdHZR|ShG
zxmwquoefK=n$RC(rXEa~L5mPpAOE7~LzBPhd2|SXo-2gS2{~5a)h;ADt22AJwlIvp
z^lU~NY5k_>u4~C;gz7TmMq(|QN&q>k<P>eNKN+q$4+FL>T2yAF#>aPam+>lICBdM>
zWx(figpaV6ABwjq0l$!m7#~85piK|xxC^O(2RJT%0&Z2%Lc#Wa_IWIXgSDQr-H|Yt
zmnYh}wP4y$!%jnF;1`hV^ua_w#?~l5^hK&Hd*`F1fIO7^33~(L^>Gb}&pGpxmJtTw
zlg6+=?^lyt5H(m#TPs3U$#cRPtJW6>SBLFZvaUFzd|WA@Z;l#ci_eJJF)0S@S10C8
zQHU}yN`36{pY@l&vGx`Vk<3h0?Hw!~7_SDv`Z^00)wRuD=5{B28J3GH&eaNoy^y^W
z1q95cN|H*DctRlxl{LM^p8jXhn6xO|2k2;mAt?xXD>OTZ!r|@k``^j&IjT3o-WB%t
z*fYXD;SFmEYsyA`7so*<vTmzc1#g$=EPFgIgVi}5mp}2dR{Y|r>wJ2`qpO=Vpww3K
z)^n~&!R>0i++F+<KPc6jYJHKNB;c;iHGgB~-;g~!fdt9r)ppcz8CudPs@;`QTt4>o
zvXVwR<14s|G)yrV8$h0)?YGpW%4o|L+u2z8(x8g`mgk{t{hnvCMY0wn&SYb_dn%=t
zb|{9u1F~{m*jAc9+tF#ZcyZ6mT&~o1G94gMB6iitP&xgNb-7(rZ}F$O_U8Z#gSx7A
z;y<lL=?&o@28rDDHK!A-S7!+22w=0~94=XEq*pjTp!_AzCx6NF0(d}5J#_T5Y@%lV
zDHdUw=!AX~X283HkAkv&Y#V03Z}Dy+82Wq!ULtl6u?;}U7!0g21UY;i99EF^b7+#6
z_j|<o%t~u=l_uX<Y?k=C+`~}P1-^iA`Ri(zdugt3`e-}(U2jVTO4kl2$9MarGMWWP
zFwl)tq~L{fhI4kVt^vMRiAAyC6CU#5f5T^X;AYMa<X$VnLe6D&7OYOq^G@2VIk2|p
zNwIv;o0I(!b(d<{BMd_zt?8=dgu#+D#D=~c@(t-=Rgic=W+(w8Dx8PnG>dVKb(Voq
zmh_gfwXZm2q#&zPws^#kV^@j~)K}VX;{+6Y?F(Y$R9iECw%pky@8`+-NV_pJ9jD8p
ziQWz!F*+EmuKJ%oZ$GbauD&1G|M)r70ZH4Z&e6n-uIk3bg^{H9fHtK0DwO}D6`{TF
zn6I>Ccvq;sY?4MM*@hwywQcoy^*27hN?pPP;PWVa06xba`-9Kv2&TSv3#wF96AKYX
zAsPaGzP+N!%uIzJ!(t}vGwtsAh0oO-OyQ=#NE}<)@qf<`apRgECR}2%uF9aeG8m3L
z$4dW$&%Xii`N1E29&?A8?e4l19|;3Q$H^W|69h|u;Q5Q5fBQ|(KVCE}i4kJ#!&AN|
zeYA9H*W3&1Ir*kS2zK4T<XQ00P+X&p^UQXfGWwKXADy^}T4@)t%G!PoxF$NI&f6^I
zEL&#6zFS$>m=~jfYeq<D-u&RANORf35Fx<dT=lZMtIE63*NboNFN?;4rtR*1@UkAv
zyqnzGB1>L6qt{Y09HCq`1g$?v{b<}+DXF$|GmdzWI@w<J<EMnRTWl(y<QM^Ip`7Yn
z(sv^ZO+q+q=wM%pySTuVhi^&>fDcGGUwH#(`a8-N^J>0enYx52KwcJ$8n9q~@bO6-
z#Vf%$%x+Sy&h&vNJkV!)GP0%6`T6bXBP`UxSrfVxU0w>UXp8IiJkzI@h@oZ}y(V~_
zI_`lXI1P5Z`;XOne4tLAc<x3!*q=wkSYcW2btZe;AMML8P313*VyXEn%;g()h?1A+
zAy%l~Jlbj{Abx5ZS|w>pI$Q{U*-_*z?@P`djCK-!zH=dIUStwFFz3Qyefv55xE~qY
z$ihtVj3+*VLH#B1T$62T)XHR=@&uwssFq@Y9u}Drn*gadd9HFPIBib)#q%Vc<0OOK
z-ELWOE88ZwFihkC4oKU?p%<!-B84Q;%<PABph-wql@Z6V!D_02?p#>lpr+*vUykkC
zB5y09Ur!J60)d-7JwG1Z$U^^&A->x<yu8L#qja!1nl+5+hz78d7*#H9-#H-6Zp5ZB
z;0atxZLonx3LDS`_5TxSFULT300Qmn?vNrMs(IGRW0$M4U9pr}?@V^*yhUYpjL@|2
z#O9mNzEC}j#?wfj%x^7ZT@Sukd=}mh_$CjW2#nz)F*%u%POwmhxu#p96@%tP{lRiT
z5s1OBTd%TKrrHR-H=*1Ap8FE{wx)#r9G{{uPrL$po(ms#y0<d-crL{H5Rho2RJidv
zbV6(LW*))8P{}5}kc~5!Zj(yhmQ(h4(*~8iofVA+_}~ii1t$<?3>VTAsw=~)gnIdi
z8Sudo4+hr+mcGLdk|kuVT_dhD;Qc5ZbM4IlLKy+KrE`UTnrNEVX^IoE6<E1U&D?=z
z02u}=kkjM)0ETgVTs^2JFmeBAh(3Vlxd0Cvwa)CrS#Kw(y%_D5n?OEtUqcBV;BIr3
zd<PMUb0vNyo6oXSL>dtW9fFch6NG`T)=(A>yZlL%@vxU3DRF=TSr*El{jiP5Ek^h_
z4k02Y*InHd+(9ydNMHLZZ)v%@QcfDtB(v<hpcM&eh^Rvua(x~pj)}ay>kOY+(OPVJ
z6LaiGA)_-mApJ};Rx=5i*)!2~xsQ?SxFJ6+uo+BLoFKW)m6<IN2j;@~Rs!pub5B8B
zS(5n4b5<_uab?LTq_a(xhE$fvutPXf5K>3iE1m;BYyg}&<Wz8T(>XA0JkJ%6hm9ve
zJ3=R9C?_%^Vz>=-nLi?!yR_>digFTy9ex8x-XfYL-H+WqG|6AqTuatQWh{~ZRJIah
zno_CHiyR|T^N%$@0a)|PKh}Jp9$?MIfL^&u+BexyFurne#LOU?__r8QTaUx4q01Wq
zthxL0FKe#R%)S{^`C|K!o~;O_Y3eOy^_MiiLH2e8NOR`f-_o29AkB?8!@s4bjOzT7
z=EF<j>Q@!r>=-#z8!jN>MiK6e0BIftkmi9QiB{MWpX@;R5SyfBAt<O^+oh3aTC{eI
z9MU{8U4E|eUshDFHz&59;QHY*J!#g|ofHkb`qkAjSUnxFCgv?cIN;L_?0)4i;?daA
zmpFfzSiWoPucI$A(W$@8O^@1`7-%XY5n*x4w@(72(J~rkO}vlylCY5eK-stKb>vHU
z69Qo(uTsk?9ndz}S3C(4NyADQ%4==)?z)diciL&sPH3~oJ`WMB@VybC;WD^~(1>}L
z3*AMUb3^G_hd#WIGHjPL!8=tiHKjwU_Uy}#VseJtd|a|7)w4<z9qN{9zitHR(8{Pn
z@%|khiinBP%@!^1lQRBFtTk<G1)f5Qa$bov$!{{d@gNCXSw@(RQB+!NX!kbqW_=Se
zW2{7ccGlnp=88vZvV06x3@&BJRokvTNg(1ZQ*RCPgaGhsQf<cy#<A;sJ~AXNJ?GJ>
z-Qc8F*E(P!Xbwf6?@=0`q|x-zp{#?mpoIkqh>*f)=Q@imd=^Yl&vd+piysvFR6gKu
zWKMRAs7clWs*Cpvnd`>MEqC{bvqNf1*sWw{%zXE}BWh{d{e{ePwChUP(o}WW)#4t_
zBGVfL1s?#&Tp57OC*2co;Nt%v^K$?)Px>#&eEvU>xlWv@JdBQnDxa)?a6Q6+Y97C`
zK_FQ>Zq|xpHQLew6H0ld<k!+HrZr&SP5?4b!opjv{@%4#eezL2)AuL6i(QXH<lD}q
zybim{DJV^5a|-~Of2k74^Z$j+sbGE~b2~0o2>>#G)+@b>JRx=5AgjhVwge#a5j=(m
zI5v*&Enl_2OMoJ5GE^955}QO$zl^5_a*JUt<wQrm;#dr+M#u7ULHGhu17qgZQOy?<
zbywcMh?sqGbOWk8g2Q&?b1KrQ<><i*^rgNeC^B2JWk}uZRXST;WY;v<iO@qi6`=o7
z4Mw&&@YY)@bqHKd+=7_8i6mwzeqS{E;md=4oJ^IRb?~T7?A&YbCC1+V!?#H~&c)Vc
z05ZpM){>-8ACHU#AoCpnGRLq{QLPXWs?CZBZ=@z|isrL6kvYH$lKA=?nac{-R$#I1
zBtKT^TD_M2M&|uqRW~1Fu-E<|bLQNKmoMJS0A!9O{x4*n_wvr8J;n2|uh(;MV_%bx
z^BrqCN43B1FsoPj=nC9Jq;;WosrkW-Up;kV&v4+(MI7F(!TgJx$?@Q-<);~FH4ZP1
zZU{oR<9+gD+}dYP%#J0x_biYs2A`P+lCfllL6gGpJd*V2UJu&Uf~PRzH|8gI9ErhH
zjqZEl7YOfFT)w^@O)0Nn($vr~q~Y)|Y)W!)jaba$44;&5p@1c4!8)gC#<owG{J}RQ
z`V$s;vFEvz`jb*{F85#d#%}EHa@=Oq-$a`}LP5;@3C+HeY3PA&G@`_BPp${<<f?_&
zd;0j|SeQti-e6bmGHN3q4&fli`OMae=3Q>hEtF!U$%o`5H3{M6U_?r}fB)`S&poZg
z%Cl3{0lkq-U;Ip_3Lg7}l24ZK4c>H}dY=g0*;T%8%p`|-C_~obsQ9HOU;d!uVmx~w
z<)Y1o0OCg5)D*EQ_~Ipq+!bfa0+;VVbv9OL33L^XH?4<c-lPKD8QB1HLk-;B&$6Xl
zun<Gt1WXUzvKh8CO;M+q<hr)SW?f(6=huQWQPcjX3&iw+7{8B`kpa{{1hfiecDu)>
zpQ$p*op7?vHpAQ5vz83JZ5h5lFM(`nF<c_je)~a=*b1X=I8;bnWN$K03e6Ojvxgjq
z{khW$;{5AqtOklfNR53Nxoyb;+C9)SO;)8Kx0o=v1#s~$|2n#)!CM;H_M>Mk(F9T?
zdNP@(u+i%n(TLzwPK*`MDu*Kxw~aHJ9I&HduD4w)k#o>MXIt=<P_7HYP_~J%FhA`d
zVXhS@XH<Dx4WtgQrZUPc@em1A3?GkuvBtQvi4Ld^IYaI2%=UR8l<8_15vkILh@CgD
z1<1}6B5}!o(URRa>Xt3#`ZESUp%nO-bW@l&NZrv=vD5}!BpXxZ{scY+eMrb#NjG6n
zx#i#phv6xM;o5MK*19kK&3pPXIq%?fbn1oFmz^82K5~IdfAJFmjNr-)tA3Qm?!o)Z
zj|9MhV*ez+%b(e8@86zwT5$a);1`*KaF0#(yZ4i2v*-2!Zz=U?KHn0Km`{AF#|?my
zy~`RQZ#u*(rbrA`YQ?6>AQU!Pm`6&!!A;*9`N@1~!*a#)9B7Uczp`v_)GdhQOhU}6
z+KUQ|A)KNLN7yK~hJ|Aee9V-PNI`He)&2&n+-?Ah*F2j$O_U5Wiw)`Bc<Nm{sbjh$
zJjOuOrh<bkIwBOB)8m&zJ+S{~S0E1^hbs~6Q)DmSx5KP0%(*mZrq<Qe-Y8l9#iwin
zuE-!~HSdg)^z{CP=rIno&^)5@B30`(GqM|C%hUhZ@>;lh7yE+`WldDQIT}epW~g7c
zh?CQC^wI-WDbe=(R`~;|g-H<Lo#^-N!rCf%S9Q_cR7O5<uVtUfzdrYR(sAlBsqo6$
z9YXr*q*L1%Ii7&+NQj=9pROC|HtnH1S7d5eG!>fN2X;3JM%&16L|2Wk8xRzIoVC*~
zT)mjJU7WZ*O{edjJU83FV<#-zH(zNOKQN=%cDsafk#Dz4a9WccegW0h<*wRBjB#0?
ze%LMAHSr|%_92Oz&?4Ucb!@>+k%6_t{>}$*Y~e5+^MMCgL|WaN7oL1oxW5`!`uNot
zZ8Fn?pvw`v^r!gd6W0aFS3O?;eg9;h8Diew1r{;U^L`l;KMg<7=a5a)1VaJ?lXzUS
zkxC3$fm|Ff6gfa$5Maw6f7^12s3PMSEcrjSymzw{MCDI;1x3k)QZR|*FuHMnB@hHl
zEQ#FYttsu7Er0oC%UNK34bT2{M1krbM-(s<?EtnM&|S&hlEpY-3Z{l&Ba!)I%Z;o7
zwtNDhp0fY4<pck)<yQY`%cDjCwtV%MEr%@o+m^TfS6d!^_zzo7rU9_!D4YOW9`d&>
z7aml#+WKwFb^h4$#6PzD5n#(T%X41;i!F!l`*$5BxK8~)Z8`UETdw|JZF$h&wtVxC
zEkETU?fSoMxpd+`Y`Kf*|Fq>O0^;ARx{?0FmW%v%TOJOu<y`;UmTMp8T>Y`-v;VN=
zJOEpcr}*2Ji~j$$<)AbF&6a=vZ??RW;*TwNF9!7Z|7pwX6!p9BZWx)=N^;C0Zf-kD
z<)*9Xg|gY8b-B*<tdTiU%$KT#rm@t%<r7J#q=V{#QZ#E?1mH6s<#q}>P&L(M1;lvy
z6aU<j!HfUe?cEFvsnG$X|5<1W`a3LlKrk(BWKrP*jQftJE!aL;(L~a1>MiJ1y=@+=
zAjQ1#&_)3869GNi*TX~zkpwiUMpGkc+5E(TrprdxJTPCP#@G3qq0oMSo%qP_?yMGB
zg|$Kpy+D2KY==8w7=hQ<g`SmGj53{9=RllLj>Ld!#0-~VgojzUs+N1@Vn=3qVoPVR
zN-i)wAn~g%a8tR3b{_&4EPWOXnk0J^&FK4#@g1o;-pcXUY`yyB@7a25D4wi9Z_X0L
zVCxhI0&I+s&MemYA*<Y$RPn#t0<Ma)P0fSgW=3!_OkK-<%*+A=6K?I5wL#$}>7T0s
zmd8C-!dOPln;1XEuvxm^!>I=D$WA4fv%uiS&nmz*Cnl)t<#$^^KEaP;bLDlAqtl*8
zjT`>2wtz~_NN}z-6I?!*tnUf5Tk{2AcOVrR2QM{aPg@$H#H2ElGmS%Y5p%g~^2G@o
zBEtWjw8#^MRD*a2)Ggk1a`CkHXyoY|JRG@e=YL(Sw_E(ZSPuvD<KI<*h>R$wM@v2J
zr~%<BT_X!zLvvgn)lVh^ySfzZQbH}<InGTO19Koz;{w&h(LG|E!AfBfMx6*4Ii?nY
z!m5P?aAJ$=u??)MQFdN3at02cB%s><Lgzhl$Yt<F)vTARiW4B<{@6Gwo=t7{D~_0N
zr&?~t7}My}UGti?8=7G%bhW6y%{`fUHB&vusm3ku@nou-`7nOkCAF-GW1DJCk8|5+
z#dmg-X`&f+b#e9vwBMNvbiyGVZ0Gd2MIQyzhxw=npeDF$%L-$eMoG6awprSsN<N;4
z1)$4&d8KO3m}zAh<#q~zUN=f#4&bDFtc@hy{#@by*6_}>jiRyb4fN2bH|o{){&MH`
zj``6s^ss|3LRmIIb_i#+G?xwZ>G=@F?E6r?MF8G|LmF5r(HdZ^KA$5=osZXYRVTEm
z3c>gHSiQI4QOo~#tln4pU&cHLV9ePX{}^-dl>ZlFUR?EWV}4%gM3rY{aK83Gj5&A0
ze>LV24gYD(%l=`^fuDhF{}^)!qGP>Z#@z9@F(3M;F@GBU+n8tlHs;R=74#r70sogV
z&-rD{OK`<d0mi(DXmaz9F;@f){bkI<q5#I+4C%n>hIrl+s&cr0uzILVy!hAwQG~Nm
z18G()>5cbGhx2rY^26c4kK<g*A>9E^)%ekpb`cVX{@x7hQ(qfPG0?v3{Nn!nmA{O+
z6P;?c4txV>Y~Sye!1~`Ufp`okxi||k#tLs&iOsVR28%R-4kRbSHKrbF*_=7jhbd~=
zK$OY@TS)H@YxWXCj52Bi$%b4pwT5HN&}1aKB@W1Oj5~?wmr$A_BnVExn6%$6|02#V
ziA)pmNuqgFwj5Ee7=3NWu_pXqwRmrn-#i(w4nL3A$KCrPfhRt~odbjaXG;L~S4&_)
z7cx<KqSnCnUBvO)Pp7uGkd@{jV741YTx%!$YlzA=f~+`+UG`+f|7Zymi|xQy*-9^+
zOd5uS^L9u<{cZ`UBHnq^8wge?8_G$L`CWCkuMzR*CD7KS5aPYKA&X`q>Ue)G_C8Kz
zNDaySRT4N#ER)3({8bX5|6LN84&)nw`l}>B{cL#d;-$8O5c)yQD?w4*=_~gwYgCPU
z&`I=&wwp`9oD)k`Cvvq9Hi6zSze;1T3~%VNXrMu92X99Y6%ndr5O_NbXxO(@CMH%T
z-*x$RuHH`dlTapLL$ql4xiMTE$*nwk&P@Hz^iuM05KVX9?!s8*A3r$XZ=0g;_lD`E
zLzI0LBL+XeTQ~1vCHr&h2Xx|-niRqn?J9Sf6qc&{&3uRk?mk?X3%Cm=0>PUS9})mG
zVs{Mu14k_4O#yK~^6Bv@<liL$?*A+aPzNWApm%|!g{&2tqC-=x8V*bifdp(uVk%?<
zrZz?D2=+&T>mEHsp8+KSg2f5rCvJJtpjIR3pQ!Uc9mRF)fHZy?`b?3gc(H}TP>lak
z5@;%x{OW@b^Oc}t`*r(_qVIKMsjZFSaO+)7)Pd+^Q_GX7NET2MxQzb0B=GZdJ9qte
zIW%RLsD>!OEo-{TN)vwHV^AH6XV`#JQkJs_;Q)g?D<LYV>sbh%O}TcIPf=drSK0>d
zVyqeW9J9irnImF9>hV+nkX#BneJ%nMSQJ~zE59^;CQqyr@9FJvn5V}CJJ<F;+}eG|
zV1zt7@2(Dv>Zp*?EWD?mv9BMGRIexKWj;Zx{Si@8M)@jbzws5{r9d#~CpE*RB0!QS
zrUZo+6?`%WEoO92P?RF2{`Wq;Cc$q>9>kw=H9u{9!{$ml27WKbREFKp7TeSld|On4
z37%mP*g~fHxpPe4RehRYw}eJP<qglmjc1;9vBIfs-I~#^<yS4S$W6c$ZK-57Ym)kQ
zzGRPlZ#nL9=D{$1J-ASy1B~q^4B|cNmnBcLc8L7Tl7IPS$;AMc{5~3B$tM*kVgGH(
z7k*pvg;4^dXu#lgl2i@63c!+&|F-0yJ1TR)#Bnmj$wdjSnL~i0fUrFncG;u}Qp!~2
z<nFrFzls9c{4{`~fL0B6hO6nXqJZhYiUPY=Yj=tt0Y!lo`_OCLYgwH3EkIGgEQw?u
zyp9=A6o_byKC3Iwk2>9gOdB5N1ljFVxgkmQBzG5bVyl)exAZ8RpsqJ^rL{18A~?#3
zW2{lqLkjyLMXU<xl689aDq}dosX;SO<YIW>Aa+(!QXdMNJiJ?vqUJe4Rh}Lu>8F&$
zYWV(ptX{3j0jyRIX@gbul8(m+G8s&Iv%-@3-GOOHS)4w_+EX4dR&Os37^`>Xl-Z^O
zkqd&D^5y06Si(OF?{q|iT1vfPn<1g3@R#76oJ}fOsEfB3`p6m>zZ)E1S_dY}Cc>kn
z$kqmE0Nl2%v}l9*=ayJvE8z85_DX-fQU~C0Cj`_J+ar2V3Gu(i=l9YNFSKgUpOZQc
zMp^J>%V?Oynf)6&>|Q#%*s;z?rdpx#p5?wTHwWgsnE>#2dh?#y$ROih<)N>0m$pm^
zayk6@ex7c{SmHsXxaV62)l{Vi7L^A(BP?6ifO$!sje8D`63`yzg$b>`pyCMPg(_!5
z*tpJL_B-yLIWcOLVA6(a$ZnW=RuLYWAwk~7+?pRg<I|E#skB!`ZoQ4dxQnFQ#%FiD
zf!K&V5W5VbY`#ZtBDt-i5i2bD#FA9XgbcPNo^oBzq=P_;@|gWZ$L;<RyKD^gHh#2A
z;>ZLczDkt&)6Yk3CBS333Z{bCF`Q*9a!p%51*}A6_u~fN^}t8q!OtkrTHgHyUOyv0
zQ!~(YG#{~i=}3k%M~(+M6{?G+Xuy@f4z1tsYssoYkKps|e7SN)vW$~3WAF6f-~@f+
z?)NeVOu;Fnbaml&pKGB=92mf$4t`*{95^s}q<aCb_J4e|y4q`#e9=&wtXS!;q#)!c
zWa#oK@Odh=D)kIByP4y#vz{bXrDVe=gjuznAhiy)${9*#w$w{+`2eSxELWm41mc!v
zM_aqG9Iu0J+?o?8Fa-NE5E%*b;mR3K1$2Atz0_f7ez?aAO}KxI{K+A*uBqA%vfB2z
zT1UvVEG%knGzL-~wqxtuB!FH**a&c2=?w=`oo4)ky=KJ|;&X?Tx~-dAmy>NLtp9Y8
zhutI1Sh)D<sweM{)dOM;iEp``eM1RVvbE+1U>gw5AMs(wM@PU4M^qgT<)g#7axFhp
zcMiKaOAG?84YdV-2qRp$RHKOFmDN42tGKP%!9dKbtC!+W&;Oil_d;pR<|@?5y;m%|
za5uB7)W6C^5JNKR79)X77()_~|9Lj1H9X-n8#fTYI?p5uhLbeJ^@n%TyvYu5lL3|w
zup*<|mxqe!<G~O>MrY30I29~D<*J#$GzdW!1W``rz^zJ@#cNZj6Qz`vx4Ij?TvoSy
z9UqZn=>nG^e*{g=g(Zj@&At4{^cnaBj-Qk(O9K+bZ6_KzHMeiIS_)0zYYt1%mM4Nj
zmGuQBJUBIl3_^&Z_WEIU*Jxmkze2MhnKOOMqX0i#B_f>_?W|RSNPB9OSETQCg+gy?
z6fY?s?EbYRO2b`!FnEh#YJ}3TB$(M?YFFi)v`@ri5YPUyA!^A(7XsJzrDS~Oa#t#?
zSH;c#*M*N53NxHW+2WO@A*nQN1?T%+<|L~oPI?v3lwvY}bL$b5K7t3QG=B`DOAlS~
z$@c7B=4u8-T>h-5v95l=@5v>jZ6UkNT%YY`OBS54Yc>!IO5_dFW>insz4-60=(@Qs
zDVaX0=01%iK7ZsitQ;!~dBCrT*q?P%DuDsX@^){G?R~JLh>6E2!R2l*KT0v5_5zN9
z96LMcVICFj?ZpZUxj?$K`)Z$u+sMBn=0I<(IJRp_kX<~f6xCD->HJ9{GG7g+nc(a)
zR@c`amn3q)r%eI!2Rl3nXo6m>r9b=R!|P*57}$OPk85&9UiX0QgvK66Oze+x-yaH~
z@v@h@FFlOwgkboyQfUuZ-`M13wJmm>T&y?d3pI{I&2Af0eYNpwiT$)W_SEl+{K^4;
z6vF15u)PiD@!(kvT#8&N?j0+@#U^jNKjRQgK`q@Y`V058)jJ!zJ1JjuW+AID#j}%a
zYh@0z2dC`(IIPVs==t%^^SE~~f+XV#+9<bEKT@v7+LK_zA(!IYY9Uq`JxM+k204_F
z??Ap~ETuJQg)iSVk0NQcSVDlNUH@FTsHdQZ$-Vuxn>{;l7$_}g0?LH1uXgiF|JFmI
zZel1tOw~6Xio}1FK!^^|yl~#{+wt6=yPvVYroz8gFRmNIZ3zj+1ASliI_FM#eQ&<6
z+_2k~%-g!pd_}ap{n@xdqovRl?^cA*bM)XwkhOf&>Alv%pD4PLsaO!2_;c~b)bF{n
zHyBJR7L07P3GbsjHwH9XfUsJwq8jCJ48a{+Va*F#{P0!1*AcA%cD%M<!%TtyqK+R1
z*FBv8PX07@pftDT#Cou!#c5q~cHZ~8q9xb@$2lzXGK-PoJLKc`CfjR#4!5qmbtZy?
z0%mMy)DxlEG&~;yGEC*?-MQ`VHF;EvS&l$R|ED<@h_mUJo68$4ha<NDVh;4`Sq=mp
z9fOPyW9;a~R`W4uX?~Bu3u6$oe5fK1M^hD*7aAK?!>Sj>HJ0Ju2flEx8QSfjpG-$6
zB3ng-1TwYss@c=zPtW6IXxPz;us79;*Jde!U(sUib2S)eR3Fa6MP6pfGw~gZgusQl
z(uU<7DHJeX>UxCk#zd63QU-b!x(5Jd*6wDcU5n|c%!vs5<*t)Fex@y1pieiTEHMx*
zolvu63$<AFD*_gw*0z)ps^dV{(9>faqdS15J=~73(hICm-6MA@<oS%q{LTo;N)jFg
z7key%!D#B0brNSmYlkw}6wQR@2E`p{_WT1oZMs{I`5P0YL9gbA9OsXqI_gUq38x^`
zZ3s!>#WlS(pGFlWttf?Dmtxs>r~+yR<{|4EV5+%rz6iI7UDYbFyr*{KJ+87UvRK}f
zCigD@g&{%^p0G_4w0Z?)C7@Ji-p%{%P)kqBlk}-3`B>u~2BbgYrmIxf*40qB+glM=
zW?7TCRTc-r>{}zSW-p8f?yciA73S;J7SC%9GbFC*zR5xy&mK`)Bzo3hNKInS>nU2%
z6jY(lQee!I-ne|0;_bH);u8)QyxNB&eEs1k1b<5EFZ3lSG!VyjX~IU4zBY*pzTaLp
zF>ZNu^(Wqu8Y6B5KJTi4Iio;pnJavTLrpLdwMXEJAZn%q&gS<brpDPe%gxyiq(n-f
zq+`CL4LBIfV6;qVZS<_Gsp<roWG--K0SnZI{kMkUO;&G%)fwR0Zyq$1-*Y@_I}VTU
za%=f02`=gmwteGOysXGV<$Km@nbN+aM<iPz9<4}N69CQ?!bSU$7vB~ZC(H5njT#s%
zUKCVwZu7Q(x}y(<z2b(%JiV)*e5=>D@OJNVojy5x-x|}_n@1xFP)qk>AtYKCQrO@z
zpdRGP2tK=O<?!zc^e;dGR;guv_P$=(a&WsZKq00H<Fj?U%lHaP;^m>W3%al&dop|%
z6uB8RmUY&vF}csB(K#*bHLPXY*S>Df)qG!`7!A%o*qUJsk3v-kT9WpjitPrx(G@j-
zmCMO8umZi1Q0{ynZ?ws~ogY}iCTJs5tVsnmK_9y!iZEw+8l$|X09kcJU9vYoyf;yr
z97BXIg#C*7*>ggqcphBEgoJG{DFQ=p9lX0rFkR0`bqjrt`XiUoo@RdE`<7oaMoHl_
zbQi9kPul4R-+9)_(5!{A{cUX|t}H4&YgO?dNhFU-SG7CBOmkGUxvHKR9FIR>w@Tz6
z4LhKc1|d&CQXUW&JKMAM#1QLXf4J6&UyFGbCFh}iD0``e)QvSzl~wT@LCSqJBYPU7
zf966|FxFnL0LA(_qx%JZilr`oqL^X$7_oFrbsr_ZQxJXq;w0P)ndfdU8@ugBad9@A
zH5}))zVM0LRH!%9*H{+*DMH(cgWtcy<xR}i##T;>XD<=qJZTc5e!8iy+gzESN6S_q
zt>;OLRMT(>>kO6ZHIuS_OnQJ#uAt|!!N%)_F|aslmt%#O5J){w;FUFsT(t)o=rdTX
zq@yVVr1XzO@*wQf#_>3=V>UN;ZJsZi`WDqjaG}p%f{n_zP7$?VU)2d@6Kx3y1|>WW
z_E{PElBhIPtI-+MSc{!t<gei}&l(xA;L|<?n_`Hx(<M6alcjanrC1aMO@wOq7Gjt4
zW79>C6e}A%jiRI^+_QI;uHZ?h?ZX|~2&~mc0Y%DtxsD_RbV4}m>s=N2l*wepPs`-&
zOPYsyOB>ZvPf)#4OUW*fDa56l>0c!#kuu;Lx{k~VdtIP>K~o>Zu%U7PN?%{A%Tz`b
zlsdvMj|yF+_&H!<i&fQ>P$j)xYXe?HEL0@9RqIe{gCl9E*+v#_K)ex8ZhhBIrMx&?
z_pvogw05}WvngR)_47|Jh4AE$DO0xvg<_$Ncxpe_3Dqo%y$J=9o`2qH_+{%cH*;2V
zPj@X7p^Jy#uM{@*pdF|lSDw|E|9<joSm<ohZNHJ<uQ2t&^}HCDw@pnFsgz>7xo@x?
z>LGYLd0nwqSDECahb$ZAUu3lcj>?aJlyvMvGgn7W(M0c<m^55!xWwIa<oN21tL>V*
zVbV1%FIzb-=FUOh<r8_0G~2N&4=rAT8gQ*JH`X=oh|aNXl!K`E@^MwZ1Mxg*S1TCT
zOOd2>#J8fVul)D33to0|(HVGhvBSfy<UVq8G0zV;R`=lQ5pIw14S_*PLt$hyCCOIa
zD5w?0Tx*b@`P==;1p-OxXPnu@yToH|UZ#eZlM8-dAMbG%h-uiuU|uza2l@73EStEW
z0W->H{gK;Rjr3+;yFcsTCAXi!LiuWM+@qh^C({u}ypKP3Qil3=UK<6&4SL|!mZ&hp
zpI48TXgpAt<8>)E?1^soPK2~tLvvX0iGEh|5!{-l({6Q_aIK%tX%{YUrKJ-2^!W~r
zC$a!-%6(Bag^a2(V8~r7{<x7lLgU~Vi}hJwiCumZ-<ixFxuuuxe&Or30eJFe`2@>U
z>p;c1g)B#xaE6Zg{{3-ln%dU^9md+RJjhFe6IYhVgUHzl>uv^a59iCX(*?8;f_*ul
zS0pe*Rynm`8pZi)2qOfxkQoV(Z^ycj<(yy{ayw)Pjia4|qTVFzO`W476%E~3eZ)1%
z{sT`ZLxQ4j8DBZe;&E@Z4uPuu@`_oJ6J}-E8HV;d;Z}%eA9dLTC0E#YR$B&>hP#Bj
z#`4h!F+Zo64M1=Q!xvoQ>~K4;A|ofdkX0_{TfA{JomuQG)Yshnz$9(5UR<eYmdU)+
zSnq*(xv%FMz+Rji)TsSrP9IS#ikuZLK9+mvC;yaV&8376pNyJdQX9?_P)8|4x1#h(
zu}9yOPD(%Y0pmK0R25koQ<a`1yt{<aNfN?opL(iczV=%Sk~j#=&2X>BS^11WD8k0Z
z9&)5UO+&%tM6A#@sWMu-tdsEj@C+rD<Z0II?2wqfO92~9&k$rk9Cr%RDQnMUQf$Z*
z5eYMFpx!qLsACOaDonbanRv5H3M8~B##@~aM)6UiXCi#bqnczp3ZXS|gq6lxvs6AX
zdv9nl_6UlXmO%r>j>6J+w7hKH$&^Aa%gTOeR*Z2yd^$Wjbo`~(iZ3(ij&dI9F1bmY
z%DgSFV-Bh;b_E{HI^*`0NFyiltq|cV&vtRJv>4>peA-pS+cvWH^lE$Ke&(;4rL%dx
z^LH$6sOdZ(%C;`_Fe%N9my%GRu}fQzeW!zt)G*f$F&CkeICYZDv7)FrPW?t!)Aipi
zM-;s$PD$yi;nR}k=caCO04dS*B#ezYQ>CoazQXHanQ5A7WogP@l^u>4YjPJ!BuZsY
z3*&Y^FhX`OEE@mV1keRGcS{K?R>p4UTL;Yp>Dn3EV&6v%4xf({nxN4T@RpTs548EO
zhn0j66^?pzMKeEUc1`qb)E48$2UJnLg{cjCtlhwMLwamTo@tXF5F;y<?cxzlna5#B
z+udP}CvSCff#brK*c{d>Pt_B|tRE&mhzG7Lx!M$`C4nY7yn0UJf3JXISf$rmE<qq8
znR;ZEjVBm46rsp`9R9QtIAFx=m*|PyB)^76JF!kBoNs&-)w_i!Q-2nww6xgD>@Ku8
zru{f-$lr*2X5<+|*jx8zwSPW%gQXaKK8cq>zjcJY(3o&z!K}$mEmKekn9KNB(nvyc
zt1?f0A?Q-*Rq0Wh4)bMNccNSO3*1?ng>jvQsy+&GPh_FVJU>&N%iB5#of*f?yz)_z
zvs)4}FG$BHz_2(fU0m*`&tB5lJt=5|ml{%&nqvjih5PoCeB)^dx3#2>`daZn!zSVM
zOv6>i!Uk3+(90t{!>v@EY{|*@jq3C;1WO{WM|ZxXlXvRce=;q_OI4u0{z#8nK@mvH
zOnU{S<#x_wQt#FoOOc>(Yq<BQn&3(0u@LBIo~epOwyz>*mp@uOI;QrhTJBRun@z2q
zq@JYMSXo5oleoqg0?goU73=R8?ZQcuOD!-cqenP1AI-A$gNr}mh^6oooyWYlylncN
z;^-44iZX(fKY@8uU%QWz06Dhs7VTQ`(Y;}___7w%cpZhX4G=ZYF4$+&G}HxS@^MTJ
zpAT5~T_{vCG%U(kWENI(H$*%(w%!@-?3ZX6gia81u*xajMzLTQs8a*f?GwC-19;-r
z+RDsA+ShGc*G~BR#2rmV9QFKi^g<H?Kf8L~TEeLeGE6i#<f^HX3A(Uta;X*v`Z2}U
z<We=(k-Qn(ijE#Q&Rm{<zE1hyMz!^oa<J?=IcM+I=cO1XZ^uI;ph!lmnWs&RqRJ33
zE7=kVCu!-leOZ*xU(;r_vAK%U%3B#gX@UV!@%xBlpVXOzp(pmFPSs`oEzCQ<RMRLo
z#34A4$GKN@eMn7NU75^GPf2<4p{b^zpaPqFaVJd+)t4?djScYD(GiGkbd@&`>IaF|
z8k}X;)G}AMl}}1*#P1PJN=v%uO^gX)srUOPcAw*Uk2}N({pKP4s0q$D^1N*MYWW~B
z&yO_GiTzAoB2vqKn9BB{L8KY9tdSyE48$rG53RC|G6oFj(?V|-6R+BACuwyvZl!M{
ze3$0cVm5rMk_l8^o3JW2-!+65S|Yt42l25&axi8Q*b;jb?Noa(Urx-LTiJI;y2w*d
zO3L-_O=Ufw=h<9x&_E^20TU_K7orv#&`7-lpPs5fMu*ZQAclyXvxynJJC3)0oM~_A
zPjw1w`AAAkZMEdfKi&f-Bb%)PNOpTLI?gAHrUeqEr`d=QvT0Nmli0_e^(`ED=aa+E
zzM>L7IwbS;&&(Oyg35XL=)91_6mqaFmEpPT^h?1oE$>59sYEqd3iMGnZ$p0wS<Ox{
zmTIfuYpclB4l_*8Y1LaiPGR#Zg5rNg0FMj#KE>X?&x_dgoeu_F`*|qW6&B`UogI;Z
zfx+ej<@`l%qea1-_3M(e&pk>1lDD%ocHlQ%q_^cyPYm=n2D!j^;2~Tgu7RwQum)ki
zoS*N72>Kb`Yo@@g<#XSA3>h!n<s+xFiQgW8Dv4h$f5NRkxAD|uv-0$bJ1n2E-aU&~
z*KRSn-#vW|-uU{;4xY1M$%wLE>DSLXbi+m{iRkpxUlbI$hO=ET10+bC0|j?A_MB$Z
zh=Yd*GC;<s^CQv0KH3!QV?~Wa-V8W6x~ph-oS31D=j+3BaN_;xYa-&tMgvZV{%DGR
zbHbIGKS!m!cXh&IFcAKTLR+Q2cBNafYwY5!eDzltWpTfkHF@u@lsh{I2Zt2@XSjNC
zhtI}E1pM0ufDaUY8<Unp%N$XIJ%+_ghhIWZLuZZ%S?|2tPW>!u>N!?dv;tlxkF-5q
zy~GXH#J3s>?>}`Nn65|>k1<KIoMg^wK3oy9#NwbWLWD4}+Sx=kc|BDTnDEIW9B>Oi
zd!6VT=zFE4Om+$S#0)`f+!D@x`AM9MyE;*6j>{-f*)5CBi^{f4C%8lRcov)U+34Mb
zOc#;PP%$a6U#*Hjo$)1*5~?=^CxL27a4t{wYrB|i53c`lE+NxPz-fSKum3R|zxO@(
zJ7_Dp2&(OO#F60|-vqV+^JwS$^Oq@$sQ_|%o9rZ7JGd1st3HhMOGu1>Vu)_i?l`;m
zQQVda{A~_u20<{T$~{DS_648G;*+2mVOT#{wa6|IVW@dZj`_jL0`|!Pc8b$CA$JEu
zm$ol&hRt(_jrW(;izQBmaQAJM8{0W;Hnf7P6h$$2u0KWNI}2lMgnlUd?<NvF7Ra5=
zXk)VyQl%2TEHCxW8>F65`C+HRVve9fUv8%6qSIWhIu8M3>ys~CGjoOB;Vn>VJAuFy
z8+hR|ze_ehu?<i1S!;XeBUq}NHybsq<%?H0I<VduJ=**{#jaFZT0eCQ^M)M`*7(N3
z*#y7kZ|R2V6KT}FULtA_mwj>Vj$8Jzt5?4Nc6hsML|j=5!MfWV$OF8)R(d;DK_Q}E
zdq9n>F>X|C153x%d6_yS!`6B9t|06Oux0duAn?0|%ZRV}ZuBmVA6J2n04d}Hq=Ru3
zy+E=EyGc@)J=J%})iSVjygGCR5Q37AX!eRy(9EWBwy7a76fH5XWIorfCtN3RlR8y6
z0g?B}^)cgO+g)uyD0V`M;~()fw>d;Ke;C|EXND?FHN?X<m`Hx_x8n{g2;tZLQT2ZU
zA~N00pM$^(>c;;w;J9c0)bOTX(WWB31bAPmS51C-?HQKyRqiauI5raRKi4xF#+?zC
zZ`Y%p5rwH4co-D(q33aUGY56KP2M17hX5Dphz*MH7XJRloWtjK@IFBE;iE!wTEDlj
zDf|&HAkYPcHh@w$>Jema{IJ1M5%7pYYZRZRc>PkFNg=f4Tr!J=`3J^&y|zqy_+E&+
zV3uk@fk3hcg+kMxRP02$w<=srg3lN3t3L*&9j-_qEG^&a+iZ!T?nJo<0KAT)xpnQ?
zSd@9Bi&CAAWrj96T8vhoS~mZ7?ODU<O3fl^Bu#37qjcV3e(K~j1f_XT+3ygOP~X3C
z?@kA_<<Jrl2TBPe0dZdqabmzK#g(T%OzDZ?ePINo(-h^cL{kU(P1%Uumz0Eb+Y0z1
z(caDy$f7)1CcvniEE6(zwY@OJ&x~*Em@-Kj@>tewv}v@h*>W8<q0uz65jD-WJNcA^
zu@Xumf>+KA^K!kW09Z{}jqtDb9(;9WkYnQyYdjlc=!!M628J^|v97Htenst%e}3(;
zc)s9U=PMnbZ$iUE!<%OgvJkhZ(1`C|(ggtC(vAAph!Trl7+GkSpu<**>xvXt9bGgE
ze&f$@Zoh6QK!&=+VXSaclZBc5l`gr5k}jL<6Rgdab7f37BVw(dRD2?@nAWr<D<ae!
zbbala*J9~Jf-I;r(4H~xA5|Jq4Ol~!p>KGD8^93ndR!zYxxB6;r&CM|5qYX5iv!YF
zLLT3r^raGzoeliW8cx{|c2qVdMmQnelpr0O%>brv-kOFNY<!-O+$5FYlmw?FE_Fp?
zQZm+2{+<KHgai{8mWzl+pHd;hti+>2ss#vNOfJ%yzgiEWSjX+CF}aB;`{ATb-N|z3
z8bDRkTL@wIhX(DnA><qy;G$R|(gSH4jRs@k@4x?^T=38-9`VHF##|jH({7it2t7?R
z^XgZfQ0o7iLf}(}e-<?YD|9bj?NOV9liijK!|7v+n23|ba*V~v3O;pbr?plYkTVU)
z3Uw$jC96@rGNW?J4kXRI92S&{m1SOLeGy{#bSNY-h}{7@5#@@oPdsr$7fW_za}717
z&<4GTflp`SSXZhz>uKr>-O59AV2uq%U#WUTJzE8N3<khF6(^#U$T~@-dps50<A_r2
z8fhJ@!wG#OIu3=V!3t>U7_4ZZTtq=vYK4Yc5nwQ)P_Vc6pi1x=%Tgjz3YM%!ur=Wu
z(IFP_V<%=oUf;_1Wp~vOAIO(oys2-->8yenks%91Uf7+TNvcmu&t1ZBR)1_7ZMUn|
zXbqu9m8sNLn(Ts_?8e2%qt~xbk7L8ykbN^M|4VWQdUzPEl+=XTSLCr&ZManD^)iaX
z)9}U=*=YuRS*EwO;>!Yjx$&pW3K?w23LwKpD`;<63-YGS=8u3w0}J7|$D{+C1af-v
zIGB_a=Ta3Htr?ptmro@sq9%SQ4X6oA@@@M^)9~qrec*yZ=?_d{;K+EGPIqOE%s=o3
zx=kDbgM)vugM#?Kt$IEz=mzSOn;XwP3gK{b`-i`7J>RIe>qo({rB@<(jIRSyG@o5E
zKx-(4*cg&xh<}J#kO)WRl2V1iW;xA#b}KG{iGdx;I?EUAN&x|rj)YP~OtVQaBL+>)
zM%>x74|6*tx0uR}{>dhCVL?<}4n0vZ6q79{mdA4K9a^K&Cc_I$jBq~1<TAa(e{WoP
z@M5FB@qy3E2B~kHI{Z%skK#OH_B|;75(~Y1c?ch^(I&opIiKR`kg(l<hj8%-c5i=Y
zZ?_K2k5E3E0}IyjA#W`J1n*4?-YbBKjs>ugLltJ_B}D=bg{QV*U7^<IbwBk|NFb<D
zAY-6#s15ne>~rgDN_0)96k$_|k%h&`n~$%KE|hqP=rXkM%(Imxxd#F#4)1p-8-3dy
zd{Ni~U<#%#s4{H57t1|8^f;N={8lJYNK~J?6S9M4BDE!_#geRl!Qf+;O`5Bj9d<Lq
z9-)hib?LDSfd$+GD$FCOvb+P4SxZ3fsUeRohc_$RTqiSc!lzGRYgWm)&Q5Gsm6+@F
zsjlSG6Ol{UEE7o$ELrFBseuz}IWu!Zq4S8OsZmK4*hgfQsv~L(N4RGqy#*l94SJYW
zFA#8%MoW}!n17zrJQZys1N~DJXEN4Hm1EJ#(UfDd^a6mxH|}&9@fDxV=wwy`YYha}
zisTjMd5()JOw0pFflmoZBZ{w5i+bGBMTgx~W2%^J4VWy!WqDhW#djcOa82f(<B{`G
zeW6wQQEoa)UaZ5p&6wIsoUDO3(Ot8Fe!MBJ*K4p+8<;Y8EmrEqB#ea8G6jp6jt7+~
z(YdQc$Qp`}P#!P=l457zA&_OTJ#HK2O#fjt-qU0L2=dBge`&HFNCKo!<2uWMQg}+S
zET_37xVQA|h~CO)dWTX_#F^oII2Z48LL;J02jIwehZ_o3=U<N#(GEey#PTm!DO&~b
z5VnWeR51qNDQ?}fM!3%G^35!pIy|ngdOy5TzibwkHNncXzv!y|7)<-Q^I6HOCnB%D
zOH)enjFb;-rA*M~T1H4H!lVo_;ss>VQ#52I&T%ECzY3aIYbmvqF(MX{U5YXjh6xgb
zjc0uVu@?{;D>F|-XQoWZ_iy-!OQ9r<ge0=gQYW8-*HJEMNS&p&a;IkrAtid2(1&<g
zvZ~G39Z=?!AJ<}%1ezqqa0r6M4{|;|DG3(fx=b0v=jnmuOTjr^AQqnAW~+{b@ARI!
z7)ucecN{H`NE;E?4zpvY>!XS+eFP+Z<Ry^iV@N}`AeAPGbe&e_Dp{FZYO=C06>1cA
zm91<w*~<8w#pFK4W1Wpzlzduw&6q|K$Yf&>UK+E83(?wVF4KZoDA$s#!2(mwi`}&q
z;ha*@qD+0Z48YadCDf_UbRm95TmwtKoO8;vKy~@WoU5r0OMc*4u-a8}v+*~T+)VAS
zQwrxwSN_&?Wn~1w8mP>XekU~N%y<Y%fsT~Z(xW3aLUmf%V5L=SXw?zS#g*#>wsUpt
zNR8F2+R=H>*SJ~9)oa`!tB2NLTIt)1=vI}!tv!fJ-(J1Gos=<^+P(g2cPODtP`cMm
z(^mLSSm~0}ii)p{c{0F7cr1h}>cw@9h?J@mngnbz#kY~G7o#@9I{AGA&p?Qn&5h6G
zP^q*?yM;3lB#{@VXLa(<^nK$Rnqt~ND<k#=k<y<)5yUj8u_I-rIhY>3dZADucuud7
zpVNFui+D;IQP`j&L&snm2EN*7+HE~`zF&_`bFQqS0|c6h3o4nhrL#Ii)0r#W!KFvV
z(jrUpGFy<K#}@AXQ0rdb*w_WO3g1rrt31U|Gyb&_N3uBjZk^?k2xF=Q($f`4kvU$e
zL~1re+3^}$3zTp2a?XRa$T>fTOlf#w5k^!6vt?MU$~Pm#0vQ&xZi++AVtSU&FfTVN
z4x+*9Mbpg#ZL$N^n}7M&^Q{NTH=lY0G{jm^3B+#V0Oyj@nR5woM<gU=oJDca&l2LA
zlkrm&(Gsf5l*}tV#aS<8fm7UG`&C!C>ySv4LQ0VE>+Ek<D01r|;urHZa|1cAum(<M
z*5N8H^PUi&*6&9imq~xhtLxIyndhbry)%a=M^dq}JjIffrm`8u?^B7;T-?c);xewh
zYir_N%cbfPRE>4hFO-&|^-wUPAUFODC1S2m5I;vNBvlkvGO?42E(d+f$-OvmD=GaK
z*joW%O$->Pu#4bTHVL~t3f#36&XIFm0mJ5vSvtV=8Knmd<H8(IY?z4CA%%eVb6JjQ
zH;{jjeLesi-&!WS9{n%=;Km#qwB*fnI`N-1n;_6`X8rAfJ8r%cqiRZKx5g<SR^vAq
zR^N5M_|3lU_M2k^G#0PPK+-Ye$8F{U{Cers>i_v4@h!X%Dz#^%2C_t1grWL$h-H4i
z1=>Vr@i#XDtbQ~_k&Ug-N)RH=4uTLEsm05EjlTFA1N3LSJQb7(F+kJyhj8*wlat>B
zjq26{q3t(;&<xZklfA7O6YJLyDV<iQ(`dEv|0kY_6Q`(x^g^)%@*0M^IT55RV`*cn
zz7fvowvf<4KR4>U_J)|(2Iz?(C#Rb}O#XB;hI%Y<I&4$08(Z)wP+x-)14?jlf&L{h
z2nA4A^eoE!ID()46rg`G=ZA5c6&-s{Z1>tlQzgyQ1zLb>K(Q-)yY1gzKPM8{!=FJ0
z5y6X;g@CpJnKx*Vx-|(bSJu?UumUIr>x;ZC_sl!sJ+>i-NuB=_ONoQS2r67Xw=bQG
z8_OqR0MLr(naGMh@~;GzZc*-l%_5l|ecS^8bpUma@GfnCVht>J<`aB_4e-mmY)WAM
zjWxk0|HqvXP*R9(8lFRpzB`*j|6tjK;yBelnfaJf!Qt0^@xIsD8_$A{4c$8@KJqZ|
z-5H9s3?TGCwf484Q%ETK{1bBmO_|OBx_5X!2mT*#f9T_`;rGw17zkJge!5;xSx(%i
zW8>QN#mp+oad~mr-tKI-o)fw}9ESaNIi<iCE(bqSgx#8F#`GpZP*gZQ2W0mdAnXTY
z(ZhgKzHZAjs*)}!qMfN)Km}ZqBAA$hm8^RuDj$mysW5Pliq!>o<jGl87rDeqZG#C|
zH4jT&I0r>H4Na1q64TINs$WX!G`WA}^H!L=Pu7h~ZVC;y2RE*lIs(zPVA@kU1xuS{
zCwfHR7U+yWo1pHa-y7Ijdr-s3KyJ`84*aK3CjohvQVHaWr!#EOWxilJp(OA&wxexm
zj(#Xff>abRJ&Mj)?dbhUO22?FK{Qzgl=@v&K(TC#C(3(?ZHu}=T2WB@2^WKkapR*J
zJ3g8{5=<htJDME|1a4ZdRIfiPW-k6Jt{%xhrTX%yK{5`$fI$BxLp+Ewzp4dP!0h~c
zOhAd+?}Y}Ws)`>|>g7roxelM6bE@D<{q1hIqN?jMVqMhzB}1y$h8Cz~#yl8xT;anC
z?S`WmH;2wQ;29l^7fkfiTB2@&)kxIh^d`tFV4`KTaNbX`Ws+DdsfBkNt)5Z~54CT_
zNCfEfi8;X8>O?S6vt72QQcfc6ZbKA_R%9a7|KLOgU+s5O_*uhE(WV#vxuJ_CQ2kSO
z5nFX4K}l>Q#N0FfLO5y6B~9+<aAavahWJh)CLS-SCM}qS1b;9!o6myK9!Zj8Vexdt
zWX0Dcu}zLFfb`Aw7<L8M<`@RNZTxfQnRMICzWL2gt9`(zrU~<9yYsO`Y*h99J}T4&
zcc#d~7<+VLTt%gtm@*tgbOEXbkQCnpiTKHdRA=8CAs}iJQ0xV>_#_aA$wAS&i!w?8
zKrE5|4JhkFMS%pv!=8H|rcO~b*t~0PX`|cE*gnf))GKWxV_QvmgD7qHc+dqIn}!4B
zMl+lEoD-o5W<^Fq2Vi0wis0Cd&(Nl6IvloNmjjD@wlPGTQer=gE-x4W^v3Y#xLL(6
z;A{I1a0+}rv(X0Fw`>~Kk8o}+4>qu{Ef*t58eNj;&9@n7tbQHU>K8yj#~oVW%;5=}
z$6Cz3{ob9L2qrLa<4GnF@Q@qq{{8ogDQ4)Vc2HHYdnamrKghAZ2iD3IGd%qnB8K<e
zVn)GXYcS~V40ap)Mr*Ip>+hM31EW7`boWO_Z#WpV`o@S^Ds>tS<JKZJQ$7&%^I1Ng
zt*|^itVW#}2%5X-;-=YNx6{JsD+dwvRQc3mjlzSv_{6v(5W2j6{QW`7`}Tgyhwg4#
zjb1P1OW6DPm;K$eI_<qqS`Ruq2WjwjTfMYe?M~|;t?Qj$I~8Qmn&R6|d%u_VZEtUH
zmw!VmG&NSU(>j-tlYv3h%*3+!y>}%V)+0<6Qa;{7Uy5VvvBuC)L91|WeRs(6ab|s|
zuCK-7RAg9d6s;n6I}x*@8j~V&MJ}clzam!%qgYg}Rk17@u`E#!ZZx7Lj_TaF7P-R0
z(Jhi^vs=%KYl+OcPISxptk1+&z3dQ|3!(n?=hOg>_WZSUoh~2Ol9-h$y5+v2TjVkJ
zfuc_g?~8Jr1;Snu=P4MaM+yB2YXllmFX7Sh#a90+BT|(Sshqi4PzQMI8IiKp0R4<e
zLJtVDi<hnlAn4amCLhw`TEI7yLPl|bC2RGsXDbeCtsE$*{|T!G)EFQoUx``?;vW_=
z4@f}PLNSo~D=7quQA890>3fa>AeF?WNCCK7@G}>DnJR;YK8Dqd1wN8$Xmty_Jg+(n
zx}tDd3%c0v_;M5Lx}Gm^05v`prJX=kF5AmMTzECK5s&Hl4Hr(Pmxa0~r2&1@hLBJ&
zl%VQ7KK({v@z8dLM4JeY$Z$KX@?edk)ZwARvX}x|Z0&Mjhs6$68Szp(&gVL>=RvW<
zLxqYGsv(l5r#So5zS&Y);sqFF2v}=zp<%~e=zDp2UEp94qw2u4M`OU(;2@BaVfVIo
zR4l6;T*bQ;@0QNHiux;MTA|oKNv2f{t^}ri)V76+e@o-vqK21@taOjs0Hf%)WQfTa
zRm32pD3@cHQPe<FLPmp?p(fK%qrhBfut~vohT%q0qYMMi!i!ZR(c<G?s_II+iXld~
zfL&$Pxfj(&fh9A0EpK-z&$^<6z{<+9ZdR7W9R^{zNkmwbp!z*3eXmm2l-n(_e8qNG
z-_G?17xI~vN54iEy8Hm>f$-tI;=_}<I{W$q<*|=;Il<`<CKwd^Ijk2s3zSG<%TRdA
zG}%X#!Imbl{r&$v|NP$%lfCw6j0?7$Y)N2BX_&!W<DC}WLXCr!ehIz>aFKaiV;0U+
zWd&YK)n8ZTca&y#)rv7Cy{poj`dn9u)wm+H6F*OuN|5U*F@4kU1~&?k`E26{dQ$R-
z4IP;fF4QVlOF|O}7yX=T3rZ9vztVG`Xz$~vL!YoHiRn#cF}*@5E*HE+B&9+Y^j0cR
zot^Vi@b6E=GW;;DyVNl}D%qVb0oGA=H=8;7Zg9xnbt-LF^=v7TB1QqI3A%M=I3LcV
zpXF{6Wj}S+%}|$)LccHFTB4D4Sq@7!Ag@I0j!tH&peuzw`y!)=rmiAy?X0wsEIzc!
zDmAV2RH<nfNKM<hkJPlv^i#{^r~Sqg1U-`EvTapzSw7cXeaJ~M8zGF0JhMrivy6nZ
z>NHxUP-enZ7$qj0O>M)k63()6Rl?aS;cS&~HvY3pIJ<Dd*|^9Rb(c;!t4z5kpq~{^
zIGgBafrPV(x&>AvQER;t&QgtVY7IWlY%`v8Hky8S;ar+k(%Ddt_~gvcGQzYw3~w@~
zGZ^vJ5uXOb#)<HW`0W$?{iL$d$`r?oB(D#6u#B_`5;?MAf@SW|O;Ib4GZ3@tixQL@
zWHl29RRT>GrfCRGsB+UT%CP}}qI=!bAzC6vxZ4c(C*o8?K<zBTc*a<PoSqS5IE2?e
ze7U=^1~&xF{*F5(uuH@XR)8z)Ic!5sXPfZ7;}8Zy1D}Y6x1{(kvC-fLR6OL@ov^&2
z1a_?C-N`HZ5|nuIdPZ5tAD9kIm3!$3Rv5YiKdL1*kB}Fd!no2L(W(tmwc(i~6ZTUB
z^LxJ8Zg|Y4*8oO`em4xqb>?Gk1;tQow8A$=F1wVe(Vt@p*yXx2zcFR^t29Qoaed7`
z;`YCR`~L=q?>EH7GRmz_Y^}|mfKQ4EPy&YW_L0Dz5gN>>DniZ2*eV_}p#kH#(<g^y
zZ}|Mu!I!WC@K<f|3V)A~DDmYDfB6RH96RjaxHh^zIy=t^`*J+<Jo!tzCBD1~=tRU&
zs*bn>{u|2&;sS1-&NqeAaVz{94TcvsjZHczcQiESo5r=f8H{mjYkNEPjSqEeYb)Jn
zbXiMo;4f?Hz{$%Ri=4cyQ8GTaKoB954dn<xR?t9c1?4gWt?)j$4SzC6>k2G+8~(s>
z@LzhErXCN%!Vk9V4)G6EM$IWLg9ez5dYBIk-if~(?BiC{v2x)~4Vy*3g(ne&PlXz8
z;5C|pu6%R4ne6sfG(utW7A8GfL-I^R;n$YuPtS4gpiunO+7_vkw?_Eg_#^(kKaYex
zhKR05=JI(+o6yxaP$MM4vS{!HL8=P4rJ|}QOjUd<k{~h#fl1^dA>qfUoWw%%DK3ot
zH()^{n@ORm2KXW>lIba)AXY<dXQZpaYq}ab1G+4nU9{h%7d<m!J!Q6pJ*5GqCXPf>
zWz8H~Go_t~T9j}h1B9M%Z)j%gQu$Z;i`>++U~Tq3NCuyu5pyP>+fZYIR|&8Oby~`f
zOkrh4C98IHYgqJJPbEB|*F+2`3RRaqDFz%=&{@r52Ao=8Voz(3mP%Tv)I}AxoHSe1
zf&)1kE4)#>>V1qQ`SP=pNYF_$NbN}N#PSDt6nL&4OzqVl7-y4dbH#Chls|HYXwUK7
zq^mHkZ|2~}u~4l|?cPPZ)!R*J7ru3sE>QMuudUk;RKln8cgAFbaRWsOp4GnKyS>x1
zRH_(ZZl=6e@JY3e5;QpRT@bSgGu=9^Nm_$>--YHbq-zSTrI<zw5MlgP<tFBC;=t^J
zoAz{HvAne}{VLO#&na#SQd}%U(mi{Lo)-1)6|iEE&?phXqq1a*VO7gG#6eW9K3=YJ
z^%ZmV<%vJ}XXP-`br@+$in!A#RZx^}&B}KuDFzS}*15&7Q2m1PPt<%m&ZX)`!?K)9
z7?||N@NZsGCHLwW=e2!smDsv`<4&eWbnW4aolGfrAwEGTlR?H9v5dCI1i7=5)+{oS
zt`LSZCxTbVWY)JWA4Y|Br#B{%)S3^!o}M(?2V$i;1+?1awFzY##PE3xW*<FGQzD4`
z?(Qz;JrZG)7)g8$1m0;iTRY8muL+}d8kBxuli3&`yEa(JWW&OyZ0j1mN=>EG8(S6?
zy+(U09$rDL3^DrB^%#~)^6m_$SGMbZd5IyKlHZ1o<5aYWR@Y6Gz#b4NPC?WV`V3x~
zQ<~C1%m~e1{LH6$3c|OzWq(G*+Y5X0*1R?C@C{#Jr6PghH+**z(vNsawl1CDe+nbS
zJ>zbhMTyUR)8m{ZIRWW^8|Nl>1@gG?a|5{5{I5<6&2den5MSD7azVTuB4vBv-(J=}
zGfBJ2f@u#gYxM2b7DwcW4?Tj*7<QF@ga{@PTC+*s7|syLfzLlNu0eMDQ_^>#1L%eH
z$iVPT>Hq-k8Agu3xajwZJEE+C#Psaa*;Mo_IF}P?96CI8Dfn2Yu-`lxRxx0-b1`7(
zUV|ade4J030c%DrRTx41#WW`bs*HfBVZ6*G>|@F+A5aWktCKsExQ;z14l=gua3o=6
z&Nn8RxJU*TXq98bwg#4qN7IB0WqJebkClC_(}$^WZqZqAjRcMZjpyg$z1yURos!}z
z#rJbaoj(%OZPEG}^Dhc;WG3~1XbXqY7HMSw0dw>hbQWyKCgYI&#luA_cpvr0<hN#c
z*H`En$thVUKTvl`q<L&h<Vne`AE_A?DG`|<3yu1v6Z&V)r4%T!!_kQ}D)Q+}`4<Xm
z;mnc$=3bvmCweM7l3hiVPo!K?W;heRJ?XF<N?3miLQ3TikE84KjHQZUY9!PM5%I?L
zr?HRnh>ix-@20FS#!<efsNJhvMU|^4@hmuyC*mqP9fQI>eF&!t7XqnBT!Clh^~|=Z
zBAn7DtrB&uC`45`UY0_%7{we)*GG=F_yX|YID70ayy#;3;OG*%&wV0|s$B(87E#yI
zF_sEYzh_7GwF@%(CdC24>!^E|ag3(mbS7U`e%Vs}vL&D6&GE~2luDSMUv`00mjw)e
zWHo-->Ii0@gR=6=R({z;y<8fV>#WQ#n|GK`+b_Gg0eU%ytj;OFLiGy@K2h`OIApt(
zL$)M`Y_Mc;<HAeRfTlsS{>DA9-5Af2C+mStj+EAaf*#nupl#qu%n{}AaGYfJ6Mn)C
zleR!L!>3*s;^9P~j!cc!L(`rb0VJ9z#w6768=UX+Dbu1S=9j;{C8L=`4e8Ve18g;z
zQP!a+%_uOIOK^H)Is~X4)p43>hH)C6a^MMMh}*{lddweekfA{n(TwoW1iHnb2(*n3
zv0%U=jg32-_T8B?OrioI%$%t=^U?D`J<bD>n8zpnjXSf4amNuou!x>&k^T@5KlVXl
z`It<eI<rkF+?!xa;|WdS^HH2fBrgHS&)CsM?wU4c=tP(rbKCW{Ew{<ePd0-tH!a#v
zfY=O<RyKW_=LW<kjUA`r({t_S$cBD3P27T6gQh=)&Y|?!YqoZq?G~@!2tYRw*9}^!
z!7H(ZwhaK<2-<A~?KW7uelt9riBag-4ZJX79`mzLcbdVAMvx$kI^B6!#PQ6qOShIm
zTQ<TYn?NxQN-+&Ve$77o-Q3$d*x6Txx2K1wH6+hrNENI%Dh?*az3}oG%TC4_OLX#_
z;ILw6D*4y&oR9py+v4Bfx&D-UXQtVZ&KQ%hrA{ufkFYWh!bOj;9i|*%qg))GUc+J+
zACF$YK0TI?x2@*rrZu_kU0MFs#ItSzaO_AJ^o7ot?3#>u)?{Cq%1>C-*GR8~08#aF
z4$Bl&MZDvm)DsIO<WpwE@CWrMUhqw{jl?T#2VYW%n6}2o43?o|(Sd*CeqDUG85?;U
zG%|c2^oAD;$KBqNlY0shvyfI?&?2FN2o<>+TBFhChEG3i)DvBZj#8Sxu<^r4XE1u;
zw;O9}+Llj~n28)cO`5@s5wLg{C9+s2Untlt>J|?UCc>-D$o%nl!6ZV*G3RKak$TRx
zsoCU}O;XXmZYsI{m|dWy{1$X_OY-m2Az#%ML&5Wzq2M{h;j_ZxLx2nbhhO1;S0RFU
zp$HbGf>G>JY_1k_sw0z1!HP009k);`Tii;F!o)0>xiI#0s7=^?n})q9b!dzHK-#TV
z*!3v17b&tlC9WVZiXeu+yjTH5erC9Vejq_x9Ul;nBk1IZ5xjL3syV4*2x8BIu6MN=
zk=&2pUD@`619>7b1S>u(x~DwBM!)Sm%z4l%bRqdx4|7%Mg8b;=>{|?7P%w4;Rpskm
z#@F4wS6_EmsVwOEy49vpQrLr)3TG9*?$pLAUpFsT`MN7#ccNY{jmmWftMYZnnRj7d
z_aX+~<-FX9t{3!jC+Zgzd7|di@pAVnFL&8qZnT4)4-BXBa67#izmX^F;ZBZ})_;N?
zZiAqI0A0U$Iv3Bga&sj)J@d(CyS4oX{vWkk`djQ+;Ei!>5^jt$hos#?=k3^~X>Fax
zwFe!>n^mTR387wR4^JnWQ|>#*!-%51WIm<s(FD1d4m-@~Q)jh9l=mExL->k5Z`;J1
znef;$O_>2jwh8*xqb(2I8I&9{4y7<p<=UzSB#89xm_8mP6+vI{^3su!2Fs>65KK@<
zB0iTHI98aSKK^M;(VZ+iv;Akm8S5{Odk0;-HZgi&8`I-rc3k05r@a2l@%a%<^T0Mw
zV2@|nf3=2(Uyj<X>lS^E?N7JIN57yYK6EaZ0rtWGu*w}mrVioLJKr>Lqy$~WXPn`I
zm5z|cyc=88Wf92-`W>eEq}Ril(*_<Rrq>7p`#AH<8at57E`7wf2n@M^R>=&nl&1so
zxA7i6_9tT%jB&8dYinwaaY?}NhdHnpF`Zk>a~+h?va>kqqU62l^}4JZJN)17{sH@A
zzs3IL|LpGvf9&sz68KJX7b;l^9nLa0#RqzN^!|vL6If_qO}CMv9rM}+{g6g}(9s$`
zMv?@?Y&zR_))#AH4lQHb^{$)vtNBWRxSB+~ONoI8&h4oS)U(+;*lBmR$o4j2zjt?b
zx;wHH8|Hs9!`^;}Ly?{4QBUx9)FJLuDR5Z>;l_$`$InO8@G&W@bRlKt9gm9ZC~FJ`
zLq5HEG6#aV;1P)qYaVWH|My?FHlP3NFIxyC?PkYZxC{&F-x)E#4(Ax7asts!8Gx`J
z(S!0wKfgL5A3k016z1*#I1R<MiQz;S$7djJspE$XY?o#_r*f9OK7CJy?994xO@-lX
zx*bjqNBDPm8R=yW)0;P-0H?oL->?w`m(~INX8FL3K$6g$7>Ye-U4li+9wFt@<N!V>
z>2zEM;a(41H_|!=3t3}iIlNz=kWr9v*-FNe2(Yy0I6?+sU>h^U1HJBxE|eG!=7XAU
zVU!qlID%se`P?+6$TEY8WGXX;R4)4<Rm&9XbhV%@V}CxLUo`ll*&rVz{7%Ew)W=-`
zM>y+04)6xYYf(`KumVY=pj*Na%1IsZ>iN?Kss+4hj$_du23FA@{vowL9NH57;Ui-G
zIkKV1a87eBxZW7^2;k+nTyA(mZcJU4e}mgIRV|`icn*T$_wMIduIF<UP3Uj_G#wCC
z`sF%#<qV|)iTulT5r}~yGCJOW<w<)+`-;Gvu!tPhl#<#x%=;|K-;lvrL<Hu4Xt#3F
zAiq*!A$$Q}>2-UG)Ydc{k~YhuDR@xEqrp{51cE&H%rpk~7<-_b#2__Npo%`Iq7R}^
z-awv6^g)>HS{I;J)Io1o7oJ%~7L?`oEkxc?%vF&E@}q~dDzZRXu8J&JCbFP+uaN~k
zr6QmgS)evalfwSOR5+`MEJ$sviY(yes>p&WvLI0}mqz6}gH=Tq#F@9G$byBu0?P#&
zBt}v&&>&I2pac{(*DKKAW`?H?um6Ud`s(uBl?NKUfp$My{ueYL`B!g3<fEIG|0HxW
zo>ZKHOl7>tBf2nGMO?mdYYxxpAzx*bfkG8-w*X%mDsW7J5wm|qv2vxVxhTg40CH7Z
z^TN1B=szeGxC{}0188b^K*`KCs8(8mSgu{>yp?I&Qel)xo?dY!s>Cbo6eav0E-Rb(
z>Y3$8HrOETHrAlIv*i~jQu=K6e(U#3r`@ez)@H-WWexuAdP8z%c+)vKq7HnYzCAJK
zXs1QzK69f|*OP^Z{zo=HV{WipC)qr3_dl)ewD)ow_}hnzlK^^M6YN1Q*y9_+yEdJo
zkUOn9^@LFvpB&Q}c=HKnRF3^7uP@HX1<QuODz+D`*pVu}3uF@gd4B$;PWs-A`P2ud
z=qmTgv-;ii`WL3{m_Q>2y6t>2b5Nbf{r`X+B6fyN*MrxQ-a0!PRPp{?6QR5ERK>do
zxG37WcDtPp@Z;HWU9LeSkhEj$)@BJ%3gU_ZI*3d?y)(e1Ki<E`0j9%Y^*j0a7Wp^O
zLn3)yv}T~)-ANzlE4)%0qYVfemQ1fs#xr|rO+dzY=GdKLMs-nv_}=Y6hM6)83&Y%#
z`uPU>Z+du4o}md*(6?Nlpe!cm>>h5Zp6E-Fdiy%<q2uBj79K_2+%{9{9_X}t&O;3%
zRd=IOhLKuRO*7~3-%;XYg-DY)Zk&uiot#0-f`+10vn%u2iks>vMil@?X*tP;E`f>n
zxG<RRe%kb;4F2uO(OL5t|0~s3k%nIVUN2u9#E{t}N2%Q3>&e_7#mc*vpvT;qwoNe3
zLev9I8y!@%_D)-#nz)cO|1bv_@bT7iW`EQLbMsU)KDleco|j2Jif9h8mj#hRIKP2D
zso^0UjBnv^8OVc-CGgD!thXS}$*Z$>M=@c{8vqqyU=C+IPmcsLMZPTta<{viLRX9m
zQ0u-k@xSE6^5_)I(c2ATAdvVJ(EeV=a6kHUXAtcYP31TB496dtY*yR7t_%XD6mO~d
z?t07sy*nr8e|t+p@Z^6Hsi1(<lhBk2$8{{sAxQHr(7Fe$R=p6P(96vO5l#XhqqH8z
zm4!~Lm%cXhB^8qblXIG_NUo!lBdK+|Em<%pCKm(ujDN_;<fEvg5Q53ZSC%uN&Ka(V
zcK0*%lLY{FJG+_dU1&7@*>?MeO^#tYZTFgllC9g4NmxDIbDVAbgb`bE2ZNdKMkQ=m
zBxT+|o&b+Ax3)qTrn@g0Zjx!2gbU1~!7cx=Y2lr&hW0!L^_i9Kbvt>W&s=|c4g32P
zyfQfZEqUJ(BbHy^9}_NFU*is%yqt|j7^;V{ZYazcjDs>@>}Tkjzgf-@HT^TZRLDme
zFDmU8uC&|TlZi-)xsN7n-)ZT+R%C3-(#MAH!!qL;qDH%5jrKuqkD@gWTD{!akJV`J
z797VxCx7IxSVA|#j6JMccd=>*`&k=)2J8G?^ZfW7xxoE7yO_-z8A8ErciK_CGrEy}
zXO0I3o-tvii%~(RVDY_HdoQmztZUcq$xB+{^Ycq5VzR+lx7htr?B*y%Ab)rp)bh#H
z6cPXUoyGUdO@%p{UXT{86-~$lZ?Sl@iL8H%Y7NbvhWE3wOnyw?qz7JNA&}DLRqUJ#
z9%ac)!baqti8_a@2U6&y2=_kbL5@5av@YHUk%a2#Qc;XYQz|1&MVbDbh(D#+$)F(-
zlNgqfvm`0r(x6H4KG5l$E!3geJzex%KzKb@{KNpx5HBd5YT$)KfI$+whH+<v`cb>i
z7Ge1AdPAVaNK7cpA14M?G{Ia}NM}YoXG$<;=y>X=KEtNEa7>r5LCby#rPG#L+VS>^
zXOR<RJmy>qq{ldI47ukgLx5;UJbM?JQrX5r@43Yer;cX}b=)aIT`L4ibB`L-1>)ji
zE)a3)Nk_La6{CZ({T`W3h6c4N)98HIHr&B>1A2rP-Lbg*zU_iCLxah~o^LDTc8Y~9
z351GRz<gxF4!|;OCPC|2A%ay%P@#|@$%!^kj|h@IQ1mYARYn9w9eK)RQK<nziH;Tx
z2$BH=rBdODARHNsIYOzpXODxZ;(>U%Djukc2TIh-rBS&~8Sy|`f+8LdlqM$@^cCla
z{3v=E6i#$j5%N>0enBB8YCfHipXi+;3kM)nAwRKrIBZg#Y3G{`0!m)M^=$_MDQ;j}
zm<Iy@x!UZ)K|s10qyktAM+8;(1yuJ1RQCl`_XU)i^}f0<U{TCf_XRwH`vM-JnK)Df
zs;jiBtF)f(Raz>RSh4@$SmR2Ag*y@EAIR+oz5bw{cF{rQyI8sJV#RlYN9_;At^`kX
zv=rY(?v>yr`Yx&)!SjsxmG7eRT_oz|(x_Z#uqxk0-i_dk_%3u!T+2B!bglv~RKK9a
z6E#=p$Pfniu$x8v7>gP~)6Mm_S%jA*&I{15g051eevR%2eAt_wq+L#b&Xw6Z$rXz7
z8vkZGrb6+@$%`L-&>NlW7w>_lpZ(b6zsQf~_{9a?6^~(`13Qo(4FWsh(cxtv?TjzR
zHmKl2pBB9B(}NS1?}O%eS$n~bQLvvsHjNj!S3(;I@(fMc2>T;}(K?yfCdTr5xKH63
z9mml62vbH|4s0ZB8~0T|HlcezHYYDG9T)=c0F&LrJ&iIurqK0$u7Wku7}mIEdw1Mi
zh@c_pebNR?Hed74TXZ<0?{rs|oEUMGZ|=@$z5~OzFfl2MJ7O7u6>W$n*iM-4L{)PR
zRgfiM&*$ItUBg4`*nlRpBLiwTfYt%q@D_Kt))@Iu-b-36Wj4&fwFU2JC&wJs^wb4x
zfLzu|*Sj_x>z|C7!YC~XuFnbztP)qq0@$BUjJ^f>D=-{yPY?@q(036XND@9lBJaEI
z7rIx!G3^Q6YR_OK20uxHX@zOO`Ruzk{@1o%NTeLsUSTUoj@})G#NA+>pj+jE$UaBg
zqnXEn!c1lfjYFc-5hCTSdo3mU`AtY20=rcnf9AmK9HA2}IPGx+gf`tKZ()DyFk~Bj
z%yb(znp;~z>^6dn?Ru&6E@00lA82D>jvB_;0OCgWMjGBG0&^jec_zzsJM@G8SnTi~
z$QO>W0HI<snlKMqv+>rvHU@JxnunMco3$S;XwaF74yDQHOA?bGE?!AuQi(7ws2K6P
zqeOQ(J%)(f76=JP&2k7sR~3EanUDchjC3%h5p7wpLb7wh{dq8>N3(0vZPy7bq`i9B
zZ)WkD1tuofvFFUrM7xgp@>%L!=q9v-;h9{yHHX{e6Gh}Z_(t7P@Gqt~hQ$dMi@^<0
z8%>)(z(mM6H)J>qGN{rTH1)NZPZSWYuS?XX)0p{j(gt#FjIC=ly#iTNrs8>%DR~DA
zg+NM_jD2Z7JM{o_NH<g#sXvQ3q4~Y!GQF@&%$unO#4Nm=&tbL!<k18uKCgdgLRLzj
z_rjs3E!Pxv0&{?^gdj>TG<2Q&SGooe0U4+PLwBG8FV;&sHLSZ?>Uoy3m9AEcPQ(jp
zXw=$O2TZ~H(HdV9-y2A1@r=9eYgn^qeP95O1ESPRCz<`XA+XyV8$PJ5%>XgYn7n8L
z3%T@V19h1O{@k88*OxWW42IJiXnAjE@(299p=Tw7-!C-xP3gO`G@DLF6}3$y#}=Yz
z11WC%h-{eEwvId-hrVqi(pZWuqlgWoknJMRW>MHy5g84O+%lbk!h%?HrBupC?_;-4
z*M#G^rV)T6hy>+xApWB8Xt{J!9?CV3)8ZF7n3Vl+1coZIk3IPY>QxO#ZI3K6oX#@C
zp=%T_QEcT}Y-EDbuXxDQM^FW>j?PZ6Vn7QGRcs&1n6#CQ^8dVhTlOHAno6NVEHo%C
zqZ=>rIL+x<;}vyMU$A89%M7XeScbIBAbO8u5T8E2EpK9W9?h7R8O82{kK$)@$}%OK
zIwN<Pq3k_|p<rZ;F+DpzT8dxxAHz_9vW|H)>atUFu*`VG-m}nn?s%mI)gDp3jK#B@
z{uk48V*OugT?`B^>P*<_gD@OLI^AOPAcH7lF3KHCu{lwU<q^$``u6hzV_8a3DR(R>
z_m=99Whs3nJJ_PA%eEN5<ekG}&qIx+7{BDXV%eh=9x$>ze|p9oh$rj-5PDPFjn;mn
zbs%@Ch5<&(k_U}W)OQ&;aBH#MyyCEe)alPM41U~0Wl0#icw|Wtpjs2*QlvqSm^%ni
zLpIMp9DUr1qgO7>I}<^mj4|<Nh`O?(x$;kt(Z(5SYVK@0nN8UVrvLm8`2YV8P)h*<
z6aW+e000O8kcv51?UN#>n-2g0FhKwS7XSbN000000RSKX00000003ihWnpw>RcS<J
zW@&C|bZKvHE^2dcZcs}B0u%rg0000800o0NSJc>EqLeBD0Obb?01*HH000000096X
x0002c4*&pdVQFquWo>Y5VRU6KYIARHP)h{{000000ssO4ga7~llR5za005HG5BmTB

diff --git a/Solutions/PaloAlto-PAN-OS/Package/createUiDefinition.json b/Solutions/PaloAlto-PAN-OS/Package/createUiDefinition.json
index c68ced693a..aefb2d4f1b 100644
--- a/Solutions/PaloAlto-PAN-OS/Package/createUiDefinition.json
+++ b/Solutions/PaloAlto-PAN-OS/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PaloAlto-PAN-OS/logo/Palo-alto-logo.png\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/PaloAlto-PAN-OS/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Palo Alto Networks (Firewall)](https://www.paloaltonetworks.com/network-security/next-generation-firewall) Solution for Microsoft Sentinel allows you to easily connect your Palo Alto Networks Firewall logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities. This solution also contains playbooks to help in automated remediation.\n\r\n1. **PaloAlto-PAN-OS via AMA** - This data connector helps in ingesting PaloAlto-PAN-OS logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **PaloAlto-PAN-OS via Legacy Agent** - This data connector helps in ingesting PaloAlto-PAN-OS logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of PaloAlto-PAN-OS via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 4, **Hunting Queries:** 2, **Custom Azure Logic Apps Connectors:** 2, **Playbooks:** 7\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PaloAlto-PAN-OS/logo/Palo-alto-logo.png\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/PaloAlto-PAN-OS/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Palo Alto Networks (Firewall)](https://www.paloaltonetworks.com/network-security/next-generation-firewall) Solution for Microsoft Sentinel allows you to easily connect your Palo Alto Networks Firewall logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities. This solution also contains playbooks to help in automated remediation. \n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n\na. [Agent-based log collection (CEF over Syslog)](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)\n\n**Data Connectors:** 1, **Workbooks:** 2, **Analytic Rules:** 4, **Hunting Queries:** 2, **Custom Azure Logic Apps Connectors:** 2, **Playbooks:** 7\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -73,7 +73,6 @@
               }
             }
           }
-        
         ]
       },
       {
@@ -261,7 +260,7 @@
                 "name": "huntingquery2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies beaconing patterns from Palo Alto Network traffic logs based on recurrent timedelta patterns.\nThe query leverages various KQL functions to calculate time deltas and then compares it with total events observed in a day to find percentage of beaconing.\nThis outbound beaconing pattern to untrusted public networks should be investigated for any malware callbacks or data exfiltration attempts.\nReference Blog:\nhttp://www.austintaylor.io/detect/beaconing/intrusion/detection/system/command/control/flare/elastic/stack/2017/06/10/detect-beaconing-with-flare-elasticsearch-and-intrusion-detection-systems/\nhttps://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/detect-network-beaconing-via-intra-request-time-delta-patterns/ba-p/779586 This hunting query depends on PaloAltoNetworks data connector (CommonSecurityLog Parser or Table)"
+                  "text": "Identifies beaconing patterns from PAN traffic logs based on recurrent timedelta patterns.\n Reference Blog:https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/detect-network-beaconing-via-intra-request-time-delta-patterns/ba-p/779586 This hunting query depends on PaloAltoNetworks data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
diff --git a/Solutions/PaloAlto-PAN-OS/Package/mainTemplate.json b/Solutions/PaloAlto-PAN-OS/Package/mainTemplate.json
index 267a41131f..27926a28b3 100644
--- a/Solutions/PaloAlto-PAN-OS/Package/mainTemplate.json
+++ b/Solutions/PaloAlto-PAN-OS/Package/mainTemplate.json
@@ -46,12 +46,12 @@
     }
   },
   "variables": {
-    "solutionId": "azuresentinel.azure-sentinel-solution-paloaltopanos",
-    "_solutionId": "[variables('solutionId')]",
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "PaloAlto-PAN-OS",
     "_solutionVersion": "3.0.0",
+    "solutionId": "azuresentinel.azure-sentinel-solution-paloaltopanos",
+    "_solutionId": "[variables('solutionId')]",
     "uiConfigId1": "PaloAltoNetworks",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "PaloAltoNetworks",
@@ -61,124 +61,6 @@
     "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
     "dataConnectorVersion1": "1.0.0",
     "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
-    "uiConfigId2": "PaloAltoNetworksAma",
-    "_uiConfigId2": "[variables('uiConfigId2')]",
-    "dataConnectorContentId2": "PaloAltoNetworksAma",
-    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
-    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-    "_dataConnectorId2": "[variables('dataConnectorId2')]",
-    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
-    "dataConnectorVersion2": "1.0.0",
-    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
-    "PaloAlto_PAN-OS_Rest_API_CustomConnector": "PaloAlto_PAN-OS_Rest_API_CustomConnector",
-    "_PaloAlto_PAN-OS_Rest_API_CustomConnector": "[variables('PaloAlto_PAN-OS_Rest_API_CustomConnector')]",
-    "TemplateEmptyArray": "[json('[]')]",
-    "playbookVersion1": "1.0",
-    "playbookContentId1": "PaloAlto_PAN-OS_Rest_API_CustomConnector",
-    "_playbookContentId1": "[variables('playbookContentId1')]",
-    "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-lc-',uniquestring(variables('_playbookContentId1'))))]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
-    "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','lc','-', uniqueString(concat(variables('_solutionId'),'-','LogicAppsCustomConnector','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]",
-    "PaloAlto_PAN-OS_XML_API_CustomConnector": "PaloAlto_PAN-OS_XML_API_CustomConnector",
-    "_PaloAlto_PAN-OS_XML_API_CustomConnector": "[variables('PaloAlto_PAN-OS_XML_API_CustomConnector')]",
-    "playbookVersion2": "1.0",
-    "playbookContentId2": "PaloAlto_PAN-OS_XML_API_CustomConnector",
-    "_playbookContentId2": "[variables('playbookContentId2')]",
-    "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-lc-',uniquestring(variables('_playbookContentId2'))))]",
-    "_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','lc','-', uniqueString(concat(variables('_solutionId'),'-','LogicAppsCustomConnector','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]",
-    "PaloAlto-PAN-OS-BlockIP-EntityTrigger": "PaloAlto-PAN-OS-BlockIP-EntityTrigger",
-    "_PaloAlto-PAN-OS-BlockIP-EntityTrigger": "[variables('PaloAlto-PAN-OS-BlockIP-EntityTrigger')]",
-    "blanks": "[replace('b', 'b', '')]",
-    "playbookVersion3": "1.0",
-    "playbookContentId3": "PaloAlto-PAN-OS-BlockIP-EntityTrigger",
-    "_playbookContentId3": "[variables('playbookContentId3')]",
-    "playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]",
-    "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]",
-    "_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]",
-    "PaloAlto-PAN-OS-BlockIP": "PaloAlto-PAN-OS-BlockIP",
-    "_PaloAlto-PAN-OS-BlockIP": "[variables('PaloAlto-PAN-OS-BlockIP')]",
-    "playbookVersion4": "1.0",
-    "playbookContentId4": "PaloAlto-PAN-OS-BlockIP",
-    "_playbookContentId4": "[variables('playbookContentId4')]",
-    "playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]",
-    "playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))))]",
-    "_playbookcontentProductId4": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId4'),'-', variables('playbookVersion4'))))]",
-    "PaloAlto-PAN-OS-BlockURL-EntityTrigger": "PaloAlto-PAN-OS-BlockURL-EntityTrigger",
-    "_PaloAlto-PAN-OS-BlockURL-EntityTrigger": "[variables('PaloAlto-PAN-OS-BlockURL-EntityTrigger')]",
-    "playbookVersion5": "1.0",
-    "playbookContentId5": "PaloAlto-PAN-OS-BlockURL-EntityTrigger",
-    "_playbookContentId5": "[variables('playbookContentId5')]",
-    "playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]",
-    "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))))]",
-    "_playbookcontentProductId5": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId5'),'-', variables('playbookVersion5'))))]",
-    "PaloAlto-PAN-OS-BlockURL": "PaloAlto-PAN-OS-BlockURL",
-    "_PaloAlto-PAN-OS-BlockURL": "[variables('PaloAlto-PAN-OS-BlockURL')]",
-    "playbookVersion6": "1.0",
-    "playbookContentId6": "PaloAlto-PAN-OS-BlockURL",
-    "_playbookContentId6": "[variables('playbookContentId6')]",
-    "playbookId6": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId6'))]",
-    "playbookTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId6'))))]",
-    "_playbookcontentProductId6": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId6'),'-', variables('playbookVersion6'))))]",
-    "PaloAlto-PAN-OS-GetSystemInfo": "PaloAlto-PAN-OS-GetSystemInfo",
-    "_PaloAlto-PAN-OS-GetSystemInfo": "[variables('PaloAlto-PAN-OS-GetSystemInfo')]",
-    "playbookVersion7": "1.0",
-    "playbookContentId7": "PaloAlto-PAN-OS-GetSystemInfo",
-    "_playbookContentId7": "[variables('playbookContentId7')]",
-    "playbookId7": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId7'))]",
-    "playbookTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId7'))))]",
-    "_playbookcontentProductId7": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId7'),'-', variables('playbookVersion7'))))]",
-    "PaloAlto-PAN-OS-GetThreatPCAP": "PaloAlto-PAN-OS-GetThreatPCAP",
-    "_PaloAlto-PAN-OS-GetThreatPCAP": "[variables('PaloAlto-PAN-OS-GetThreatPCAP')]",
-    "playbookVersion8": "1.0",
-    "playbookContentId8": "PaloAlto-PAN-OS-GetThreatPCAP",
-    "_playbookContentId8": "[variables('playbookContentId8')]",
-    "playbookId8": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId8'))]",
-    "playbookTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId8'))))]",
-    "_playbookcontentProductId8": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId8'),'-', variables('playbookVersion8'))))]",
-    "PaloAlto-PAN-OS-GetURLCategoryInfo": "PaloAlto-PAN-OS-GetURLCategoryInfo",
-    "_PaloAlto-PAN-OS-GetURLCategoryInfo": "[variables('PaloAlto-PAN-OS-GetURLCategoryInfo')]",
-    "playbookVersion9": "1.0",
-    "playbookContentId9": "PaloAlto-PAN-OS-GetURLCategoryInfo",
-    "_playbookContentId9": "[variables('playbookContentId9')]",
-    "playbookId9": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId9'))]",
-    "playbookTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId9'))))]",
-    "_playbookcontentProductId9": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId9'),'-', variables('playbookVersion9'))))]",
-    "workbookVersion1": "1.2.0",
-    "workbookContentId1": "PaloAltoOverviewWorkbook",
-    "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
-    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
-    "_workbookContentId1": "[variables('workbookContentId1')]",
-    "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
-    "workbookVersion2": "1.1.0",
-    "workbookContentId2": "PaloAltoNetworkThreatWorkbook",
-    "workbookId2": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId2'))]",
-    "workbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId2'))))]",
-    "_workbookContentId2": "[variables('workbookContentId2')]",
-    "_workbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId2'),'-', variables('workbookVersion2'))))]",
-    "analyticRuleVersion1": "1.0.1",
-    "analyticRulecontentId1": "89a86f70-615f-4a79-9621-6f68c50f365f",
-    "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
-    "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
-    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]",
-    "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]",
-    "analyticRuleVersion2": "1.3.2",
-    "analyticRulecontentId2": "2be4ef67-a93f-4d8a-981a-88158cb73abd",
-    "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]",
-    "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]",
-    "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2'))))]",
-    "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId2'),'-', variables('analyticRuleVersion2'))))]",
-    "analyticRuleVersion3": "1.0.3",
-    "analyticRulecontentId3": "f0be259a-34ac-4946-aa15-ca2b115d5feb",
-    "_analyticRulecontentId3": "[variables('analyticRulecontentId3')]",
-    "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId3'))]",
-    "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId3'))))]",
-    "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId3'),'-', variables('analyticRuleVersion3'))))]",
-    "analyticRuleVersion4": "1.0.3",
-    "analyticRulecontentId4": "5b72f527-e3f6-4a00-9908-8e4fee14da9f",
-    "_analyticRulecontentId4": "[variables('analyticRulecontentId4')]",
-    "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId4'))]",
-    "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId4'))))]",
-    "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId4'),'-', variables('analyticRuleVersion4'))))]",
     "huntingQueryVersion1": "1.0.0",
     "huntingQuerycontentId1": "0a57accf-3548-4e38-a861-99687c958f59",
     "_huntingQuerycontentId1": "[variables('huntingQuerycontentId1')]",
@@ -191,6 +73,115 @@
     "huntingQueryId2": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId2'))]",
     "huntingQueryTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId2'))))]",
     "_huntingQuerycontentProductId2": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId2'),'-', variables('huntingQueryVersion2'))))]",
+    "workbookVersion1": "1.2.0",
+    "workbookContentId1": "PaloAltoOverviewWorkbook",
+    "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
+    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
+    "_workbookContentId1": "[variables('workbookContentId1')]",
+    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
+    "workbookVersion2": "1.1.0",
+    "workbookContentId2": "PaloAltoNetworkThreatWorkbook",
+    "workbookId2": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId2'))]",
+    "workbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId2'))))]",
+    "_workbookContentId2": "[variables('workbookContentId2')]",
+    "_workbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId2'),'-', variables('workbookVersion2'))))]",
+    "analyticRuleVersion1": "1.0.0",
+    "analyticRulecontentId1": "89a86f70-615f-4a79-9621-6f68c50f365f",
+    "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
+    "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
+    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]",
+    "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]",
+    "analyticRuleVersion2": "1.3.1",
+    "analyticRulecontentId2": "2be4ef67-a93f-4d8a-981a-88158cb73abd",
+    "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]",
+    "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]",
+    "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2'))))]",
+    "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId2'),'-', variables('analyticRuleVersion2'))))]",
+    "analyticRuleVersion3": "1.0.2",
+    "analyticRulecontentId3": "f0be259a-34ac-4946-aa15-ca2b115d5feb",
+    "_analyticRulecontentId3": "[variables('analyticRulecontentId3')]",
+    "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId3'))]",
+    "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId3'))))]",
+    "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId3'),'-', variables('analyticRuleVersion3'))))]",
+    "analyticRuleVersion4": "1.0.2",
+    "analyticRulecontentId4": "5b72f527-e3f6-4a00-9908-8e4fee14da9f",
+    "_analyticRulecontentId4": "[variables('analyticRulecontentId4')]",
+    "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId4'))]",
+    "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId4'))))]",
+    "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId4'),'-', variables('analyticRuleVersion4'))))]",
+    "PaloAlto_PAN-OS_Rest_API_CustomConnector": "PaloAlto_PAN-OS_Rest_API_CustomConnector",
+    "_PaloAlto_PAN-OS_Rest_API_CustomConnector": "[variables('PaloAlto_PAN-OS_Rest_API_CustomConnector')]",
+    "TemplateEmptyArray": "[json('[]')]",
+    "playbookVersion1": "1.0",
+    "playbookContentId1": "PaloAlto_PAN-OS_Rest_API_CustomConnector",
+    "_playbookContentId1": "[variables('playbookContentId1')]",
+    "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-lc-',uniquestring(variables('_playbookContentId1'))))]",
+    "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','lc','-', uniqueString(concat(variables('_solutionId'),'-','LogicAppsCustomConnector','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]",
+    "PaloAlto_PAN-OS_XML_API_CustomConnector": "PaloAlto_PAN-OS_XML_API_CustomConnector",
+    "_PaloAlto_PAN-OS_XML_API_CustomConnector": "[variables('PaloAlto_PAN-OS_XML_API_CustomConnector')]",
+    "playbookVersion2": "1.0",
+    "playbookContentId2": "PaloAlto_PAN-OS_XML_API_CustomConnector",
+    "_playbookContentId2": "[variables('playbookContentId2')]",
+    "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-lc-',uniquestring(variables('_playbookContentId2'))))]",
+    "_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','lc','-', uniqueString(concat(variables('_solutionId'),'-','LogicAppsCustomConnector','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]",
+    "PaloAlto-PAN-OS-GetSystemInfo": "PaloAlto-PAN-OS-GetSystemInfo",
+    "_PaloAlto-PAN-OS-GetSystemInfo": "[variables('PaloAlto-PAN-OS-GetSystemInfo')]",
+    "playbookVersion3": "1.0",
+    "playbookContentId3": "PaloAlto-PAN-OS-GetSystemInfo",
+    "_playbookContentId3": "[variables('playbookContentId3')]",
+    "playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]",
+    "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]",
+    "_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]",
+    "blanks": "[replace('b', 'b', '')]",
+    "PaloAlto-PAN-OS-GetThreatPCAP": "PaloAlto-PAN-OS-GetThreatPCAP",
+    "_PaloAlto-PAN-OS-GetThreatPCAP": "[variables('PaloAlto-PAN-OS-GetThreatPCAP')]",
+    "playbookVersion4": "1.0",
+    "playbookContentId4": "PaloAlto-PAN-OS-GetThreatPCAP",
+    "_playbookContentId4": "[variables('playbookContentId4')]",
+    "playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]",
+    "playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))))]",
+    "_playbookcontentProductId4": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId4'),'-', variables('playbookVersion4'))))]",
+    "PaloAlto-PAN-OS-GetURLCategoryInfo": "PaloAlto-PAN-OS-GetURLCategoryInfo",
+    "_PaloAlto-PAN-OS-GetURLCategoryInfo": "[variables('PaloAlto-PAN-OS-GetURLCategoryInfo')]",
+    "playbookVersion5": "1.0",
+    "playbookContentId5": "PaloAlto-PAN-OS-GetURLCategoryInfo",
+    "_playbookContentId5": "[variables('playbookContentId5')]",
+    "playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]",
+    "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))))]",
+    "_playbookcontentProductId5": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId5'),'-', variables('playbookVersion5'))))]",
+    "PaloAlto-PAN-OS-BlockIP": "PaloAlto-PAN-OS-BlockIP",
+    "_PaloAlto-PAN-OS-BlockIP": "[variables('PaloAlto-PAN-OS-BlockIP')]",
+    "playbookVersion6": "1.0",
+    "playbookContentId6": "PaloAlto-PAN-OS-BlockIP",
+    "_playbookContentId6": "[variables('playbookContentId6')]",
+    "playbookId6": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId6'))]",
+    "playbookTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId6'))))]",
+    "_playbookcontentProductId6": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId6'),'-', variables('playbookVersion6'))))]",
+    "PaloAlto-PAN-OS-BlockURL": "PaloAlto-PAN-OS-BlockURL",
+    "_PaloAlto-PAN-OS-BlockURL": "[variables('PaloAlto-PAN-OS-BlockURL')]",
+    "playbookVersion7": "1.0",
+    "playbookContentId7": "PaloAlto-PAN-OS-BlockURL",
+    "_playbookContentId7": "[variables('playbookContentId7')]",
+    "playbookId7": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId7'))]",
+    "playbookTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId7'))))]",
+    "_playbookcontentProductId7": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId7'),'-', variables('playbookVersion7'))))]",
+    "PaloAlto-PAN-OS-BlockURL-EntityTrigger": "PaloAlto-PAN-OS-BlockURL-EntityTrigger",
+    "_PaloAlto-PAN-OS-BlockURL-EntityTrigger": "[variables('PaloAlto-PAN-OS-BlockURL-EntityTrigger')]",
+    "playbookVersion8": "1.0",
+    "playbookContentId8": "PaloAlto-PAN-OS-BlockURL-EntityTrigger",
+    "_playbookContentId8": "[variables('playbookContentId8')]",
+    "playbookId8": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId8'))]",
+    "playbookTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId8'))))]",
+    "_playbookcontentProductId8": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId8'),'-', variables('playbookVersion8'))))]",
+    "PaloAlto-PAN-OS-BlockIP-EntityTrigger": "PaloAlto-PAN-OS-BlockIP-EntityTrigger",
+    "_PaloAlto-PAN-OS-BlockIP-EntityTrigger": "[variables('PaloAlto-PAN-OS-BlockIP-EntityTrigger')]",
+    "playbookVersion9": "1.0",
+    "playbookContentId9": "PaloAlto-PAN-OS-BlockIP-EntityTrigger",
+    "_playbookContentId9": "[variables('playbookContentId9')]",
+    "playbookId9": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId9'))]",
+    "playbookTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId9'))))]",
+    "_playbookcontentProductId9": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId9'),'-', variables('playbookVersion9'))))]",
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
@@ -219,7 +210,7 @@
               "properties": {
                 "connectorUiConfig": {
                   "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] Palo Alto Networks (Firewall) via Legacy Agent",
+                  "title": "Palo Alto Networks (Firewall)",
                   "publisher": "Palo Alto Networks",
                   "descriptionMarkdown": "The Palo Alto Networks firewall connector allows you to easily connect your Palo Alto Networks logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.",
                   "graphQueries": [
@@ -388,7 +379,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('_dataConnectorContentId1')]",
         "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Palo Alto Networks (Firewall) via Legacy Agent",
+        "displayName": "Palo Alto Networks (Firewall)",
         "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
         "id": "[variables('_dataConnectorcontentProductId1')]",
         "version": "[variables('dataConnectorVersion1')]"
@@ -432,7 +423,7 @@
       "kind": "GenericUI",
       "properties": {
         "connectorUiConfig": {
-          "title": "[Deprecated] Palo Alto Networks (Firewall) via Legacy Agent",
+          "title": "Palo Alto Networks (Firewall)",
           "publisher": "Palo Alto Networks",
           "descriptionMarkdown": "The Palo Alto Networks firewall connector allows you to easily connect your Palo Alto Networks logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.",
           "graphQueries": [
@@ -554,167 +545,52 @@
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName2')]",
+      "name": "[variables('huntingQueryTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PaloAlto-PAN-OS data connector with template version 3.0.0",
+        "description": "PaloAlto-HighRiskPorts_HuntingQueries Hunting Query with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion2')]",
+          "contentVersion": "[variables('huntingQueryVersion1')]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "PaloAlto-PAN-OS_Hunting_Query_1",
               "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
               "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId2')]",
-                  "title": "[Recommended] Palo Alto Networks (Firewall) via AMA",
-                  "publisher": "Palo Alto Networks",
-                  "descriptionMarkdown": "The Palo Alto Networks firewall connector allows you to easily connect your Palo Alto Networks logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "Palo Alto Networks",
-                      "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Palo Alto Networks'\n |where DeviceProduct has 'PAN-OS'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "All logs",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Palo Alto Networks\"\n| where DeviceProduct has \"PAN-OS\"\n\n            | sort by TimeGenerated"
-                    },
-                    {
-                      "description": "THREAT activity",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Palo Alto Networks\"\n| where DeviceProduct has \"PAN-OS\"\n\n            | where Activity == \"THREAT\"\n            | sort by TimeGenerated"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "CommonSecurityLog\n |where DeviceVendor =~ 'Palo Alto Networks'\n |where DeviceProduct has 'PAN-OS'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (PaloAlto)",
-                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Palo Alto Networks'\n |where DeviceProduct has 'PAN-OS'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
+                "eTag": "*",
+                "displayName": "Palo Alto - high-risk ports",
+                "category": "Hunting Queries",
+                "query": "\nlet HighRiskPorts = datatable (Port:int, Protocol:string, RiskType:string, RiskDescription:string)[\n13,\"udp\",\"3rd Party Attacks\",\"Daytime protocol used in reflection/amplification attacks\",\n17,\"udp\",\"3rd Party Attacks\",\"QOTD protocol, reflection/amplification attacks\",\n19,\"udp\",\"3rd Party Attacks\",\"Chargen protocol, reflection/amplification attacks\",\n20,\"tcp\",\"Unencrypted\",\"Unencrypted FTP Traffic\",\n21,\"tcp\",\"Unencrypted\",\"Unencrypted FTP Traffic\",\n22,\"tcp\",\"Management\",\"SSH, brute force attacks common\",\n23,\"tcp\",\"Management\",\"Telnet, allows unauthenticated and/or unencrypted\",\n53,\"udp\",\"3rd Party Attacks\",\"DNS, reflection/amplification attacks\",\n69,\"udp\",\"Management\",\"TFTP, allows unauthenticated and/or unencrypted\",\n111,\"udp\",\"Management\",\"RPC, unencrypted authentication allowed\",\n111,\"tcp\",\"Management\",\"RPC, unencrypted authentication allowed\",\n119,\"tcp\",\"Unsecure\",\"NNTP, unencrypted authentication\",\n123,\"udp\",\"3rd Party Attacks\",\"Network Time Protocol, reflection/amplification attacks\",\n135,\"tcp\",\"Management\",\"End Point Mapper, multiple remote management srvcs\",\n135,\"udp\",\"Management\",\"End Point Mapper, multiple remote management srvcs\",\n137,\"tcp\",\"Hacker Recon\",\"Netbios Name Service\",\n137,\"udp\",\"Hacker Recon\",\"Netbios Name Service\",\n138,\"tcp\",\"Hacker Recon\",\"Netbios Datagram Service\",\n138,\"udp\",\"Hacker Recon\",\"Netbios Datagram Service\",\n139,\"tcp\",\"Hacker Recon\",\"Netbios Session Service\",\n161,\"tcp\",\"Unsecure/3rd Party Attacks\",\"SNMP, unsecure / no authentication UDP Reflection attacks\",\n161,\"udp\",\"Unsecure/3rd Party Attacks\",\"SNMP, unsecure / no authentication UDP Reflection attacks\",\n162,\"tcp\",\"Unsecure\",\"SNMP Trap, unsecure / no authentication\",\n162,\"udp\",\"Unsecure\",\"SNMP Trap, unsecure / no authentication\",\n389,\"tcp\",\"Hacker Recon/3rd Party Attacks\",\"LDAP/CLDAP\",\n389,\"udp\",\"Hacker Recon/3rd Party Attacks\",\"LDAP/CLDAP\",\n443,\"udp\",\"3rd Party Attacks\",\"UDP Reflection / Amplification attacks\",\n445,\"tcp\",\"Unsecure\",\"SMB - well known attack vector\",\n512,\"tcp\",\"Management\",\"Rexec on Linux, remote commands w/o encrypt auth\",\n514,\"tcp\",\"Management\",\"Remote Shell, remote commands w/o auth or encrypt\",\n593,\"tcp\",\"Management\",\"HTTP RPC EPMAP, unencrypted remote procedure call\",\n593,\"udp\",\"Management\",\"HTTP RPC EPMAP, unencrypted remote procedure call\",\n636,\"tcp\",\"Hacker Recon\",\"Lightweight Directory Access Protocol\",\n873,\"tcp\",\"Management\",\"Rsync, unencrypted file transfer\",\n1433,\"tcp\",\"Data Access/Mgmt\",\"MS SQL Management & Data Access\",\n1434,\"udp\",\"Data Access/Mgmt\",\"MS SQL Monitor Port\",\n1900,\"udp\",\"Hacker Recon/3rd Party Attacks\",\"Simple Service Discovery Protocol, unencrypted\",\n2049,\"tcp\",\"Unsecure\",\"Network File System\",\n2049,\"udp\",\"Unsecure\",\"Network File System\",\n2301,\"tcp\",\"Hacker Recon\",\"Compaq Management Service, no recent incidents\",\n2381,\"tcp\",\"Management\",\"Compaq Management Service, no recent incidents\",\n3268,\"tcp\",\"Hacker Recon\",\"Microsoft Global Catalog LDAP\",\n3306,\"tcp\",\"Data Access/Mgmt\",\"MySQL Database Management Port\",\n3389,\"tcp\",\"Management/3rd Party Attacks\",\"RDP, Common brute force attack port\",\n3389,\"udp\",\"Management/3rd Party Attacks\",\"RDP, Common brute force attack port\",\n4333,\"tcp\",\"Data Access/Mgmt\",\"MSql\",\n5353,\"udp\",\"3rd Party Attacks\",\"mDNS\",\n5432,\"tcp\",\"Data Access/Mgmt\",\"PostgresSQL Database Management\",\n5800,\"tcp\",\"Management\",\"VNC Remote Frame Buffer over HTTP\",\n5900,\"tcp\",\"Management\",\"VNC Remote Frame Buffer over HTTP\",\n5985,\"tcp\",\"Management\",\"Windows Powershell\",\n5986,\"tcp\",\"Management\",\"Windows Powershell\",\n6379,\"tcp\",\"Data Access/Mgmt\",\"Redis\",\n7000,\"tcp\",\"Data Access/Mgmt\",\"Cassandra\",\n7001,\"tcp\",\"Data Access/Mgmt\",\"Cassandra\",\n7199,\"tcp\",\"Data Access/Mgmt\",\"Cassandra\",\n9042,\"tcp\",\"Data Access/Mgmt\",\"Cassandra\",\n9160,\"tcp\",\"Data Access/Mgmt\",\"Cassandra\",\n9200,\"tcp\",\"Data Access/Mgmt\",\"Elastic Search\",\n9300,\"tcp\",\"Data Access/Mgmt\",\"Elastic Search\",\n9987,\"udp\",\"3rd Party Attack\",\"DSM/SCM Target Interface\",\n11211,\"udp\",\"Unencrypted\",\"Memcached\",\n16379,\"tcp\",\"Data Access/Mgmt\",\"Redis\",\n26379,\"tcp\",\"Data Access/Mgmt\",\"Redis\",\n27017,\"tcp\",\"Data Access/Mgmt\",\"MongoDB\",\n];\nHighRiskPorts\n| join kind=inner (\n  CommonSecurityLog\n  | where DeviceVendor == \"Palo Alto Networks\" and Activity == \"TRAFFIC\" and DeviceAction != \"deny\"\n  | where SentBytes > 0 and ReceivedBytes > 0\n  //Remove private IP communation from DestinationIP\n  | extend result = ipv4_is_private(DestinationIP) \n  | where result == 0\n  | summarize\n      Count = count(),\n      StartTime = min(TimeGenerated),\n      EndTime = max(TimeGenerated)\n      by \n      DeviceName,\n      SourceIP,\n      DestinationIP,\n      DestinationPort,\n      Protocol\n) on $left.Port == $right.DestinationPort and $left.Protocol == $right.Protocol\n| project-away Protocol1, Port\n| order by DeviceName asc, SourceIP asc, DestinationIP asc, DestinationPort asc\n| extend timestamp = StartTime, IPCustomEntity = SourceIP\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Identifies network connections whose ports are frequent targets of attacks and should not cross network boundaries or reach untrusted public networks.\nConsider updating the firewall policies to block the connections."
                   },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ],
-                    "customs": [
-                      {
-                        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-                      },
-                      {
-                        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "1. Kindly follow the steps to configure the data connector",
-                            "instructionSteps": [
-                              {
-                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
-                               
-                              },
-                              {
-                                "title": "Step B. Forward Palo Alto Networks logs to Syslog agent",
-                                "description": "Configure Palo Alto Networks to forward Syslog messages in CEF format to your Microsoft Sentinel workspace via the Syslog agent.\n\nGo to [configure Palo Alto Networks NGFW for sending CEF events.](https://aka.ms/sentinel-paloaltonetworks-readme)\n\nGo to [Palo Alto CEF Configuration](https://aka.ms/asi-syslog-paloalto-forwarding)  and Palo Alto [Configure Syslog Monitoring](https://aka.ms/asi-syslog-paloalto-configure)  steps 2, 3, choose your version, and follow the instructions using the following guidelines:\n\n1.  Set the Syslog server format to  **BSD**.\n\n2.  The copy/paste operations from the PDF might change the text and insert random characters. To avoid this, copy the text to an editor and remove any characters that might break the log format before pasting it.\n\n[Learn more >](https://aka.ms/CEFPaloAlto)"
-                                
-                              },
-                              {
-                                "title": "Step C. Validate connection",
-                                "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "label": "Run the following command to validate your connectivity:",
-                                      "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                                    },
-                                    "type": "CopyableLabel"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ]
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "2. Secure your machine "
-                    }
-                  ],
-                  "metadata": {
-                    "id": "ef80260c-3aec-43bc-a1e5-c2f2372c9adc",
-                    "version": "1.0.0",
-                    "kind": "dataConnector",
-                    "source": {
-                      "kind": "community"
-                    },
-                    "author": {
-                      "name": "Palo Alto Networks"
-                    },
-                    "support": {
-                      "name": "Palo Alto Networks",
-                      "link": "https://www.paloaltonetworks.com/company/contact-support",
-                      "tier": "developer"
-                    }
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess,Discovery"
                   }
-                }
+                ]
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId1'),'/'))))]",
               "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-                "contentId": "[variables('_dataConnectorContentId2')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion2')]",
+                "description": "PaloAlto-PAN-OS Hunting Query 1",
+                "parentId": "[variables('huntingQueryId1')]",
+                "contentId": "[variables('_huntingQuerycontentId1')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion1')]",
                 "source": {
                   "kind": "Solution",
                   "name": "PaloAlto-PAN-OS",
@@ -739,165 +615,758 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Recommended] Palo Alto Networks (Firewall) via AMA",
-        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
-        "id": "[variables('_dataConnectorcontentProductId2')]",
-        "version": "[variables('dataConnectorVersion2')]"
+        "contentId": "[variables('_huntingQuerycontentId1')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Palo Alto - high-risk ports",
+        "contentProductId": "[variables('_huntingQuerycontentProductId1')]",
+        "id": "[variables('_huntingQuerycontentProductId1')]",
+        "version": "[variables('huntingQueryVersion1')]"
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId2')]"
-      ],
+      "name": "[variables('huntingQueryTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
       "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion2')]",
-        "source": {
-          "kind": "Solution",
-          "name": "PaloAlto-PAN-OS",
-          "sourceId": "[variables('_solutionId')]"
+        "description": "Palo Alto - potential beaconing detected_HuntingQueries Hunting Query with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "PaloAlto-PAN-OS_Hunting_Query_2",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Palo Alto - potential beaconing detected",
+                "category": "Hunting Queries",
+                "query": "let starttime = 2d;\nlet endtime = 1d;\nlet TimeDeltaThreshold = 25;\nlet TotalEventsThreshold = 30;\nlet MostFrequentTimeDeltaThreshold = 25;\nlet PercentBeaconThreshold = 80;\nCommonSecurityLog\n| where DeviceVendor == \"Palo Alto Networks\" and Activity == \"TRAFFIC\"\n| where TimeGenerated between (startofday(ago(starttime))..startofday(ago(endtime)))\n| where ipv4_is_private(DestinationIP)== false\n| project TimeGenerated, DeviceName, SourceUserID, SourceIP, SourcePort, DestinationIP, DestinationPort, ReceivedBytes, SentBytes\n| sort by SourceIP asc,TimeGenerated asc, DestinationIP asc, DestinationPort asc\n| serialize\n| extend nextTimeGenerated = next(TimeGenerated, 1), nextSourceIP = next(SourceIP, 1)\n| extend TimeDeltainSeconds = datetime_diff('second',nextTimeGenerated,TimeGenerated)\n| where SourceIP == nextSourceIP\n//Whitelisting criteria/ threshold criteria\n| where TimeDeltainSeconds > TimeDeltaThreshold\n| summarize count(), sum(ReceivedBytes), sum(SentBytes)\nby TimeDeltainSeconds, bin(TimeGenerated, 1h), DeviceName, SourceUserID, SourceIP, DestinationIP, DestinationPort\n| summarize (MostFrequentTimeDeltaCount, MostFrequentTimeDeltainSeconds) = arg_max(count_, TimeDeltainSeconds), TotalEvents=sum(count_), TotalSentBytes = sum(sum_SentBytes), TotalReceivedBytes = sum(sum_ReceivedBytes)\nby bin(TimeGenerated, 1h), DeviceName, SourceUserID, SourceIP, DestinationIP, DestinationPort\n| where TotalEvents > TotalEventsThreshold and MostFrequentTimeDeltaCount > MostFrequentTimeDeltaThreshold\n| extend BeaconPercent = MostFrequentTimeDeltaCount/toreal(TotalEvents) * 100\n| where BeaconPercent > PercentBeaconThreshold\n| extend timestamp = TimeGenerated, IPCustomEntity = DestinationIP, AccountCustomEntity = SourceUserID, HostCustomEntity = DeviceName\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Identifies beaconing patterns from PAN traffic logs based on recurrent timedelta patterns.\n Reference Blog:https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/detect-network-beaconing-via-intra-request-time-delta-patterns/ba-p/779586"
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "CommandAndControl"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1071,T1571"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId2'),'/'))))]",
+              "properties": {
+                "description": "PaloAlto-PAN-OS Hunting Query 2",
+                "parentId": "[variables('huntingQueryId2')]",
+                "contentId": "[variables('_huntingQuerycontentId2')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAlto-PAN-OS",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
         },
-        "author": {
-          "name": "Microsoft",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "Microsoft Corporation",
-          "email": "support@microsoft.com",
-          "tier": "Microsoft",
-          "link": "https://support.microsoft.com"
-        }
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId2')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Palo Alto - potential beaconing detected",
+        "contentProductId": "[variables('_huntingQuerycontentProductId2')]",
+        "id": "[variables('_huntingQuerycontentProductId2')]",
+        "version": "[variables('huntingQueryVersion2')]"
       }
     },
     {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('workbookTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
       "properties": {
-        "connectorUiConfig": {
-          "title": "[Recommended] Palo Alto Networks (Firewall) via AMA",
-          "publisher": "Palo Alto Networks",
-          "descriptionMarkdown": "The Palo Alto Networks firewall connector allows you to easily connect your Palo Alto Networks logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.",
-          "graphQueries": [
+        "description": "PaloAltoOverviewWorkbook Workbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('workbookVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
             {
-              "metricName": "Total data received",
-              "legend": "Palo Alto Networks",
-              "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Palo Alto Networks'\n |where DeviceProduct has 'PAN-OS'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (PaloAlto)",
-              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Palo Alto Networks'\n |where DeviceProduct has 'PAN-OS'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "CommonSecurityLog\n |where DeviceVendor =~ 'Palo Alto Networks'\n |where DeviceProduct has 'PAN-OS'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "All logs",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Palo Alto Networks\"\n| where DeviceProduct has \"PAN-OS\"\n\n            | sort by TimeGenerated"
+              "type": "Microsoft.Insights/workbooks",
+              "name": "[variables('workbookContentId1')]",
+              "location": "[parameters('workspace-location')]",
+              "kind": "shared",
+              "apiVersion": "2021-08-01",
+              "metadata": {
+                "description": "Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results."
+              },
+              "properties": {
+                "displayName": "[parameters('workbook1-name')]",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"font-size: 200%;\\\">Palo Alto Networks overview</div>\"},\"name\":\"text - 0\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"query\":\"\",\"parameters\":[{\"id\":\"a5c18655-3e2d-4d12-8ba4-82e57b296581\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":2592000000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true}},{\"id\":\"32f5a8aa-9c54-4fd1-a2b9-8461b2c57f55\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Source_IP\",\"label\":\"Source IP\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"CommonSecurityLog\\r\\n| summarize Count = count()/1000 by SourceIP\\r\\n| where SourceIP != \\\"\\\"\\r\\n| order by Count desc, SourceIP asc\\r\\n| project Value = SourceIP, Label = strcat(SourceIP, \\\" - \\\", Count, \\\"k\\\"), Selected = false\\r\\n\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\"},\"timeContext\":{\"durationMs\":1800000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"b937ca33-bc62-4183-bc0f-9ad8306dc36a\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Destination_IP\",\"label\":\"Destination IP\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"CommonSecurityLog\\r\\n| summarize Count = count()/1000 by DestinationIP\\r\\n| where DestinationIP != \\\"\\\"\\r\\n| order by Count desc, DestinationIP asc\\r\\n| project Value = DestinationIP, Label = strcat(DestinationIP, \\\" - \\\", Count, \\\"k\\\"), Selected = false\",\"value\":[\"value::all\"],\"typeSettings\":{\"limitSelectTo\":10,\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\"},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"query\":\"\",\"parameters\":[{\"id\":\"7f28bae3-a11f-408a-832f-77a0f3e633d7\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"EventClass\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| distinct DeviceEventClassID\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\"},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 35\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP})\\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where \\\"{EventClass:lable}\\\" == \\\"All\\\" or \\\"{EventClass:lable}\\\" == \\\"All\\\" or DeviceEventClassID in ({EventClass});\\r\\ndata\\r\\n| summarize Count = count() by Activity\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by Activity)\\r\\n on Activity\\r\\n| project-away Activity1, TimeGenerated\\r\\n| extend Activitys = Activity\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend Activity = 'All', Activitys = '*' \\r\\n)\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":4,\"exportFieldName\":\"Activity\",\"exportParameterName\":\"activities\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Activities, by volume\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Activity\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Count\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blueDark\",\"showIcon\":true}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"lightBlue\",\"showIcon\":true}},{\"columnMatch\":\"Activitys\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"jkey\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"jkey1\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Activity\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"showIcon\":true}},\"showBorder\":false}},\"name\":\"all activities\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP})\\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where \\\"{EventClass:lable}\\\" == \\\"All\\\" or DeviceEventClassID in ({EventClass})\\r\\n| where '{activities}' == \\\"All\\\" or Activity == '{activities}'\\r\\n| summarize LogVolume=count() by DeviceEventClassID, bin_at(TimeGenerated, {TimeRange:grain}, {TimeRange:start})\",\"size\":0,\"aggregation\":3,\"exportToExcelOptions\":\"visible\",\"title\":\"Event trend, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DeviceEventClassID\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"LogVolume\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"Event trend by time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"//trend by sevearity\\r\\nCommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where \\\"{EventClass:lable}\\\" == \\\"All\\\" or DeviceEventClassID in ({EventClass})\\r\\n| where '{activities}' == \\\"All\\\" or Activity == '{activities}'\\r\\n| summarize count() by bin_at(TimeGenerated, {TimeRange:grain},{TimeRange:start}), LogSeverity\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Events severity, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"LogSeverity\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"LogSeverity\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"count_\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"Events severity over time\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n### Traffic events summary\"},\"name\":\"text - 11\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ \\\"Traffic\\\";\\r\\ndata\\r\\n| summarize Count = count() by DeviceEventClassID\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeviceEventClassID)\\r\\n on DeviceEventClassID\\r\\n| project-away DeviceEventClassID1, TimeGenerated\\r\\n| extend DeviceEventClassIDs = DeviceEventClassID\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend DeviceEventClassID = 'All', DeviceEventClassIDs = '*' \\r\\n)\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":4,\"exportFieldName\":\"DeviceEventClassID\",\"exportParameterName\":\"EventClass\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Device events Id summary - click to filter the graph below\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DeviceEventClassID\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"50\",\"name\":\"Traffic event summary\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ \\\"Traffic\\\";\\r\\ndata\\r\\n| summarize Count = count() by DeviceAction\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeviceAction)\\r\\n on DeviceAction\\r\\n| project-away DeviceAction1, TimeGenerated\\r\\n| extend DeviceAction = DeviceAction\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend DeviceAction = 'All', DeviceActions = '*' \\r\\n)\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":4,\"exportFieldName\":\"DeviceAction\",\"exportParameterName\":\"DeviceAction\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Device action summary - click to filter the graph below\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DeviceAction\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Count\",\"formatter\":3,\"formatOptions\":{\"palette\":\"blueDark\",\"showIcon\":true}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blueDark\",\"showIcon\":true}},{\"columnMatch\":\"jkey\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"jkey1\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"DeviceActions\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DeviceAction\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Traffic activity summary\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'TRAFFIC'\\r\\n| where '{EventClass}' == \\\"All\\\" or DeviceEventClassID=='{EventClass}'\\r\\n| summarize EventCount= count() by DeviceAction, bin_at(TimeGenerated, {TimeRange:grain}, {TimeRange:start})\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Device action, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\"},\"customWidth\":\"50\",\"name\":\"Traffic activity by time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where '{DeviceAction}' == \\\"All\\\" or DeviceAction=='{DeviceAction}'\\r\\n| where Activity =~ \\\"Traffic\\\"\\r\\n| summarize EventCount= count() by DeviceEventClassID, bin_at(TimeGenerated, {TimeRange:grain}, {TimeRange:start})\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Device events Id, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\"},\"customWidth\":\"50\",\"name\":\"Traffic class ID by time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS' \\r\\n| where DeviceVendor =~ 'Palo Alto Networks' \\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'TRAFFIC' \\r\\n| where DeviceEventClassID =~ 'end' \\r\\n| extend Reason = coalesce(\\r\\n                            column_ifexists(\\\"Reason\\\", \\\"\\\"),\\r\\n                            extract(';reason=(.*?);',1,AdditionalExtensions),\\r\\n                            \\\"\\\"\\r\\n                        )\\r\\n| summarize ReasonCount= count() by  Reason, TimeGenerated  \\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Reasons for session ending, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\"},\"customWidth\":\"50\",\"name\":\"Reasons for session ending\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"// Data sent outbound vs inbound\\r\\nCommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'TRAFFIC'\\r\\n| extend Direction=iff(DeviceCustomString4=~'Trust','Outbound' ,'Inbound' )\\r\\n| summarize DataSentOutBoundMB=sumif(SentBytes, Direction=~'Outbound')/1048576,   DataRecievedInboundMB=sumif(ReceivedBytes, Direction=~'Inbound')/1048576 by TimeGenerated\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Sent and received data, by volume\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\"},\"customWidth\":\"50\",\"name\":\"Sent and received data by volume\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Web filter\"},\"name\":\"text - 12\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID  =~ 'url'\\r\\n| where DeviceAction contains 'block'\\r\\n| summarize ProtocolCount=count()  by ApplicationProtocol\\r\\n| top 5 by ProtocolCount desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 blocked URLs, by application protocol\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ProtocolCount\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"purple\",\"showIcon\":true}}]}},\"customWidth\":\"25\",\"name\":\"Top 5 blocked URLs by application protocol\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID  =~ 'url'\\r\\n| where DeviceAction in ('block-url', 'block-continue')\\r\\n| summarize CategoryCount=count() by DeviceCustomString2\\r\\n| project-rename CategoryName= DeviceCustomString2\\r\\n| top 5 by CategoryCount\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 URL blocked, by category\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"CategoryName\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"CategoryCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"25\",\"name\":\"op 5 URL blocked by category\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'url'\\r\\n| where DeviceAction in ('block-url', 'block-continue')\\r\\n| summarize URLCount=count() by RequestURL\\r\\n| top 5 by URLCount desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 blocked URLs\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"25\",\"name\":\"Top 5 blocked URLs\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID  =~ 'url'\\r\\n| summarize ProtocolCount=count() by ApplicationProtocol\\r\\n| top 5 by ProtocolCount desc\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 URLs, by application protocols\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ProtocolCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"25\",\"name\":\"Top 5 URLs by application protocols\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'url'\\r\\n| where DeviceAction in ('alert', 'continue')\\r\\n| summarize URLCount=count() by RequestURL\\r\\n| top 5 by URLCount desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 allowed URLs\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"RequestURL\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"URLCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"25\",\"name\":\"Top 5 allowed URLs\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'url'\\r\\n| summarize ActionCount=count() by DeviceAction\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"URL threat event summary\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DeviceAction\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ActionCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"25\",\"name\":\"URL threat event summary\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'url'\\r\\n| where DeviceAction contains 'block'\\r\\n| extend PAReferer= extract(';PanOSReferer=(.*?);',1,AdditionalExtensions)\\r\\n| where PAReferer !=''\\r\\n| summarize RefererCount= count() by PAReferer\\r\\n| top 5 by RefererCount desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 referrers for blocked URLs\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"25\",\"name\":\"Top 5 referrers for blocked URLs\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID  =~ 'url'\\r\\n| where DeviceAction in ('alert', 'continue')\\r\\n| summarize CategoryCount=count() by DeviceCustomString2\\r\\n| project-rename CategoryName= DeviceCustomString2\\r\\n| top 5 by CategoryCount desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 allowed URLs, by category\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"CategoryName\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"CategoryCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"25\",\"name\":\"Top 5 allowed URLs, by category\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID  =~ 'url'\\r\\n| where DeviceAction !contains 'block'\\r\\n| summarize ProtocolCount=count()  by ApplicationProtocol\\r\\n| top 5 by ProtocolCount desc\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 allowed URLs, by application protocol\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ProtocolCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"33\",\"name\":\"Top 5 allowed URLs by application protocol\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'url'\\r\\n| summarize ActionCount=count() by DeviceAction, TimeGenerated\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Web filter ativity, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DeviceAction\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ActionCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"33\",\"name\":\"Web filter ativity by time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where DeviceEventClassID =~ 'url'\\r\\n| where DeviceAction in ('alert', 'continue')\\r\\n| summarize IPCount=count() by SourceIP\\r\\n| top 5 by IPCount  desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 allowed web traffic source IP addresses\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"SourceIP\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"IPCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"33\",\"name\":\"Top 5 allowed web traffic source IP addresses\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Wildfire\"},\"name\":\"text - 24\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'wildfire'\\r\\n| summarize ActionCount=count() by DeviceAction, TimeGenerated\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Wildfire events, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\"},\"customWidth\":\"50\",\"name\":\"Wildfire events, by time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~'wildfire'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP});\\r\\ndata\\r\\n| summarize Count = count() by DeviceAction\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeviceAction)\\r\\n on DeviceAction\\r\\n| project-away DeviceAction1, TimeGenerated\\r\\n| extend DeviceActions = DeviceAction\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend DeviceAction = 'All', DeviceActions = '*' \\r\\n)\\r\\n| project DeviceAction, Count, Trend\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":4,\"exportFieldName\":\"DeviceAction\",\"exportParameterName\":\"DeviceAction\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 Wildfire activities\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DeviceAction\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Count\",\"formatter\":3,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"grayBlue\",\"showIcon\":true}},{\"columnMatch\":\"DeviceActions\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"jkey\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"jkey1\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}}],\"sortBy\":[{\"itemKey\":\"DeviceAction\",\"sortOrder\":1}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DeviceAction\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"25\",\"name\":\"Top 5 Wildfire activities\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~'wildfire'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP});\\r\\ndata\\r\\n| summarize Count = count() by DeviceCustomString2\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeviceCustomString2)\\r\\n on DeviceCustomString2\\r\\n| project-away DeviceCustomString21, TimeGenerated\\r\\n| extend DeviceCustomString2s = DeviceCustomString2\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend DeviceCustomString2 = 'All', DeviceCustomString2s = '*' \\r\\n)\\r\\n| project DeviceCustomString2, Count, Trend\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":4,\"exportFieldName\":\"DeviceCustomString2\",\"exportParameterName\":\"DeviceString\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 Wildfire verdicts\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DeviceAction\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Count\",\"formatter\":3,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"grayBlue\",\"showIcon\":true}},{\"columnMatch\":\"DeviceActions\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"jkey\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"jkey1\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}}],\"sortBy\":[{\"itemKey\":\"DeviceAction\",\"sortOrder\":1}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DeviceCustomString2\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"25\",\"name\":\"Top 5 Wildfire verdicts\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'wildfire'\\r\\n| where '{DeviceAction}' == \\\"All\\\" or DeviceAction=='{DeviceAction}'\\r\\n| where '{DeviceString}' == \\\"All\\\" or DeviceCustomString2=='{DeviceString}'\\r\\n| project TimeGenerated, ReceiptTime, LogSeverity, DeviceAction, ['URL Category'] =DeviceCustomString2, DestinationPort, DestinationIP, Message, SourcePort, SourceIP, DestinationUserID, RequestURL\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Wildfire events\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"filter\":true}},\"name\":\"Wildfire events\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## General statistics\"},\"name\":\"text - 30\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where DeviceEventClassID  =~ 'file'\\r\\n| where DeviceAction contains 'deny'\\r\\n| summarize ProtocolCount=count()  by ApplicationProtocol\\r\\n| top 5 by ProtocolCount desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 denied files, by application protocol\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ProtocolCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"33\",\"name\":\"Top 5 denied files by application protocol\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where DeviceEventClassID  =~ 'file'\\r\\n| where DeviceAction !contains 'deny'\\r\\n| summarize ProtocolCount=count()  by ApplicationProtocol\\r\\n| top 5 by ProtocolCount desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 allowed files, by application protocol\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ProtocolCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"33\",\"name\":\"Top 5 allowed files by application protocol\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"//Palo Alto File Category By Action Summary\\r\\nCommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS' \\r\\n| where DeviceVendor =~ 'Palo Alto Networks' \\r\\n| where Activity =~ 'THREAT'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where DeviceEventClassID =~ 'file' \\r\\n| extend PACategory= coalesce(\\r\\n                            column_ifexists(\\\"DeviceEventCategory\\\", \\\"\\\"),\\r\\n                            extract(';cat=(.*?)($|;)',1,AdditionalExtensions),\\r\\n                            \\\"\\\"\\r\\n                        )\\r\\n| summarize CategoryCount=count() by PACategory\\r\\n| sort by CategoryCount\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Summary of Palo Alto file categories, by activity\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"PACategory\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"CategoryCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}}]}},\"customWidth\":\"33\",\"name\":\"Summary of Palo Alto file categories by activity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~'file'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP});\\r\\ndata\\r\\n| summarize Count = count() by DeviceAction\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeviceAction)\\r\\n on DeviceAction\\r\\n| project-away DeviceAction1, TimeGenerated\\r\\n| extend DeviceActions = DeviceAction\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend DeviceAction = 'All', DeviceActions = '*' \\r\\n)\\r\\n| project DeviceAction, Count, Trend\\r\\n| order by Count desc\\r\\n| take 10\\r\\n\",\"size\":4,\"exportFieldName\":\"DeviceAction\",\"exportParameterName\":\"SelectedDA\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Summary of file type activities\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DeviceAction\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"25\",\"name\":\"Summary of file type activities\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'file'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where '{SelectedDA}' == \\\"All\\\" or DeviceAction == '{SelectedDA}'\\r\\n| summarize ActionCount=count() by DeviceAction, bin(TimeGenerated, {TimeRange:grain})\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Compare allowed and denied files, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\"},\"name\":\"Compare allowed and denied files by time\"}],\"fromTemplateId\":\"sentinel-PaloAltoOverview\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+                "version": "1.0",
+                "sourceId": "[variables('workspaceResourceId')]",
+                "category": "sentinel"
+              }
             },
             {
-              "description": "THREAT activity",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Palo Alto Networks\"\n| where DeviceProduct has \"PAN-OS\"\n\n            | where Activity == \"THREAT\"\n            | sort by TimeGenerated"
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
+              "properties": {
+                "description": "@{workbookKey=PaloAltoOverviewWorkbook; logoFileName=paloalto_logo.svg; description=Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.2.0; title=Palo Alto overview; templateRelativePath=PaloAltoOverview.json; subtitle=; provider=Microsoft}.description",
+                "parentId": "[variables('workbookId1')]",
+                "contentId": "[variables('_workbookContentId1')]",
+                "kind": "Workbook",
+                "version": "[variables('workbookVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAlto-PAN-OS",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                },
+                "dependencies": {
+                  "operator": "AND",
+                  "criteria": [
+                    {
+                      "contentId": "CommonSecurityLog",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "PaloAltoNetworks",
+                      "kind": "DataConnector"
+                    }
+                  ]
+                }
+              }
             }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ],
-            "customs": [
-              {
-                "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-              },
-              {
-                "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-              }
-            ]
-          },
-          "instructionSteps": [
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId1')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook1-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId1')]",
+        "id": "[variables('_workbookcontentProductId1')]",
+        "version": "[variables('workbookVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('workbookTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoNetworkThreatWorkbook Workbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('workbookVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
             {
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "1. Kindly follow the steps to configure the data connector",
-                    "instructionSteps": [
+              "type": "Microsoft.Insights/workbooks",
+              "name": "[variables('workbookContentId2')]",
+              "location": "[parameters('workspace-location')]",
+              "kind": "shared",
+              "apiVersion": "2021-08-01",
+              "metadata": {
+                "description": "Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events."
+              },
+              "properties": {
+                "displayName": "[parameters('workbook2-name')]",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Palo Alto network threat\\n\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"query\":\"\",\"parameters\":[{\"id\":\"d0ccb5c6-8a07-4b7e-9abf-38fa4dcc0baf\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":43200000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT' and DeviceEventClassID != 'url' and DeviceEventClassID != 'file';\\r\\ndata\\r\\n| summarize Count = count() by DeviceEventClassID\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeviceEventClassID)\\r\\n on DeviceEventClassID\\r\\n| project-away DeviceEventClassID1, TimeGenerated\\r\\n| extend DeviceEventClassIDs = DeviceEventClassID\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend DeviceEventClassID = 'All', DeviceEventClassIDs = '*' \\r\\n)\\r\\n| project DeviceEventClassID, Count, Trend\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":3,\"exportFieldName\":\"DeviceEventClassID\",\"exportParameterName\":\"SelectedSubtype\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Threats, by subtypes\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DeviceEventClassID\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blueDark\",\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Threats by subtypes\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~'wildfire';\\r\\ndata\\r\\n| summarize Count = count() by DeviceCustomString2\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeviceCustomString2)\\r\\n on DeviceCustomString2\\r\\n| project-away DeviceCustomString21, TimeGenerated\\r\\n| extend DeviceCustomString2s = DeviceCustomString2\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend DeviceCustomString2 = 'All', DeviceCustomString2s = '*' \\r\\n)\\r\\n| project DeviceCustomString2, Count, Trend\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":3,\"exportFieldName\":\"DeviceCustomString2\",\"exportParameterName\":\"SelectedWildfire\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"WildFire verdicts\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DeviceCustomString2\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blueDark\",\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"WildFire verdicts\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT' and LogSeverity != 'url' and LogSeverity != 'file';\\r\\ndata\\r\\n| summarize Count = count() by LogSeverity\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by LogSeverity)\\r\\n on LogSeverity\\r\\n| project-away LogSeverity1, TimeGenerated\\r\\n| extend LogSeveritys = LogSeverity\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend LogSeverity = 'All', LogSeveritys = '*' \\r\\n)\\r\\n| project LogSeverity, Count, Trend\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":3,\"exportFieldName\":\"LogSeverity\",\"exportParameterName\":\"SelectedSeverity\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Threats severity\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Count\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"lightBlue\",\"showIcon\":true}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"LogSeverity\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blueDark\",\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Threats severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT' and DeviceEventClassID != 'url' and DeviceEventClassID != 'file'\\r\\n| where '{SelectedSubtype}' == \\\"All\\\" or '{SelectedSubtype}'==DeviceEventClassID\\r\\n| where '{SelectedWildfire}' == \\\"All\\\" or '{SelectedWildfire}'==DeviceCustomString2\\r\\n| where '{SelectedSeverity}' == \\\"All\\\" or '{SelectedSeverity}'==LogSeverity\\r\\n| summarize count() by bin(TimeGenerated, 1h), DeviceEventClassID\\r\\n| render timechart\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Threat subtypes over time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"37.5\",\"name\":\"Threat subtypes over time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT' and DeviceEventClassID != 'url' and DeviceEventClassID != 'file'\\r\\n| where '{SelectedSubtype}' == \\\"All\\\" or '{SelectedSubtype}'==DeviceEventClassID\\r\\n| where '{SelectedWildfire}' == \\\"All\\\" or '{SelectedWildfire}'==DeviceCustomString2\\r\\n| where '{SelectedSeverity}' == \\\"All\\\" or '{SelectedSeverity}'==LogSeverity\\r\\n| summarize count() by bin(TimeGenerated, 1h), LogSeverity\\r\\n| render timechart\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Threat severity over time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"37.5\",\"name\":\"Threat severity over time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT' and DeviceEventClassID != 'url' and DeviceEventClassID != 'file'\\r\\n| where '{SelectedSubtype}' == \\\"All\\\" or '{SelectedSubtype}'==DeviceEventClassID\\r\\n| where '{SelectedWildfire}' == \\\"All\\\" or '{SelectedWildfire}'==DeviceCustomString2\\r\\n| where '{SelectedSeverity}' == \\\"All\\\" or '{SelectedSeverity}'==LogSeverity;\\r\\ndata\\r\\n| summarize Count = count() by ApplicationProtocol\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ApplicationProtocol)\\r\\n on ApplicationProtocol\\r\\n| project-away ApplicationProtocol1, TimeGenerated\\r\\n| extend ApplicationProtocols = ApplicationProtocol\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend ApplicationProtocol = 'All', ApplicationProtocols = '*' \\r\\n)\\r\\n| project ApplicationProtocol, Count, Trend\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Threats, by application\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"showIcon\":true}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blueDark\",\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"25\",\"name\":\"Threats by application\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where '{SelectedSubtype}' == \\\"All\\\" or '{SelectedSubtype}'==DeviceEventClassID\\r\\n| where '{SelectedWildfire}' == \\\"All\\\" or '{SelectedWildfire}'==DeviceCustomString2\\r\\n| where '{SelectedSeverity}' == \\\"All\\\" or '{SelectedSeverity}'==LogSeverity\\r\\n| project TimeGenerated, ReceiptTime, LogSeverity, DeviceAction, ['URL Category'] =DeviceCustomString2, DestinationPort, DestinationIP, Message, SourcePort, SourceIP, DestinationUserID, RequestURL\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Threat events\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"filter\":true}},\"name\":\"All Threat Events\"},{\"type\":1,\"content\":{\"json\":\"---\"},\"name\":\"text - 11\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where DeviceEventClassID =~ 'vulnerability' \\r\\n| extend ThreatId = coalesce(\\r\\n                            column_ifexists(\\\"DeviceEventCategory\\\", \\\"\\\"),\\r\\n                            extract('cat=([^;]+)',1,AdditionalExtensions),\\r\\n                            \\\"\\\"\\r\\n                        )\\r\\n| summarize Amount=count() by ThreatId, LogSeverity\\r\\n| top 20 by Amount\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top vulnerability events\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatId\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"LogSeverity\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Amount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}],\"filter\":true}},\"customWidth\":\"50\",\"name\":\"Top vulnerability events\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| search DeviceEventClassID:'*virus*'\\r\\n| summarize Amount=count() by RequestURL, DeviceEventClassID, DestinationIP, SourceIP, ApplicationProtocol\\r\\n| top 20 by Amount\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Virus and malware events\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"RequestURL\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"DeviceEventClassID\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"DestinationIP\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"SourceIP\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Amount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}},{\"columnMatch\":\"SourceUserID\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}],\"filter\":true}},\"customWidth\":\"50\",\"name\":\"Virus and malware events\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n//| where DeviceEventClassID =~ 'correlation' \\r\\n| extend ThreatId = coalesce(\\r\\n                            column_ifexists(\\\"DeviceEventCategory\\\", \\\"\\\"),\\r\\n                            extract('cat=([^;]+)',1,AdditionalExtensions),\\r\\n                            \\\"\\\"\\r\\n                        )\\r\\n| extend ThreatCategory = extract('PanOSThreatCategory=([^;]+)',1, AdditionalExtensions)\\r\\n| summarize Amount=count() by ThreatId, ThreatCategory, LogSeverity\\r\\n| top 20 by Amount\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top correlation events\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatId\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ThreatCategory\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"LogSeverity\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Amount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"name\":\"Top correlation events\"}],\"fromTemplateId\":\"sentinel-PaloAltoNetworkThreat\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+                "version": "1.0",
+                "sourceId": "[variables('workspaceResourceId')]",
+                "category": "sentinel"
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId2'),'/'))))]",
+              "properties": {
+                "description": "@{workbookKey=PaloAltoNetworkThreatWorkbook; logoFileName=paloalto_logo.svg; description=Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.1.0; title=Palo Alto Network Threat; templateRelativePath=PaloAltoNetworkThreat.json; subtitle=; provider=Palo Alto Networks}.description",
+                "parentId": "[variables('workbookId2')]",
+                "contentId": "[variables('_workbookContentId2')]",
+                "kind": "Workbook",
+                "version": "[variables('workbookVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAlto-PAN-OS",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                },
+                "dependencies": {
+                  "operator": "AND",
+                  "criteria": [
+                    {
+                      "contentId": "CommonSecurityLog",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "PaloAltoNetworks",
+                      "kind": "DataConnector"
+                    }
+                  ]
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId2')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook2-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId2')]",
+        "id": "[variables('_workbookcontentProductId2')]",
+        "version": "[variables('workbookVersion2')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAlto-UnusualThreatSignatures_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId1')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Identifies Palo Alto Threat signatures from unusual IP addresses which are not historically seen. \nThis detection is also leveraged and required for MDE and PAN Fusion scenario\nhttps://docs.microsoft.com/Azure/sentinel/fusion-scenario-reference#network-request-to-tor-anonymization-service-followed-by-anomalous-traffic-flagged-by-palo-alto-networks-firewall",
+                "displayName": "Palo Alto Threat signatures from Unusual IP addresses",
+                "enabled": false,
+                "query": "let starttime = 7d;\nlet endtime = 1d;\nlet timeframe = 1h;\nlet HistThreshold = 25; \nlet CurrThreshold = 10; \nlet HistoricalThreats = CommonSecurityLog\n| where isnotempty(SourceIP)\n| where TimeGenerated between (startofday(ago(starttime))..startofday(ago(endtime)))\n| where DeviceVendor =~ \"Palo Alto Networks\"\n| where Activity =~ \"THREAT\" and SimplifiedDeviceAction =~ \"alert\" \n| where DeviceEventClassID in ('spyware', 'scan', 'file', 'vulnerability', 'flood', 'packet', 'virus','wildfire', 'wildfire-virus')\n| summarize TotalEvents = count(), ThreatTypes = make_set(DeviceEventClassID), DestinationIpList = make_set(DestinationIP), FirstSeen = min(TimeGenerated) , LastSeen = max(TimeGenerated) by SourceIP, DeviceAction, DeviceVendor;\nlet CurrentHourThreats =  CommonSecurityLog\n| where isnotempty(SourceIP)\n| where TimeGenerated > ago(timeframe)\n| where DeviceVendor =~ \"Palo Alto Networks\"\n| where Activity =~ \"THREAT\" and SimplifiedDeviceAction =~ \"alert\" \n| where DeviceEventClassID in ('spyware', 'scan', 'file', 'vulnerability', 'flood', 'packet', 'virus','wildfire', 'wildfire-virus')\n| summarize TotalEvents = count(), ThreatTypes = make_set(DeviceEventClassID), DestinationIpList = make_set(DestinationIP), FirstSeen = min(TimeGenerated) , LastSeen = max(TimeGenerated) by SourceIP, DeviceAction, DeviceProduct, DeviceVendor;\nCurrentHourThreats \n| where TotalEvents < CurrThreshold\n| join kind = leftanti (HistoricalThreats \n| where TotalEvents > HistThreshold) on SourceIP\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P7D",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "CommonSecurityLog"
+                    ],
+                    "connectorId": "PaloAltoNetworks"
+                  }
+                ],
+                "tactics": [
+                  "Discovery",
+                  "Exfiltration",
+                  "CommandAndControl"
+                ],
+                "techniques": [
+                  "T1046",
+                  "T1030",
+                  "T1071"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
                       {
-                        "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
-                       
-                      },
-                      {
-                        "title": "Step B. Forward Palo Alto Networks logs to Syslog agent",
-                        "description": "Configure Palo Alto Networks to forward Syslog messages in CEF format to your Microsoft Sentinel workspace via the Syslog agent.\n\nGo to [configure Palo Alto Networks NGFW for sending CEF events.](https://aka.ms/sentinel-paloaltonetworks-readme)\n\nGo to [Palo Alto CEF Configuration](https://aka.ms/asi-syslog-paloalto-forwarding)  and Palo Alto [Configure Syslog Monitoring](https://aka.ms/asi-syslog-paloalto-configure)  steps 2, 3, choose your version, and follow the instructions using the following guidelines:\n\n1.  Set the Syslog server format to  **BSD**.\n\n2.  The copy/paste operations from the PDF might change the text and insert random characters. To avoid this, copy the text to an editor and remove any characters that might break the log format before pasting it.\n\n[Learn more >](https://aka.ms/CEFPaloAlto)"
-                        
-                      },
-                      {
-                        "title": "Step C. Validate connection",
-                        "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "label": "Run the following command to validate your connectivity:",
-                              "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                            },
-                            "type": "CopyableLabel"
-                          }
-                        ]
+                        "identifier": "Address",
+                        "columnName": "SourceIP"
                       }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ]
+                    ],
+                    "entityType": "IP"
+                  }
+                ]
+              }
             },
             {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "2. Secure your machine "
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]",
+              "properties": {
+                "description": "PaloAlto-PAN-OS Analytics Rule 1",
+                "parentId": "[variables('analyticRuleId1')]",
+                "contentId": "[variables('_analyticRulecontentId1')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAlto-PAN-OS",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
             }
-          ],
-          "id": "[variables('_uiConfigId2')]"
-        }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId1')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Palo Alto Threat signatures from Unusual IP addresses",
+        "contentProductId": "[variables('_analyticRulecontentProductId1')]",
+        "id": "[variables('_analyticRulecontentProductId1')]",
+        "version": "[variables('analyticRuleVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "FileHashEntity_Covid19_CommonSecurityLog_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId2')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Identifies a match in CommonSecurityLog Event data from any FileHash published in the Microsoft COVID-19 Threat Intel Feed - as described at https://www.microsoft.com/security/blog/2020/05/14/open-sourcing-covid-threat-intelligence/",
+                "displayName": "Microsoft COVID-19 file hash indicator matches",
+                "enabled": false,
+                "query": "let dt_lookBack = 1h;\nlet covidIndicators = (externaldata(TimeGenerated:datetime, FileHashValue:string, FileHashType: string, TlpLevel: string, Product: string, ThreatType: string, Description: string )\n[@\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/Microsoft.Covid19.Indicators.csv\"] with (format=\"csv\"));\nlet fileHashIndicators = covidIndicators\n| where isnotempty(FileHashValue);\n// Handle matches against both lower case and uppercase versions of the hash:\n(fileHashIndicators | extend FileHashValue = tolower(FileHashValue)\n| union (fileHashIndicators | extend FileHashValue = toupper(FileHashValue)))\n// using innerunique to keep perf fast and result set low, we only need one match to indicate potential malicious activity that needs to be investigated\n|  join kind=innerunique (\n   CommonSecurityLog | where TimeGenerated >= ago(dt_lookBack)\n   | where isnotempty(FileHash)\n   | extend CommonSecurityLog_TimeGenerated = TimeGenerated\n   )\non $left.FileHashValue == $right.FileHash\n| summarize CommonSecurityLog_TimeGenerated = arg_max(CommonSecurityLog_TimeGenerated, *) by FileHashValue\n| project CommonSecurityLog_TimeGenerated, FileHashValue, FileHashType, Description, ThreatType,\nSourceIP, SourcePort, DestinationIP, DestinationPort, SourceUserID, SourceUserName, DeviceName, DeviceAction,\nRequestURL, DestinationUserName, DestinationUserID, ApplicationProtocol, Activity\n| extend timestamp = CommonSecurityLog_TimeGenerated, IPCustomEntity = SourceIP, HostCustomEntity = DeviceName, AccountCustomEntity = SourceUserName\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P14D",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "CommonSecurityLog"
+                    ],
+                    "connectorId": "PaloAltoNetworks"
+                  }
+                ],
+                "tactics": [
+                  "Impact"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "AccountCustomEntity"
+                      }
+                    ],
+                    "entityType": "Account"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "HostCustomEntity"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "IPCustomEntity"
+                      }
+                    ],
+                    "entityType": "IP"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Value",
+                        "columnName": "FileHashValue"
+                      },
+                      {
+                        "identifier": "Algorithm",
+                        "columnName": "FileHashType"
+                      }
+                    ],
+                    "entityType": "FileHash"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId2'),'/'))))]",
+              "properties": {
+                "description": "PaloAlto-PAN-OS Analytics Rule 2",
+                "parentId": "[variables('analyticRuleId2')]",
+                "contentId": "[variables('_analyticRulecontentId2')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAlto-PAN-OS",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId2')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Microsoft COVID-19 file hash indicator matches",
+        "contentProductId": "[variables('_analyticRulecontentProductId2')]",
+        "id": "[variables('_analyticRulecontentProductId2')]",
+        "version": "[variables('analyticRuleVersion2')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName3')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAlto-NetworkBeaconing_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion3')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId3')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Identifies beaconing patterns from Palo Alto Network traffic logs based on recurrent timedelta patterns.\nThe query leverages various KQL functions to calculate time deltas and then compares it with total events observed in a day to find percentage of beaconing.\nThis outbound beaconing pattern to untrusted public networks should be investigated for any malware callbacks or data exfiltration attempts.\nReference Blog:\nhttp://www.austintaylor.io/detect/beaconing/intrusion/detection/system/command/control/flare/elastic/stack/2017/06/10/detect-beaconing-with-flare-elasticsearch-and-intrusion-detection-systems/\nhttps://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/detect-network-beaconing-via-intra-request-time-delta-patterns/ba-p/779586",
+                "displayName": "Palo Alto - potential beaconing detected",
+                "enabled": false,
+                "query": "let starttime = 2d;\nlet endtime = 1d;\nlet TimeDeltaThreshold = 25;\nlet TotalEventsThreshold = 30;\nlet MostFrequentTimeDeltaThreshold = 25;\nlet PercentBeaconThreshold = 80;\nCommonSecurityLog\n| where DeviceVendor == \"Palo Alto Networks\" and Activity == \"TRAFFIC\"\n| where TimeGenerated between (startofday(ago(starttime))..startofday(ago(endtime)))\n| where ipv4_is_private(DestinationIP)== false\n| project TimeGenerated, DeviceName, SourceUserID, SourceIP, SourcePort, DestinationIP, DestinationPort, ReceivedBytes, SentBytes\n| sort by SourceIP asc,TimeGenerated asc, DestinationIP asc, DestinationPort asc\n| serialize\n| extend nextTimeGenerated = next(TimeGenerated, 1), nextSourceIP = next(SourceIP, 1)\n| extend TimeDeltainSeconds = datetime_diff('second',nextTimeGenerated,TimeGenerated)\n| where SourceIP == nextSourceIP\n//Whitelisting criteria/ threshold criteria\n| where TimeDeltainSeconds > TimeDeltaThreshold\n| summarize count(), sum(ReceivedBytes), sum(SentBytes)\nby TimeDeltainSeconds, bin(TimeGenerated, 1h), DeviceName, SourceUserID, SourceIP, DestinationIP, DestinationPort\n| summarize (MostFrequentTimeDeltaCount, MostFrequentTimeDeltainSeconds) = arg_max(count_, TimeDeltainSeconds), TotalEvents=sum(count_), TotalSentBytes = sum(sum_SentBytes), TotalReceivedBytes = sum(sum_ReceivedBytes)\nby bin(TimeGenerated, 1h), DeviceName, SourceUserID, SourceIP, DestinationIP, DestinationPort\n| where TotalEvents > TotalEventsThreshold and MostFrequentTimeDeltaCount > MostFrequentTimeDeltaThreshold\n| extend BeaconPercent = MostFrequentTimeDeltaCount/toreal(TotalEvents) * 100\n| where BeaconPercent > PercentBeaconThreshold\n| extend timestamp = TimeGenerated, IPCustomEntity = DestinationIP, AccountCustomEntity = SourceUserID, HostCustomEntity = DeviceName\n",
+                "queryFrequency": "P1D",
+                "queryPeriod": "P2D",
+                "severity": "Low",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "CommonSecurityLog"
+                    ],
+                    "connectorId": "PaloAltoNetworks"
+                  }
+                ],
+                "tactics": [
+                  "CommandAndControl"
+                ],
+                "techniques": [
+                  "T1071",
+                  "T1571"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "AccountCustomEntity"
+                      }
+                    ],
+                    "entityType": "Account"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "HostCustomEntity"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "IPCustomEntity"
+                      }
+                    ],
+                    "entityType": "IP"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId3'),'/'))))]",
+              "properties": {
+                "description": "PaloAlto-PAN-OS Analytics Rule 3",
+                "parentId": "[variables('analyticRuleId3')]",
+                "contentId": "[variables('_analyticRulecontentId3')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion3')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAlto-PAN-OS",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId3')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Palo Alto - potential beaconing detected",
+        "contentProductId": "[variables('_analyticRulecontentProductId3')]",
+        "id": "[variables('_analyticRulecontentProductId3')]",
+        "version": "[variables('analyticRuleVersion3')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName4')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAlto-PortScanning_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion4')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId4')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Identifies a list of internal Source IPs (10.x.x.x Hosts) that have triggered 10 or more non-graceful tcp server resets from one or more Destination IPs which\nresults in an \"ApplicationProtocol = incomplete\" designation. The server resets coupled with an \"Incomplete\" ApplicationProtocol designation can be an indication\nof internal to external port scanning or probing attack.\nReferences: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClUvCAK and\nhttps://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTaCAK",
+                "displayName": "Palo Alto - possible internal to external port scanning",
+                "enabled": false,
+                "query": "CommonSecurityLog\n| where isnotempty(DestinationPort) and DeviceAction !in (\"reset-both\", \"deny\")\n// filter out common usage ports. Add ports that are legitimate for your environment\n| where DestinationPort !in (\"443\", \"53\", \"389\", \"80\", \"0\", \"880\", \"8888\", \"8080\")\n| where ApplicationProtocol == \"incomplete\"\n// filter out IANA ephemeral or negotiated ports as per https://en.wikipedia.org/wiki/Ephemeral_port\n| where DestinationPort !between (toint(49512) .. toint(65535))\n| where Computer != \"\"\n| where DestinationIP !startswith \"10.\"\n| extend Reason = coalesce(\n                              column_ifexists(\"Reason\", \"\"),\n                              extract(\"reason=(.+?)(;|$)\", 1, AdditionalExtensions),\n                              \"\"\n                          )\n// Filter out any graceful reset reasons of AGED OUT which occurs when a TCP session closes with a FIN due to aging out.\n| where Reason !has \"aged-out\"\n// Filter out any TCP FIN which occurs when a TCP FIN is used to gracefully close half or both sides of a connection.\n| where Reason !has \"tcp-fin\"\n// Uncomment one of the following where clauses to trigger on specific TCP reset reasons\n// See Palo Alto article for details - https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClUvCAK\n// TCP RST-server - Occurs when the server sends a TCP reset to the client\n// | where AdditionalExtensions has \"reason=tcp-rst-from-server\"\n// TCP RST-client - Occurs when the client sends a TCP reset to the server\n// | where AdditionalExtensions has \"reason=tcp-rst-from-client\"\n// Already performed\n//| extend reason = tostring(split(AdditionalExtensions, \";\")[3])\n| summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), count() by DeviceName, SourceUserID, SourceIP, ApplicationProtocol, Reason, DestinationPort, Protocol, DeviceVendor, DeviceProduct, DeviceAction, DestinationIP\n| where count_ >= 10\n| summarize StartTimeUtc = min(StartTimeUtc), EndTimeUtc = max(EndTimeUtc), makeset(DestinationIP), totalcount = sum(count_) by DeviceName, SourceUserID, SourceIP, ApplicationProtocol, Reason, DestinationPort, Protocol, DeviceVendor, DeviceProduct, DeviceAction\n| extend timestamp = StartTimeUtc, IPCustomEntity = SourceIP, AccountCustomEntity = SourceUserID, HostCustomEntity = DeviceName\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Low",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "CommonSecurityLog"
+                    ],
+                    "connectorId": "PaloAltoNetworks"
+                  }
+                ],
+                "tactics": [
+                  "Discovery"
+                ],
+                "techniques": [
+                  "T1046"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "AccountCustomEntity"
+                      }
+                    ],
+                    "entityType": "Account"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "HostCustomEntity"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "IPCustomEntity"
+                      }
+                    ],
+                    "entityType": "IP"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId4'),'/'))))]",
+              "properties": {
+                "description": "PaloAlto-PAN-OS Analytics Rule 4",
+                "parentId": "[variables('analyticRuleId4')]",
+                "contentId": "[variables('_analyticRulecontentId4')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion4')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAlto-PAN-OS",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId4')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Palo Alto - possible internal to external port scanning",
+        "contentProductId": "[variables('_analyticRulecontentProductId4')]",
+        "id": "[variables('_analyticRulecontentProductId4')]",
+        "version": "[variables('analyticRuleVersion4')]"
       }
     },
     {
@@ -3291,35 +3760,17 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PaloAlto-PAN-OS-BlockIP-EntityTrigger Playbook with template version 3.0.0",
+        "description": "PaloAlto-PAN-OS-GetSystemInfo Playbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion3')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "PaloAlto-PAN-OS-BlockIP-EntityTrigger",
+              "defaultValue": "PaloAlto-PAN-OS-GetSystemInfo",
               "type": "string"
             },
-            "Address Group": {
-              "type": "string",
-              "metadata": {
-                "description": "Enter value for Address Group"
-              }
-            },
-            "Teams Group Id": {
-              "type": "string",
-              "metadata": {
-                "description": "Enter value for Teams Group Id"
-              }
-            },
-            "Teams channel Id": {
-              "type": "string",
-              "metadata": {
-                "description": "Enter value for Teams channel Id"
-              }
-            },
             "CustomConnectorName": {
-              "defaultValue": "PAN-OSRestApiCustomConnector",
+              "defaultValue": "PAN-OSXmlApiCustomConnector",
               "type": "string",
               "metadata": {
                 "description": "Name of the custom connector, if you want to change the default name, make sure to use the same in all Paloalto automation playbooks as well"
@@ -3327,15 +3778,12 @@
             }
           },
           "variables": {
-            "PaloaltoconnectorConnectionName": "[[concat('Paloaltoconnector-', parameters('PlaybookName'))]",
             "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
-            "TeamsConnectionName": "[[concat('Teams-', parameters('PlaybookName'))]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]",
+            "PaloaltoconnectorConnectionName": "[[concat('Paloaltoconnector-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
             "_connection-2": "[[variables('connection-2')]",
-            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]",
             "_connection-3": "[[variables('connection-3')]",
-            "connection-4": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Teams')]",
-            "_connection-4": "[[variables('connection-4')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
             "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
@@ -3351,22 +3799,10 @@
                   "parameters": {
                     "$connections": {
                       "type": "Object"
-                    },
-                    "Address Group": {
-                      "type": "string",
-                      "defaultValue": "[[parameters('Address Group')]"
-                    },
-                    "Teams Group Id": {
-                      "type": "string",
-                      "defaultValue": "[[parameters('Teams Group Id')]"
-                    },
-                    "Teams channel Id": {
-                      "type": "string",
-                      "defaultValue": "[[parameters('Teams channel Id')]"
                     }
                   },
                   "triggers": {
-                    "Microsoft_Sentinel_entity": {
+                    "Microsoft_Sentinel_incident": {
                       "type": "ApiConnectionWebhook",
                       "inputs": {
                         "body": {
@@ -3377,861 +3813,53 @@
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/entity/@{encodeURIComponent('IP')}"
+                        "path": "/incident-creation"
                       }
                     }
                   },
                   "actions": {
-                    "Condition_based_on_the_incident_configuration_from_adaptive_card": {
-                      "actions": {
-                        "Add_comment_to_incident_(V3)": {
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": {
-                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "message": "<p>PAN-OS Playbook ran and performed the following actions:<br>\n@{variables('IPAddressAction')}<br>\n<br>\n<br>\n<br>\nActions taken on Sentinel : Add comment to incident and closure with classification reason &nbsp;@{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['data']['incidentStatus']}</p>"
-                            },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                              }
-                            },
-                            "method": "post",
-                            "path": "/Incidents/Comment"
-                          }
-                        },
-                        "Update_incident": {
-                          "runAfter": {
-                            "Add_comment_to_incident_(V3)": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": {
-                              "classification": {
-                                "ClassificationAndReason": "@{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['data']['incidentStatus']}"
-                              },
-                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "severity": "@{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['data']['incidentSeverity']}",
-                              "status": "Closed"
-                            },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                              }
-                            },
-                            "method": "put",
-                            "path": "/Incidents"
-                          }
-                        }
-                      },
+                    "Add_comment_to_incident_(V3)": {
                       "runAfter": {
-                        "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response": [
-                          "Succeeded"
-                        ]
-                      },
-                      "expression": {
-                        "and": [
-                          {
-                            "equals": [
-                              "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['submitActionId']",
-                              "Change incident configuration"
-                            ]
-                          },
-                          {
-                            "not": {
-                              "equals": [
-                                "@triggerBody()?['IncidentArmID']",
-                                "@null"
-                              ]
-                            }
-                          }
-                        ]
-                      },
-                      "type": "If",
-                      "description": "This decides the action taken on the summarized adaptive card"
-                    },
-                    "Condition_based_on_user_inputs_from_the_adaptive_card": {
-                      "actions": {
-                        "Condition__to_check_if_user_chosen_Block_IP": {
-                          "actions": {
-                            "Create_an_address_object": {
-                              "type": "ApiConnection",
-                              "inputs": {
-                                "body": {
-                                  "entry": {
-                                    "@@name": "@triggerBody()?['Entity']?['properties']?['Address']",
-                                    "description": "@triggerBody()?['Entity']?['properties']?['Address']",
-                                    "ip-netmask": "@triggerBody()?['Entity']?['properties']?['Address']"
-                                  }
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/restapi/v10.0/Objects/Addresses",
-                                "queries": {
-                                  "address type": "ip-netmask",
-                                  "location": "vsys",
-                                  "name": "@triggerBody()?['Entity']?['properties']?['Address']",
-                                  "vsys": "vsys1"
-                                }
-                              },
-                              "description": "This creates a new address object for the malicious IP"
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "equals": [
-                                  "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']",
-                                  "Block IP ( add to @{outputs('Configured_address_group')} address group )"
-                                ]
-                              },
-                              {
-                                "equals": [
-                                  "@length(body('Filter_array_of_Ip_address_from_list_of_address_objects'))",
-                                  0
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If",
-                          "description": "This check if user chooses Block IP"
-                        },
-                        "Condition_to_check_the_edit_an_address_object_group_status": {
-                          "actions": {
-                            "Condition_to_check_the_action_of_adaptive_card_to_set_the_action_summary": {
-                              "actions": {
-                                "Append_success_status_Blocked_IP_status_to_summary_card": {
-                                  "type": "AppendToArrayVariable",
-                                  "inputs": {
-                                    "name": "IPAddressAction",
-                                    "value": "IP Address : @{triggerBody()?['Entity']?['properties']?['Address']} ,  Action Taken :  Blocked  by               \n                       adding to @{outputs('Configured_address_group')}  ,  Status  :  Success"
-                                  },
-                                  "description": "append action taken to summarize on the adaptive card"
-                                }
-                              },
-                              "else": {
-                                "actions": {
-                                  "Append_success_status_UnBlocked_IP_status_to_summary_card": {
-                                    "type": "AppendToArrayVariable",
-                                    "inputs": {
-                                      "name": "IPAddressAction",
-                                      "value": "IP Address : @{triggerBody()?['Entity']?['properties']?['Address']} ,  Action Taken :  UnBlocked  by      \n                                  removing from @{outputs('Configured_address_group')}  ,  Status  :  Success"
-                                    },
-                                    "description": "append action taken to summarize on the adaptive card"
-                                  }
-                                }
-                              },
-                              "expression": {
-                                "and": [
-                                  {
-                                    "equals": [
-                                      "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']",
-                                      "Block IP ( add to @{outputs('Configured_address_group')} address group )"
-                                    ]
-                                  }
-                                ]
-                              },
-                              "type": "If"
-                            }
-                          },
-                          "runAfter": {
-                            "Update_an_address_object_group": [
-                              "Succeeded"
-                            ]
-                          },
-                          "else": {
-                            "actions": {
-                              "Append_failure_status_to_summary_card": {
-                                "type": "AppendToArrayVariable",
-                                "inputs": {
-                                  "name": "IPAddressAction",
-                                  "value": "IP Address : @{triggerBody()?['Entity']?['properties']?['Address']} ,  Action Taken :  @{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']} ,  Status         :  Failure"
-                                },
-                                "description": "append action taken to summarize on the adaptive card"
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "equals": [
-                                  "@body('Update_an_address_object_group')?['@status']",
-                                  "success"
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If"
-                        },
-                        "Update_an_address_object_group": {
-                          "runAfter": {
-                            "Condition__to_check_if_user_chosen_Block_IP": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": {
-                              "entry": [
-                                {
-                                  "@@name": "@parameters('Address Group')",
-                                  "static": {
-                                    "member": "@{variables('AddressGroupMembers')}"
-                                  }
-                                }
-                              ]
-                            },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
-                              }
-                            },
-                            "method": "put",
-                            "path": "/restapi/v10.0/Objects/AddressGroups",
-                            "queries": {
-                              "location": "vsys",
-                              "name": "@parameters('Address Group')",
-                              "vsys": "vsys1"
-                            }
-                          }
-                        }
-                      },
-                      "runAfter": {
-                        "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3": [
-                          "Succeeded"
-                        ]
-                      },
-                      "else": {
-                        "actions": {
-                          "Append_to_array_variable_Ip_address_action_chosen": {
-                            "type": "AppendToArrayVariable",
-                            "inputs": {
-                              "name": "IPAddressAction",
-                              "value": "IP Address : @{triggerBody()?['Entity']?['properties']?['Address']} ,  Action Taken :  @{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']} ,  Status :  Success                                               "
-                            },
-                            "description": "This appends the action taken on IP to the list of existing actions"
-                          }
-                        }
-                      },
-                      "expression": {
-                        "and": [
-                          {
-                            "not": {
-                              "equals": [
-                                "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']",
-                                "Ignore"
-                              ]
-                            }
-                          }
-                        ]
-                      },
-                      "type": "If",
-                      "description": "condition to check the submit action is block / unblock or Ignore"
-                    },
-                    "Condition_to_check_if_Ip_address_already_present_in_list_of_address_objects": {
-                      "actions": {
-                        "Condition_to_check_if_Ip_already_present_in_predefined_address_group": {
-                          "actions": {
-                            "Append_address_group_text": {
-                              "type": "AppendToArrayVariable",
-                              "inputs": {
-                                "name": "AdaptiveCardBody",
-                                "value": {
-                                  "text": "The IP  @{triggerBody()?['Entity']?['properties']?['Address']} is already a member of the blocked address group @{outputs('Configured_address_group')}",
-                                  "type": "TextBlock",
-                                  "wrap": true
-                                }
-                              },
-                              "description": "append address group text to adaptive card dynamically"
-                            },
-                            "Filter_array_IP_address_from_the_list_of_address_objects_to_unreference": {
-                              "runAfter": {
-                                "Set_dynamic_action_name": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "Query",
-                              "inputs": {
-                                "from": "@variables('AddressGroupMembers')",
-                                "where": "@not(equals(item(), triggerBody()?['Entity']?['properties']?['Address']))"
-                              },
-                              "description": "This filters the IP address from predefined address group to unreference/unblock IP"
-                            },
-                            "Set_dynamic_action_name": {
-                              "runAfter": {
-                                "Append_address_group_text": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "ActionName",
-                                "value": "UnBlock IP"
-                              },
-                              "description": "variable to set action name dynamically"
-                            },
-                            "unreference_IP_address_from_the_existing_group_members": {
-                              "runAfter": {
-                                "Filter_array_IP_address_from_the_list_of_address_objects_to_unreference": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "AddressGroupMembers",
-                                "value": "@body('Filter_array_IP_address_from_the_list_of_address_objects_to_unreference')"
-                              },
-                              "description": "unreference IP address from the group members and update"
-                            }
-                          },
-                          "else": {
-                            "actions": {
-                              "Append_IP_address_to_the_address_group_members": {
-                                "runAfter": {
-                                  "Append_address_group_text_to_adaptive_card_body": [
-                                    "Succeeded"
-                                  ]
-                                },
-                                "type": "AppendToArrayVariable",
-                                "inputs": {
-                                  "name": "AddressGroupMembers",
-                                  "value": "@triggerBody()?['Entity']?['properties']?['Address']"
-                                },
-                                "description": "append IP address to the address group members"
-                              },
-                              "Append_address_group_text_to_adaptive_card_body": {
-                                "type": "AppendToArrayVariable",
-                                "inputs": {
-                                  "name": "AdaptiveCardBody",
-                                  "value": {
-                                    "text": "The IP  @{triggerBody()?['Entity']?['properties']?['Address']} is not a member of the blocked address group @{outputs('Configured_address_group')}",
-                                    "type": "TextBlock",
-                                    "wrap": true
-                                  }
-                                },
-                                "description": "append address group text to adaptive card dynamically"
-                              },
-                              "Set_dynamic_action_name_to_variable_Action_name": {
-                                "runAfter": {
-                                  "Append_IP_address_to_the_address_group_members": [
-                                    "Succeeded"
-                                  ]
-                                },
-                                "type": "SetVariable",
-                                "inputs": {
-                                  "name": "ActionName",
-                                  "value": "Block IP"
-                                },
-                                "description": "set action name dynamically"
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "contains": [
-                                  "@variables('AddressGroupMembers')",
-                                  "@triggerBody()?['Entity']?['properties']?['Address']"
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If",
-                          "description": "condition to check the malicious IP address is present in the predefined address group and the IP is part of static member"
-                        }
-                      },
-                      "runAfter": {
-                        "Condition_to_check_if_the_IP_is_a_part_of_security_policy_rules": [
-                          "Succeeded"
-                        ]
-                      },
-                      "else": {
-                        "actions": {
-                          "Append_IP_to_array_of_address_group_members": {
-                            "runAfter": {
-                              "Append_to_array_variable_text_if_IP_is_not_a_member_of_blocked_address_group": [
-                                "Succeeded"
-                              ]
-                            },
-                            "type": "AppendToArrayVariable",
-                            "inputs": {
-                              "name": "AddressGroupMembers",
-                              "value": "@triggerBody()?['Entity']?['properties']?['Address']"
-                            },
-                            "description": "append the Malicious IP address to the existing group members to block / unblock from the predefined address group"
-                          },
-                          "Append_to_array_variable_text_if_IP_is_not_a_member_of_blocked_address_group": {
-                            "type": "AppendToArrayVariable",
-                            "inputs": {
-                              "name": "AdaptiveCardBody",
-                              "value": {
-                                "text": "The IP  @{triggerBody()?['Entity']?['properties']?['Address']} is not a member of the blocked address group @{outputs('Configured_address_group')}",
-                                "type": "TextBlock",
-                                "wrap": true
-                              }
-                            },
-                            "description": "This appends the text to display If Ip is not a member of security policy rules"
-                          },
-                          "Set_variable_to_Block_Ip": {
-                            "runAfter": {
-                              "Append_IP_to_array_of_address_group_members": [
-                                "Succeeded"
-                              ]
-                            },
-                            "type": "SetVariable",
-                            "inputs": {
-                              "name": "ActionName",
-                              "value": "Block IP"
-                            },
-                            "description": "This sets the variable block IP"
-                          }
-                        }
-                      },
-                      "expression": {
-                        "and": [
-                          {
-                            "greater": [
-                              "@length(body('Filter_array_of_Ip_address_from_list_of_address_objects'))",
-                              0
-                            ]
-                          }
-                        ]
-                      },
-                      "type": "If",
-                      "description": "This checks if Ip is a member of any of the list of address objects"
-                    },
-                    "Condition_to_check_if_the_IP_is_a_part_of_security_policy_rules": {
-                      "actions": {
-                        "Append_policy_text": {
-                          "type": "AppendToArrayVariable",
-                          "inputs": {
-                            "name": "AdaptiveCardBody",
-                            "value": {
-                              "text": "It is also member of the following security policy rules",
-                              "type": "TextBlock"
-                            }
-                          },
-                          "description": "dynamic policy text based on security policies"
-                        },
-                        "Append_security_policies": {
-                          "runAfter": {
-                            "Append_policy_text": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "AppendToArrayVariable",
-                          "inputs": {
-                            "name": "AdaptiveCardBody",
-                            "value": {
-                              "columns": [
-                                {
-                                  "items": "@body('Select_security_policy_rules')",
-                                  "type": "Column"
-                                }
-                              ],
-                              "type": "ColumnSet"
-                            }
-                          },
-                          "description": "append security policies which the IP address is exist"
-                        }
-                      },
-                      "runAfter": {
-                        "Select_security_policy_rules": [
-                          "Succeeded"
-                        ]
-                      },
-                      "else": {
-                        "actions": {
-                          "Append_policy_text_to_adaptive_card_body_variable": {
-                            "type": "AppendToArrayVariable",
-                            "inputs": {
-                              "name": "AdaptiveCardBody",
-                              "value": {
-                                "text": "It is not a member of any other Policy Rules",
-                                "type": "TextBlock"
-                              }
-                            },
-                            "description": "dynamic policy text based on security policies"
-                          },
-                          "Append_security_policies_to_adaptive_card_body_variable": {
-                            "runAfter": {
-                              "Append_policy_text_to_adaptive_card_body_variable": [
-                                "Succeeded"
-                              ]
-                            },
-                            "type": "AppendToArrayVariable",
-                            "inputs": {
-                              "name": "AdaptiveCardBody"
-                            },
-                            "description": "append security policies which the IP address is exist"
-                          }
-                        }
-                      },
-                      "expression": {
-                        "and": [
-                          {
-                            "greater": [
-                              "@length(body('Select_security_policy_rules'))",
-                              0
-                            ]
-                          }
-                        ]
-                      },
-                      "type": "If",
-                      "description": "condition to check if the IP address is present in the existing security policy rules to conditionally apply the policy text and security policy rules"
-                    },
-                    "Configured_address_group": {
-                      "runAfter": {
-                        "Set_variable_address_group_members": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Compose",
-                      "inputs": "@body('List_address_groups')?['result']?['entry']?[0]?['@name']",
-                      "description": "compose predefined address group"
-                    },
-                    "Filter_array_Ip_from_list_of_security_rules": {
-                      "runAfter": {
-                        "Configured_address_group": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Query",
-                      "inputs": {
-                        "from": "@body('List_security_rules')?['result']?['entry']",
-                        "where": "@contains(item()?['source']?['member'], triggerBody()?['Entity']?['properties']?['Address'])"
-                      },
-                      "description": "This filters all the security rules in which this Ip is a member"
-                    },
-                    "Filter_array_of_Ip_address_from_list_of_address_objects": {
-                      "runAfter": {
-                        "Set_variable_adaptive_card_body": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Query",
-                      "inputs": {
-                        "from": "@body('List_address_objects')?['result']?['entry']",
-                        "where": "@equals(item()?['ip-netmask'], triggerBody()?['Entity']?['properties']?['Address'])"
-                      },
-                      "description": "This filters the list of address objects in which this Ip is a member "
-                    },
-                    "Initialize_variable_IP_address_action": {
-                      "runAfter": {
-                        "Initialize_variable_address_group_members": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "IPAddressAction",
-                            "type": "array"
-                          }
-                        ]
-                      },
-                      "description": "This holds the action taken on each IP "
-                    },
-                    "Initialize_variable_action_name": {
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "ActionName",
-                            "type": "string"
-                          }
-                        ]
-                      },
-                      "description": "variable to store action name to be displayed on adaptive card"
-                    },
-                    "Initialize_variable_adaptive_card_body": {
-                      "runAfter": {
-                        "Initialize_variable_action_name": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "AdaptiveCardBody",
-                            "type": "array"
-                          }
-                        ]
-                      },
-                      "description": "variable to store adaptive card body json"
-                    },
-                    "Initialize_variable_address_group_members": {
-                      "runAfter": {
-                        "Initialize_variable_adaptive_card_body": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "AddressGroupMembers",
-                            "type": "array"
-                          }
-                        ]
-                      },
-                      "description": "variable to store the list of address group members"
-                    },
-                    "List_address_groups": {
-                      "runAfter": {
-                        "Filter_array_of_Ip_address_from_list_of_address_objects": [
+                        "Query_Palo_Alto_XML_API": [
                           "Succeeded"
                         ]
                       },
                       "type": "ApiConnection",
-                      "inputs": {
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
-                          }
-                        },
-                        "method": "get",
-                        "path": "/restapi/v10.0/Objects/AddressGroups",
-                        "queries": {
-                          "location": "vsys",
-                          "name": "testaddressgroup",
-                          "vsys": "vsys1"
-                        }
-                      },
-                      "description": "This gets complete list of address object groups present in the PAN-OS"
-                    },
-                    "List_address_objects": {
-                      "runAfter": {
-                        "Initialize_variable_IP_address_action": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
-                          }
-                        },
-                        "method": "get",
-                        "path": "/restapi/v10.0/Objects/Addresses",
-                        "queries": {
-                          "location": "vsys",
-                          "vsys": "vsys1"
-                        }
-                      },
-                      "description": "This gets complete list of address object present in the PAN-OS"
-                    },
-                    "List_security_rules": {
-                      "runAfter": {
-                        "List_address_objects": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
-                          }
-                        },
-                        "method": "get",
-                        "path": "/restapi/v10.0/Policies/SecurityRules",
-                        "queries": {
-                          "location": "vsys",
-                          "vsys": "vsys1"
-                        }
-                      },
-                      "description": "This gets complete list of security policy rules present in the PAN-OS"
-                    },
-                    "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response": {
-                      "runAfter": {
-                        "Set_variable_actions_on_IP_to_be_displayed_on_adaptive_card": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnectionWebhook",
                       "inputs": {
                         "body": {
-                          "body": {
-                            "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on IP's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_IP_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No :   \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident]()\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Azure Sentinal incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Azure Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n{\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
-                            "recipient": {
-                              "channelId": "@parameters('Teams channel Id')"
-                            },
-                            "shouldUpdateCard": true
-                          },
-                          "notificationUrl": "@{listCallbackUrl()}"
+                          "incidentArmId": "@triggerBody()?['object']?['id']",
+                          "message": "<p><span style=\"font-size: 16px\"><strong>System Info :</strong></span><br>\n<br>\n@{body('Query_Palo_Alto_XML_API')}</p>"
                         },
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['teams']['connectionId']"
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/flowbot/actions/flowcontinuation/recipienttypes/channel/$subscriptions",
-                        "queries": {
-                          "groupId": "@parameters('Teams Group Id')"
-                        }
+                        "method": "post",
+                        "path": "/Incidents/Comment"
                       }
                     },
-                    "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3": {
-                      "runAfter": {
-                        "Condition_to_check_if_Ip_address_already_present_in_list_of_address_objects": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnectionWebhook",
+                    "Query_Palo_Alto_XML_API": {
+                      "type": "ApiConnection",
                       "inputs": {
-                        "body": {
-                          "body": {
-                            "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\":@{variables('AdaptiveCardBody')} ,\n     \"actions\": [\n  {\n    \"title\": \"@{variables('ActionName')} ( add to @{outputs('Configured_address_group')} address group )\",\n    \"type\": \"Action.Submit\"\n  },\n  {\n    \"title\": \"Ignore\",\n    \"type\": \"Action.Submit\"\n  }\n],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
-                            "recipient": {
-                              "channelId": "@parameters('Teams channel Id')"
-                            },
-                            "shouldUpdateCard": true
-                          },
-                          "notificationUrl": "@{listCallbackUrl()}"
-                        },
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['teams']['connectionId']"
+                            "name": "@parameters('$connections')['paloaltoconnector']['connectionId']"
                           }
                         },
-                        "path": "/flowbot/actions/flowcontinuation/recipienttypes/channel/$subscriptions",
+                        "method": "get",
+                        "path": "/api/",
                         "queries": {
-                          "groupId": "@parameters('Teams Group Id')"
+                          "cmd": "<show><system><info></info></system></show>",
+                          "type": "op"
                         }
                       }
-                    },
-                    "Select_security_policy_rules": {
-                      "runAfter": {
-                        "Filter_array_Ip_from_list_of_security_rules": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Select",
-                      "inputs": {
-                        "from": "@body('Filter_array_Ip_from_list_of_security_rules')",
-                        "select": {
-                          "text": " @{item()?['@name']}, action :  @{item()?['action']}",
-                          "type": "TextBlock",
-                          "weight": "bolder"
-                        }
-                      },
-                      "description": "prepare columns list to show the security policy rules in the adaptive card if IP address is present"
-                    },
-                    "Set_variable_actions_on_IP_to_be_displayed_on_adaptive_card": {
-                      "runAfter": {
-                        "Condition_based_on_user_inputs_from_the_adaptive_card": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Select",
-                      "inputs": {
-                        "from": "@variables('IPAddressAction')",
-                        "select": {
-                          "text": "@item()",
-                          "type": "TextBlock"
-                        }
-                      },
-                      "description": "This is used to compose the list of actions taken by SOC on respective IP addresses"
-                    },
-                    "Set_variable_adaptive_card_body": {
-                      "runAfter": {
-                        "List_security_rules": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "SetVariable",
-                      "inputs": {
-                        "name": "AdaptiveCardBody",
-                        "value": [
-                          {
-                            "size": "Large",
-                            "text": "Suspicious IP - Microsoft Sentinel",
-                            "type": "TextBlock",
-                            "weight": "Bolder",
-                            "wrap": true
-                          },
-                          {
-                            "text": "Possible Comprised IP @{triggerBody()?['Entity']?['properties']?['Address']} detected by the provider  :  ",
-                            "type": "TextBlock",
-                            "wrap": true
-                          },
-                          {
-                            "text": "  Incident  ",
-                            "type": "TextBlock",
-                            "weight": "Bolder",
-                            "wrap": true
-                          },
-                          {
-                            "text": " Incident No :   ",
-                            "type": "TextBlock",
-                            "weight": "Bolder",
-                            "wrap": true
-                          },
-                          {
-                            "text": "Incident description",
-                            "type": "TextBlock",
-                            "weight": "Bolder",
-                            "wrap": true
-                          },
-                          {
-                            "text": "[variables('blanks')]",
-                            "type": "TextBlock",
-                            "wrap": true
-                          },
-                          {
-                            "text": "[[[[Click here to view the Incident]()",
-                            "type": "TextBlock",
-                            "wrap": true
-                          },
-                          {
-                            "size": "Medium",
-                            "text": "Response in PAN-OS",
-                            "type": "TextBlock",
-                            "weight": "Bolder"
-                          },
-                          {
-                            "size": "Small",
-                            "style": "Person",
-                            "type": "Image",
-                            "url": "https://avatars2.githubusercontent.com/u/4855743?s=280&v=4"
-                          }
-                        ]
-                      },
-                      "description": "variable to hold adaptive card body"
-                    },
-                    "Set_variable_address_group_members": {
-                      "runAfter": {
-                        "List_address_groups": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "SetVariable",
-                      "inputs": {
-                        "name": "AddressGroupMembers",
-                        "value": "@body('List_address_groups')?['result']?['entry']?[0]?['static']?['member']"
-                      },
-                      "description": "assign list of address group members"
                     }
                   }
                 },
                 "parameters": {
                   "$connections": {
                     "value": {
-                      "PaloAltoConnector": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]",
-                        "connectionName": "[[variables('PaloaltoconnectorConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]"
-                      },
                       "azuresentinel": {
                         "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
                         "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
@@ -4242,10 +3870,10 @@
                           }
                         }
                       },
-                      "teams": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('TeamsConnectionName'))]",
-                        "connectionName": "[[variables('TeamsConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Teams')]"
+                      "paloaltoconnector": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]",
+                        "connectionName": "[[variables('PaloaltoconnectorConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]"
                       }
                     }
                   }
@@ -4258,30 +3886,16 @@
                 "type": "SystemAssigned"
               },
               "tags": {
-                "hidden-SentinelTemplateName": "PaloAlto-PAN-OS-BlockIP-EntityTrigger",
+                "hidden-SentinelTemplateName": "PaloAlto-PAN-OS-GetSystemInfo",
                 "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
               "apiVersion": "2017-07-01",
               "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]",
                 "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('TeamsConnectionName'))]"
+                "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]"
               ]
             },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('PaloaltoconnectorConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('PaloaltoconnectorConnectionName')]",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
             {
               "type": "Microsoft.Web/connections",
               "apiVersion": "2016-06-01",
@@ -4292,20 +3906,20 @@
                 "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
                 "parameterValueType": "Alternative",
                 "api": {
-                  "id": "[[variables('_connection-3')]"
+                  "id": "[[variables('_connection-2')]"
                 }
               }
             },
             {
               "type": "Microsoft.Web/connections",
               "apiVersion": "2016-06-01",
-              "name": "[[variables('TeamsConnectionName')]",
+              "name": "[[variables('PaloaltoconnectorConnectionName')]",
               "location": "[[variables('workspace-location-inline')]",
               "kind": "V1",
               "properties": {
-                "displayName": "[[variables('TeamsConnectionName')]",
+                "displayName": "[[variables('PaloaltoconnectorConnectionName')]",
                 "api": {
-                  "id": "[[variables('_connection-4')]"
+                  "id": "[[variables('_connection-3')]"
                 }
               }
             },
@@ -4337,8 +3951,8 @@
                   "criteria": [
                     {
                       "kind": "LogicAppsCustomConnector",
-                      "contentId": "[variables('_PaloAlto_PAN-OS_Rest_API_CustomConnector')]",
-                      "version": "[variables('playbookVersion1')]"
+                      "contentId": "[variables('_PaloAlto_PAN-OS_XML_API_CustomConnector')]",
+                      "version": "[variables('playbookVersion2')]"
                     }
                   ]
                 }
@@ -4346,26 +3960,21 @@
             }
           ],
           "metadata": {
-            "title": "Block IP - Palo Alto PAN-OS - Entity trigger",
-            "description": "This playbook interacts with relevant stakeholders, such incident response team, to approve blocking/allowing IPs in Palo Alto PAN-OS, using **Address Object Groups**. This allows to make changes on predefined address group, which is attached to predefined security policy rule.",
-            "mainSteps": [
-              "When a new Sentinel incident is created, this playbook gets triggered and performs below actions: \n\n 1. An adaptive card is sent to the SOC channel providing Incident information, IP address, list of existing security policy rules in which IP is a member of and provides an option to Block/Unblock IP Address to predefined address group or Ignore. \n\n 2. The SOC can take action on risky IP based on the information provided in the adaptive card. \n\n ![PaloAlto-PAN-OS-BlockIP](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAlto-PAN-OS-BlockIP/designerscreenshot.PNG?raw=true) \n\n **This is the adaptive card SOC will receive when playbook is triggered for each risky IP for taking actions like block/unblock/ignore:** \n\n ![Adaptive Card example](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAlto-PAN-OS-BlockIP/AdaptiveCardtoBlockorUnblock.PNG?raw=true) \n\n **This is the consolidate adaptive card about the summary of actions taken on IP and the incident configuration:** \n\n ![Consolidated Adaptive Card example](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAlto-PAN-OS-BlockIP/SummarizedAdaptiveCard.PNG?raw=true)"
-            ],
+            "title": "Get System Info - Palo Alto PAN-OS XML API",
+            "description": "This playbook allows us to get System Info of a Palo Alto device for a Microsoft Sentinel alert.",
             "prerequisites": [
-              "1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key. [Refer this link on how to generate the API Key](https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key) \n\n 3. Address group should be created for PAN-OS and this should be used while creating playbooks."
+              "1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key.[Refer this link on how to generate the API Key](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key) \n\n 3. This playbook only works for Palo Alto incidents."
             ],
-            "lastUpdateTime": "2022-12-06T00:00:00Z",
+            "lastUpdateTime": "2022-07-25T00:00:00Z",
             "entities": [
               "Ip"
             ],
             "tags": [
               "Remediation",
-              "Response from teams",
-              "Paloalto",
-              "Pan-os"
+              "Response from teams"
             ],
             "postDeployment": [
-              "**a. Authorize connections** \n\n Once deployment is complete, you will need to authorize each connection. \n\n 1. Click the Microsoft Sentinel connection resource \n\n 2. Click edit API connection \n\n 3. Click Authorize \n\n 4. Sign in \n\n 5. Click Save \n\n 6. Repeat steps for other connection such as Teams connection and PAN-OS API connection (For authorizing the PAN-OS API connection, API Key needs to be provided) \n\n **b. Configurations in Sentinel** \n\n 1. In Microsoft sentinel analytical rules should be configured to trigger an incident with risky IP \n\n 2. Configure the automation rules to trigger this playbook"
+              "** a. Authorize connections ** Once deployment is complete, you will need to authorize each connection. \n\n 1. Click the Microsoft Sentinel connection resource \n\n 2. Click edit API connection \n\n 3. Click Authorize \n\n 4. Sign in \n\n 5. Click Save \n\n 6. Repeat steps for other connections such as Blob Store connection and PAN-OS API connection (For authorizing the PAN-OS API connection, API Key needs to be provided) \n\n ** b. Configurations in Sentinel ** 1. In Microsoft sentinel analytical rules should be configured to trigger an incident with risky IP \n\n 2. Configure the automation rules to trigger this playbook"
             ],
             "releaseNotes": {
               "version": "1.0",
@@ -4383,7 +3992,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('_playbookContentId3')]",
         "contentKind": "Playbook",
-        "displayName": "PaloAlto-PAN-OS-BlockIP-EntityTrigger",
+        "displayName": "PaloAlto-PAN-OS-GetSystemInfo",
         "contentProductId": "[variables('_playbookcontentProductId3')]",
         "id": "[variables('_playbookcontentProductId3')]",
         "version": "[variables('playbookVersion3')]"
@@ -4398,10 +4007,984 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PaloAlto-PAN-OS-BlockIP Playbook with template version 3.0.0",
+        "description": "PaloAlto-PAN-OS-GetThreatPcap Playbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion4')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "PaloAlto-PAN-OS-GetThreatPcap",
+              "type": "string"
+            },
+            "LogAnalyticsResourceGroup": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for LogAnalyticsResourceGroup"
+              }
+            },
+            "LogAnalyticsResourceName": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for LogAnalyticsResourceName"
+              }
+            },
+            "Storage Name": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Storage Name"
+              }
+            },
+            "Container Name": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Container Name"
+              }
+            },
+            "CustomConnectorName": {
+              "defaultValue": "PAN-OSXmlApiCustomConnector",
+              "type": "string",
+              "metadata": {
+                "description": "Name of the custom connector, if you want to change the default name, make sure to use the same in all Paloalto automation playbooks as well"
+              }
+            }
+          },
+          "variables": {
+            "AzureblobConnectionName": "[[concat('Azureblob-', parameters('PlaybookName'))]",
+            "AzuremonitorlogsConnectionName": "[[concat('Azuremonitorlogs-', parameters('PlaybookName'))]",
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "PaloaltoconnectorConnectionName": "[[concat('Paloaltoconnector-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azureblob')]",
+            "_connection-2": "[[variables('connection-2')]",
+            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuremonitorlogs')]",
+            "_connection-3": "[[variables('connection-3')]",
+            "connection-4": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "_connection-4": "[[variables('connection-4')]",
+            "connection-5": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]",
+            "_connection-5": "[[variables('connection-5')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    },
+                    "Container Name": {
+                      "type": "string",
+                      "defaultValue": "[[parameters('Container Name')]"
+                    },
+                    "LogAnalyticsResourceGroup": {
+                      "type": "string",
+                      "defaultValue": "[[parameters('LogAnalyticsResourceGroup')]"
+                    },
+                    "LogAnalyticsResourceName": {
+                      "type": "string",
+                      "defaultValue": "[[parameters('LogAnalyticsResourceName')]"
+                    },
+                    "Storage Name": {
+                      "type": "string",
+                      "defaultValue": "[[parameters('Storage Name')]"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_incident": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/incident-creation"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "For_each": {
+                      "foreach": "@body('Parse_JSON_-_Result_of_Run_query')",
+                      "actions": {
+                        "If_PCAP_ID_Exists": {
+                          "actions": {
+                            "Condition": {
+                              "actions": {
+                                "Add_comment_to_incident_(V3)": {
+                                  "runAfter": {
+                                    "Create_blob_(V2)": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "ApiConnection",
+                                  "inputs": {
+                                    "body": {
+                                      "incidentArmId": "@triggerBody()?['object']?['id']",
+                                      "message": "<p>@{body('Create_blob_(V2)')?['Path']}</p>"
+                                    },
+                                    "host": {
+                                      "connection": {
+                                        "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                      }
+                                    },
+                                    "method": "post",
+                                    "path": "/Incidents/Comment"
+                                  }
+                                },
+                                "Create_blob_(V2)": {
+                                  "type": "ApiConnection",
+                                  "inputs": {
+                                    "body": "\"@{body('Query_Palo_Alto_XML_API')}\"",
+                                    "headers": {
+                                      "ReadFileMetadataFromServer": true
+                                    },
+                                    "host": {
+                                      "connection": {
+                                        "name": "@parameters('$connections')['azureblob']['connectionId']"
+                                      }
+                                    },
+                                    "method": "post",
+                                    "path": "/v2/datasets/@{encodeURIComponent(encodeURIComponent(parameters('Storage Name')))}/files",
+                                    "queries": {
+                                      "folderPath": "/@{parameters('Container Name')}",
+                                      "name": "@{concat('paloalto',string(items('For_each')['pcap_id']),string(items('For_each')['time_1']), '.pcap')}",
+                                      "queryParametersSingleEncoded": true
+                                    }
+                                  },
+                                  "runtimeConfiguration": {
+                                    "contentTransfer": {
+                                      "transferMode": "Chunked"
+                                    }
+                                  }
+                                }
+                              },
+                              "runAfter": {
+                                "Query_Palo_Alto_XML_API": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "else": {
+                                "actions": {
+                                  "Add_comment_to_incident_(V3)_3": {
+                                    "type": "ApiConnection",
+                                    "inputs": {
+                                      "body": {
+                                        "incidentArmId": "@triggerBody()?['object']?['id']",
+                                        "message": "<p>Playbook execution failed with error :<br>\nFor more details : please check Playbook run history .</p>"
+                                      },
+                                      "host": {
+                                        "connection": {
+                                          "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                        }
+                                      },
+                                      "method": "post",
+                                      "path": "/Incidents/Comment"
+                                    }
+                                  }
+                                }
+                              },
+                              "expression": {
+                                "and": [
+                                  {
+                                    "not": {
+                                      "contains": [
+                                        "@string(body('Query_Palo_Alto_XML_API'))",
+                                        "'status'"
+                                      ]
+                                    }
+                                  },
+                                  {
+                                    "not": {
+                                      "contains": [
+                                        "@string(body('Query_Palo_Alto_XML_API'))",
+                                        "error"
+                                      ]
+                                    }
+                                  },
+                                  {
+                                    "not": {
+                                      "contains": [
+                                        "@string(body('Query_Palo_Alto_XML_API'))",
+                                        "invalid"
+                                      ]
+                                    }
+                                  }
+                                ]
+                              },
+                              "type": "If"
+                            },
+                            "Query_Palo_Alto_XML_API": {
+                              "type": "ApiConnection",
+                              "inputs": {
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['paloaltoconnector']['connectionId']"
+                                  }
+                                },
+                                "method": "get",
+                                "path": "/api/",
+                                "queries": {
+                                  "category": "threat-pcap",
+                                  "device_name": "@items('For_each')['Computer']",
+                                  "pcap-id": "@items('For_each')['pcap_id']",
+                                  "search-time": "@items('For_each')['event_time']",
+                                  "sessionid": "@items('For_each')['sessionid']",
+                                  "type": "export"
+                                }
+                              }
+                            }
+                          },
+                          "else": {
+                            "actions": {
+                              "Add_comment_to_incident_(V3)_2": {
+                                "type": "ApiConnection",
+                                "inputs": {
+                                  "body": {
+                                    "incidentArmId": "@triggerBody()?['object']?['id']",
+                                    "message": "<p>Kindly provided the properly mapped fields in query result :<br>\n<br>\nReference :<br>\n\"TimeGenerated\": \"2023-05-29T11:28:42.6809438Z\",<br>\n\"Computer\": \"trustedwindows\",<br>\n\"pcap_id\": \"2343hjh234\",<br>\n\"sessionid\": \"87yujh67\",<br>\n\"event_time\": \"2023/28/29 11:28:42\"<br>\n</p>"
+                                  },
+                                  "host": {
+                                    "connection": {
+                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                  },
+                                  "method": "post",
+                                  "path": "/Incidents/Comment"
+                                }
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "not": {
+                                  "equals": [
+                                    "@items('For_each')['pcap_id']",
+                                    "@null"
+                                  ]
+                                }
+                              },
+                              {
+                                "not": {
+                                  "equals": [
+                                    "@items('For_each')['pcap_id']",
+                                    0
+                                  ]
+                                }
+                              }
+                            ]
+                          },
+                          "type": "If"
+                        }
+                      },
+                      "runAfter": {
+                        "Parse_JSON_-_Result_of_Run_query": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "Parse_JSON_-_Result_of_Run_query": {
+                      "runAfter": {
+                        "Run_query_and_list_results": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ParseJson",
+                      "inputs": {
+                        "content": "@body('Run_query_and_list_results')?['value']",
+                        "schema": {
+                          "items": {
+                            "properties": {
+                              "Computer": {
+                                "type": "string"
+                              },
+                              "TimeGenerated": {
+                                "type": "string"
+                              },
+                              "event_time": {
+                                "type": "string"
+                              },
+                              "pcap_id": {
+                                "type": "string"
+                              },
+                              "sessionid": {
+                                "type": "string"
+                              }
+                            },
+                            "required": [
+                              "TimeGenerated",
+                              "Computer",
+                              "pcap_id",
+                              "sessionid",
+                              "event_time"
+                            ],
+                            "type": "object"
+                          },
+                          "type": "array"
+                        }
+                      }
+                    },
+                    "Run_query_and_list_results": {
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "body": "@{triggerBody()?['object']?['properties']?['alerts']?[0]?['properties']?['additionalData']?['Query']}\n| limit 10",
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuremonitorlogs']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/queryData",
+                        "queries": {
+                          "resourcegroups": "@parameters('LogAnalyticsResourceGroup')",
+                          "resourcename": "@parameters('LogAnalyticsResourceName')",
+                          "resourcetype": "Log Analytics Workspace",
+                          "subscriptions": "f70efef4-6505-4727-acd8-9d0b3bc0b80e",
+                          "timerange": "Set in query"
+                        }
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "azureblob": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureblobConnectionName'))]",
+                        "connectionName": "[[variables('AzureblobConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azureblob')]"
+                      },
+                      "azuremonitorlogs": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzuremonitorlogsConnectionName'))]",
+                        "connectionName": "[[variables('AzuremonitorlogsConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuremonitorlogs')]"
+                      },
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "paloaltoconnector": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]",
+                        "connectionName": "[[variables('PaloaltoconnectorConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]"
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "tags": {
+                "hidden-SentinelTemplateName": "PaloAlto-PAN-OS-GetThreatPcap",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('AzureblobConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('AzuremonitorlogsConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]"
+              ]
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureblobConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('AzureblobConnectionName')]",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzuremonitorlogsConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('AzuremonitorlogsConnectionName')]",
+                "api": {
+                  "id": "[[variables('_connection-3')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-4')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('PaloaltoconnectorConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('PaloaltoconnectorConnectionName')]",
+                "api": {
+                  "id": "[[variables('_connection-5')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId4'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId4')]",
+                "contentId": "[variables('_playbookContentId4')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion4')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAlto-PAN-OS",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "kind": "LogicAppsCustomConnector",
+                      "contentId": "[variables('_PaloAlto_PAN-OS_XML_API_CustomConnector')]",
+                      "version": "[variables('playbookVersion2')]"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Get Threat PCAP - Palo Alto PAN-OS XML API",
+            "description": "This playbook allows us to get a threat PCAP for a given PCAP ID.",
+            "prerequisites": [
+              "1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key.[Refer this link on how to generate the API Key](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key) \n\n 3. This playbook only works for Palo Alto incidents with a threat PCAP where the PCAP ID is not null or zero."
+            ],
+            "lastUpdateTime": "2022-07-25T00:00:00Z",
+            "entities": [
+              "host"
+            ],
+            "tags": [
+              "Enrichment",
+              "Response from teams"
+            ],
+            "postDeployment": [
+              "** a. Authorize connections ** Once deployment is complete, you will need to authorize each connection. \n\n 1. Click the Microsoft Sentinel connection resource \n\n 2. Click edit API connection \n\n 3. Click Authorize \n\n 4. Sign in \n\n 5. Click Save \n\n 6. Repeat steps for other connections such as Blob Store connection and PAN-OS API connection (For authorizing the PAN-OS API connection, API Key needs to be provided) \n\n ** b. Configurations in Sentinel ** 1. In Microsoft sentinel analytical rules should be configured to trigger an incident with risky IP \n\n 2. Configure the automation rules to trigger this playbook"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId4')]",
+        "contentKind": "Playbook",
+        "displayName": "PaloAlto-PAN-OS-GetThreatPcap",
+        "contentProductId": "[variables('_playbookcontentProductId4')]",
+        "id": "[variables('_playbookcontentProductId4')]",
+        "version": "[variables('playbookVersion4')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName5')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAlto-PAN-OS-GetURLCategoryInfo Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion5')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "PaloAlto-PAN-OS-GetURLCategoryInfo",
+              "type": "string"
+            },
+            "CustomConnectorName": {
+              "defaultValue": "PAN-OSRestApiCustomConnector",
+              "type": "string",
+              "metadata": {
+                "description": "Name of the custom connector, if you want to change the default name, make sure to use the same in all Paloalto automation playbooks as well"
+              }
+            }
+          },
+          "variables": {
+            "PAN-OsrestapicustomconnectorConnectionName": "[[concat('PAN-Osrestapicustomconnector-', parameters('PlaybookName'))]",
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]",
+            "_connection-2": "[[variables('connection-2')]",
+            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "_connection-3": "[[variables('connection-3')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "When_Azure_Sentinel_incident_creation_rule_was_triggered_(Private_Preview_only)": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/incident-creation"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Add_comment_to_incident_(V3)_2": {
+                      "runAfter": {
+                        "Create_HTML_table_of_matched_custom_URL_category": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "body": {
+                          "incidentArmId": "@triggerBody()?['object']?['id']",
+                          "message": "<p>@{body('Create_HTML_table_of_matched_custom_URL_category')}<br>\n<br>\n@{body('Create_HTML_table_of_matched_address_objects')}<br>\n<br>\n<br>\n<br>\n</p>"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/Incidents/Comment"
+                      }
+                    },
+                    "Create_HTML_table_of_matched_address_objects": {
+                      "runAfter": {
+                        "For_each_-_collecting_urls_from_custom_URL_category": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Table",
+                      "inputs": {
+                        "format": "HTML",
+                        "from": "@variables('result')"
+                      }
+                    },
+                    "Create_HTML_table_of_matched_custom_URL_category": {
+                      "runAfter": {
+                        "Create_HTML_table_of_matched_address_objects": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Table",
+                      "inputs": {
+                        "format": "HTML",
+                        "from": "@variables('result1')"
+                      }
+                    },
+                    "Entities_-_Get_URLs": {
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/entities/url"
+                      }
+                    },
+                    "For_each_-_collecting_URL_from_address_objects": {
+                      "foreach": "@body('List_address_objects')?['result']?['entry']",
+                      "actions": {
+                        "Condition_-_to_filter_fqdn_only": {
+                          "actions": {
+                            "For_each": {
+                              "foreach": "@body('Entities_-_Get_URLs')?['URLs']",
+                              "actions": {
+                                "Condition": {
+                                  "actions": {
+                                    "Append_to_array_variable": {
+                                      "type": "AppendToArrayVariable",
+                                      "inputs": {
+                                        "name": "result",
+                                        "value": "@items('For_each_-_collecting_URL_from_address_objects')"
+                                      }
+                                    }
+                                  },
+                                  "expression": {
+                                    "and": [
+                                      {
+                                        "equals": [
+                                          "@items('For_each_-_collecting_URL_from_address_objects')?['fqdn']",
+                                          "@items('For_each')?['Url']"
+                                        ]
+                                      }
+                                    ]
+                                  },
+                                  "type": "If"
+                                }
+                              },
+                              "type": "Foreach"
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "contains": [
+                                  "@items('For_each_-_collecting_URL_from_address_objects')",
+                                  "fqdn"
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If"
+                        }
+                      },
+                      "runAfter": {
+                        "List_custom_url_categories": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "For_each_-_collecting_urls_from_custom_URL_category": {
+                      "foreach": "@body('List_custom_url_categories')?['result']?['entry']",
+                      "actions": {
+                        "For_each_2": {
+                          "foreach": "@body('Entities_-_Get_URLs')?['URLs']",
+                          "actions": {
+                            "Condition_2": {
+                              "actions": {
+                                "Append_to_array_variable_2": {
+                                  "type": "AppendToArrayVariable",
+                                  "inputs": {
+                                    "name": "result1",
+                                    "value": "@items('For_each_-_collecting_urls_from_custom_URL_category')"
+                                  }
+                                }
+                              },
+                              "expression": {
+                                "and": [
+                                  {
+                                    "contains": [
+                                      "@items('For_each_-_collecting_urls_from_custom_URL_category')?['list']?['member']",
+                                      "@items('For_each_2')?['Url']"
+                                    ]
+                                  }
+                                ]
+                              },
+                              "type": "If"
+                            }
+                          },
+                          "type": "Foreach"
+                        }
+                      },
+                      "runAfter": {
+                        "For_each_-_collecting_URL_from_address_objects": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "List_address_objects": {
+                      "runAfter": {
+                        "Variable_for_storing_results_2": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['PAN-OSRestApiCustomConnector']['connectionId']"
+                          }
+                        },
+                        "method": "get",
+                        "path": "/restapi/v10.0/Objects/Addresses",
+                        "queries": {
+                          "location": "vsys",
+                          "vsys": "vsys1"
+                        }
+                      },
+                      "description": "This Lists all the address objects present in the PAN-OS"
+                    },
+                    "List_custom_url_categories": {
+                      "runAfter": {
+                        "List_address_objects": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['PAN-OSRestApiCustomConnector']['connectionId']"
+                          }
+                        },
+                        "method": "get",
+                        "path": "/restapi/v10.0/Objects/CustomURLCategories",
+                        "queries": {
+                          "location": "vsys",
+                          "vsys": "vsys1"
+                        }
+                      }
+                    },
+                    "Variable_for_storing_results": {
+                      "runAfter": {
+                        "Entities_-_Get_URLs": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "result",
+                            "type": "array"
+                          }
+                        ]
+                      }
+                    },
+                    "Variable_for_storing_results_2": {
+                      "runAfter": {
+                        "Variable_for_storing_results": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "result1",
+                            "type": "array"
+                          }
+                        ]
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "PAN-OSRestApiCustomConnector": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('PAN-OsrestapicustomconnectorConnectionName'))]",
+                        "connectionName": "[[variables('PAN-OsrestapicustomconnectorConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]"
+                      },
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "PaloAlto-PAN-OS-GetURLCategoryInfo",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('PAN-OsrestapicustomconnectorConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
+              ]
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('PAN-OsrestapicustomconnectorConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('PAN-OsrestapicustomconnectorConnectionName')]",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-3')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId5'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId5')]",
+                "contentId": "[variables('_playbookContentId5')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion5')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAlto-PAN-OS",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "kind": "LogicAppsCustomConnector",
+                      "contentId": "[variables('_PaloAlto_PAN-OS_Rest_API_CustomConnector')]",
+                      "version": "[variables('playbookVersion1')]"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "comments": "This playbook uses the PaloAlto connector to automatically enrich incidents generated by Sentinel for address object details and URL filtering category information from PAN-OS",
+            "title": "PaloAlto-PAN-OS-GetURLCategoryInfo",
+            "description": " When a new sentinal incident is created, this playbook gets triggered and performs below actions:",
+            "prerequisites": [
+              "1. PAN-OS Custom Connector needs to be deployed prior to the deployment of this playbook under the same subscription. \n\n 2. Generate an API key. [Refer this link on how to generate the API Key](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key)"
+            ],
+            "lastUpdateTime": "2023-05-30T00:00:00Z",
+            "entities": [
+              "url"
+            ],
+            "tags": [
+              "Enrichment",
+              "PaloAlto",
+              "Pan-os"
+            ],
+            "postDeployment": [
+              "** a. Authorize connections ** Once deployment is complete, you will need to authorize each connection. \n\n 1. Click the Microsoft Sentinel connection resource \n\n 2. Click edit API connection \n\n 3. Click Authorize \n\n 4. Sign in \n\n 5. Click Save \n\n 6. Repeat steps for PAN-OS API Connection (For authorizing the PAN-OS API connection, API Key needs to be provided) \n\n ** b. Configurations in Sentinel ** 1. In Microsoft sentinel analytical rules should be configured to trigger an incident with risky user account \n\n 2. Configure the automation rules to trigger this playbook"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId5')]",
+        "contentKind": "Playbook",
+        "displayName": "PaloAlto-PAN-OS-GetURLCategoryInfo",
+        "contentProductId": "[variables('_playbookcontentProductId5')]",
+        "id": "[variables('_playbookcontentProductId5')]",
+        "version": "[variables('playbookVersion5')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName6')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAlto-PAN-OS-BlockIP Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion6')]",
           "parameters": {
             "PlaybookName": {
               "defaultValue": "PaloAlto-PAN-OS-BlockIP",
@@ -5325,7 +5908,7 @@
                       "inputs": {
                         "body": {
                           "body": {
-                            "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on IP's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_IP_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No : @{triggerBody()?['object']?['properties']?['incidentNumber']}  \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident](@{triggerBody()?['object']?['properties']?['incidentUrl']})\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Azure Sentinal incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Microsoft Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"@{triggerBody()?['object']?['properties']?['severity']}\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n{\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
+                            "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on IP's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_IP_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No : @{triggerBody()?['object']?['properties']?['incidentNumber']}  \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident](@{triggerBody()?['object']?['properties']?['incidentUrl']})\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Microsoft Sentinel incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Microsoft Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"@{triggerBody()?['object']?['properties']?['severity']}\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n{\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
                             "recipient": {
                               "channelId": "@parameters('Teams channel Id')"
                             },
@@ -5465,12 +6048,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId4'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId6'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId4')]",
-                "contentId": "[variables('_playbookContentId4')]",
+                "parentId": "[variables('playbookId6')]",
+                "contentId": "[variables('_playbookContentId6')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion4')]",
+                "version": "[variables('playbookVersion6')]",
                 "source": {
                   "kind": "Solution",
                   "name": "PaloAlto-PAN-OS",
@@ -5502,9 +6085,6 @@
             "comments": "This playbook uses the PaloAlto connector to take necessary actions on IP address like Block IP/Unblock IP from predefined address group and also gives an option to close the incident.",
             "title": "PaloAlto-PAN-OS-BlockIP",
             "description": "This playbook allows blocking/unblocking IPs in PaloAlto, using **Address Object Groups**. This allows to make changes on predefined address group, which is attached to predefined security policy rule.",
-            "mainSteps": [
-              "When a new Sentinel incident is created, this playbook gets triggered and performs below actions: \n\n 1. An adaptive card is sent to the SOC channel providing Incident information, IP address, list of existing security policy rules in which IP is a member of and provides an option to Block/Unblock IP Address to predefined address group or Ignore. \n\n 2. The SOC can take action on risky IP based on the information provided in the adaptive card. \n\n ![PaloAlto-PAN-OS-BlockIP](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAlto-PAN-OS-BlockIP/designerscreenshot.PNG?raw=true) \n\n **This is the adaptive card SOC will receive when playbook is triggered for each risky IP for taking actions like block/unblock/ignore:** \n\n ![Adaptive Card example](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAlto-PAN-OS-BlockIP/AdaptiveCardtoBlockorUnblock.PNG?raw=true) \n\n **This is the consolidate adaptive card about the summary of actions taken on IP and the incident configuration:** \n\n ![Consolidated Adaptive Card example](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAlto-PAN-OS-BlockIP/SummarizedAdaptiveCard.PNG?raw=true)"
-            ],
             "prerequisites": [
               "1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key. [Refer this link on how to generate the API Key](https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key) \n\n 3. Address group should be created for PAN-OS and this should be used while creating playbooks."
             ],
@@ -5535,1124 +6115,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId4')]",
+        "contentId": "[variables('_playbookContentId6')]",
         "contentKind": "Playbook",
         "displayName": "PaloAlto-PAN-OS-BlockIP",
-        "contentProductId": "[variables('_playbookcontentProductId4')]",
-        "id": "[variables('_playbookcontentProductId4')]",
-        "version": "[variables('playbookVersion4')]"
+        "contentProductId": "[variables('_playbookcontentProductId6')]",
+        "id": "[variables('_playbookcontentProductId6')]",
+        "version": "[variables('playbookVersion6')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName5')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAlto-PAN-OS-BlockURL-EntityTrigger Playbook with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion5')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "PaloAlto-PAN-OS-BlockURL-EntityTrigger",
-              "type": "string"
-            },
-            "Address Group": {
-              "type": "string",
-              "metadata": {
-                "description": "Enter value for Address Group"
-              }
-            },
-            "Teams Group Id": {
-              "type": "string",
-              "metadata": {
-                "description": "Enter value for Teams Group Id"
-              }
-            },
-            "Teams channel Id": {
-              "type": "string",
-              "metadata": {
-                "description": "Enter value for Teams channel Id"
-              }
-            },
-            "CustomConnectorName": {
-              "defaultValue": "PAN-OSRestApiCustomConnector",
-              "type": "string",
-              "metadata": {
-                "description": "Name of the custom connector, if you want to change the default name, make sure to use the same in all Paloalto automation playbooks as well"
-              }
-            }
-          },
-          "variables": {
-            "PaloaltoconnectorConnectionName": "[[concat('Paloaltoconnector-', parameters('PlaybookName'))]",
-            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
-            "TeamsConnectionName": "[[concat('Teams-', parameters('PlaybookName'))]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]",
-            "_connection-2": "[[variables('connection-2')]",
-            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
-            "_connection-3": "[[variables('connection-3')]",
-            "connection-4": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Teams')]",
-            "_connection-4": "[[variables('connection-4')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "properties": {
-                "provisioningState": "Succeeded",
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    },
-                    "Address Group": {
-                      "type": "string",
-                      "defaultValue": "[[parameters('Address Group')]"
-                    },
-                    "Teams Group Id": {
-                      "type": "string",
-                      "defaultValue": "[[parameters('Teams Group Id')]"
-                    },
-                    "Teams channel Id": {
-                      "type": "string",
-                      "defaultValue": "[[parameters('Teams channel Id')]"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_entity": {
-                      "type": "ApiConnectionWebhook",
-                      "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "path": "/entity/@{encodeURIComponent('UrlEntity')}"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Condition_based_on_the_incident_configuration_from_adaptive_card": {
-                      "actions": {
-                        "Add_comment_to_incident_(V3)": {
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": {
-                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "message": "<p>PAN-OS Playbook ran and performed the following actions:<br>\n@{variables('URLAddressAction')}<br>\n<br>\n<br>\n<br>\nActions taken on Sentinel : Add comment to incident and closure with classification reason &nbsp;@{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['data']?['incidentStatus']}</p>"
-                            },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                              }
-                            },
-                            "method": "post",
-                            "path": "/Incidents/Comment"
-                          }
-                        },
-                        "Update_incident": {
-                          "runAfter": {
-                            "Add_comment_to_incident_(V3)": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": {
-                              "classification": {
-                                "ClassificationAndReason": "@{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['data']?['incidentStatus']}"
-                              },
-                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "severity": "@{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['data']?['incidentSeverity']}",
-                              "status": "Closed"
-                            },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                              }
-                            },
-                            "method": "put",
-                            "path": "/Incidents"
-                          }
-                        }
-                      },
-                      "runAfter": {
-                        "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response": [
-                          "Succeeded"
-                        ]
-                      },
-                      "expression": {
-                        "and": [
-                          {
-                            "equals": [
-                              "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['submitActionId']",
-                              "Change incident configuration"
-                            ]
-                          },
-                          {
-                            "not": {
-                              "equals": [
-                                "@triggerBody()?['IncidentArmID']",
-                                "@null"
-                              ]
-                            }
-                          }
-                        ]
-                      },
-                      "type": "If",
-                      "description": "This decides the action taken on the summarized adaptive card"
-                    },
-                    "Condition_based_on_user_inputs_from_the_adaptive_card": {
-                      "actions": {
-                        "Condition__to_check_if_user_chosen_Block": {
-                          "actions": {
-                            "Create_an_address_object": {
-                              "type": "ApiConnection",
-                              "inputs": {
-                                "body": {
-                                  "entry": {
-                                    "@@name": "@triggerBody()?['Entity']?['properties']?['Url']",
-                                    "description": "@triggerBody()?['Entity']?['properties']?['Url']",
-                                    "fqdn": "@triggerBody()?['Entity']?['properties']?['Url']"
-                                  }
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/restapi/v10.0/Objects/Addresses",
-                                "queries": {
-                                  "address type": "fqdn",
-                                  "location": "vsys",
-                                  "name": "@triggerBody()?['Entity']?['properties']?['Url']",
-                                  "vsys": "vsys1"
-                                }
-                              },
-                              "description": "This creates a new address object for the malicious URL"
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "equals": [
-                                  "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']",
-                                  "Block URL ( add to @{outputs('Configured_address_group')} address group )"
-                                ]
-                              },
-                              {
-                                "equals": [
-                                  "@length(body('Filter_array_of_URL_address_from_list_of_address_objects'))",
-                                  0
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If",
-                          "description": "This check if user chooses Block URL"
-                        },
-                        "Condition_to_check_the_edit_an_address_object_group_status": {
-                          "actions": {
-                            "Condition_to_check_the_action_of_adaptive_card_to_set_the_action_summary": {
-                              "actions": {
-                                "Append_success_status_Blocked_URL_status_to_summary_card": {
-                                  "type": "AppendToArrayVariable",
-                                  "inputs": {
-                                    "name": "URLAddressAction",
-                                    "value": "URL Address : @{triggerBody()?['Entity']?['properties']?['Url']} ,  Action Taken :  Blocked  by               \n                       adding to @{outputs('Configured_address_group')}  ,  Status  :  Success"
-                                  },
-                                  "description": "append action taken to summarize on the adaptive card"
-                                }
-                              },
-                              "else": {
-                                "actions": {
-                                  "Append_success_status_UnBlocked_URL_status_to_summary_card": {
-                                    "type": "AppendToArrayVariable",
-                                    "inputs": {
-                                      "name": "URLAddressAction",
-                                      "value": "URL Address : @{triggerBody()?['Entity']?['properties']?['Url']} ,  Action Taken :  UnBlocked  by               \n                       adding to @{outputs('Configured_address_group')}  ,  Status  :  Success"
-                                    },
-                                    "description": "append action taken to summarize on the adaptive card"
-                                  }
-                                }
-                              },
-                              "expression": {
-                                "and": [
-                                  {
-                                    "equals": [
-                                      "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']",
-                                      "Block URL ( add to @{outputs('Configured_address_group')} address group )"
-                                    ]
-                                  }
-                                ]
-                              },
-                              "type": "If"
-                            }
-                          },
-                          "runAfter": {
-                            "Update_an_address_object_group": [
-                              "Succeeded"
-                            ]
-                          },
-                          "else": {
-                            "actions": {
-                              "Append_failure_status_to_summary_card": {
-                                "type": "AppendToArrayVariable",
-                                "inputs": {
-                                  "name": "URLAddressAction",
-                                  "value": "URL Address : @{triggerBody()?['Entity']?['properties']?['Url']}  ,  Action Taken :  @{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']} ,  Status :  Failure"
-                                },
-                                "description": "append action taken to summarize on the adaptive card"
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "equals": [
-                                  "@body('Update_an_address_object_group')?['@status']",
-                                  "success"
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If"
-                        },
-                        "Update_an_address_object_group": {
-                          "runAfter": {
-                            "Condition__to_check_if_user_chosen_Block": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": {
-                              "entry": [
-                                {
-                                  "@@name": "@parameters('Address Group')",
-                                  "static": {
-                                    "member": "@{variables('AddressGroupMembers')}"
-                                  }
-                                }
-                              ]
-                            },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
-                              }
-                            },
-                            "method": "put",
-                            "path": "/restapi/v10.0/Objects/AddressGroups",
-                            "queries": {
-                              "location": "vsys",
-                              "name": "@parameters('Address Group')",
-                              "vsys": "vsys1"
-                            }
-                          }
-                        }
-                      },
-                      "runAfter": {
-                        "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3": [
-                          "Succeeded"
-                        ]
-                      },
-                      "else": {
-                        "actions": {
-                          "Append_to_array_variable_URL_address_action_chosen": {
-                            "type": "AppendToArrayVariable",
-                            "inputs": {
-                              "name": "URLAddressAction",
-                              "value": "URL Address : @{triggerBody()?['Entity']?['properties']?['Url']},  Action Taken :  @{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']} ,  Status :  Success                                               "
-                            },
-                            "description": "This appends the action taken on URL to the list of existing actions"
-                          }
-                        }
-                      },
-                      "expression": {
-                        "and": [
-                          {
-                            "not": {
-                              "equals": [
-                                "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']",
-                                "Ignore"
-                              ]
-                            }
-                          }
-                        ]
-                      },
-                      "type": "If",
-                      "description": "condition to check the submit action is block / unblock or Ignore"
-                    },
-                    "Condition_to_check_if_URL_address_already_present_in_list_of_address_objects": {
-                      "actions": {
-                        "Condition_to_check_if_URL_already_present_in_predefined_address_group": {
-                          "actions": {
-                            "Append_address_group_text": {
-                              "type": "AppendToArrayVariable",
-                              "inputs": {
-                                "name": "AdaptiveCardBody",
-                                "value": {
-                                  "text": "The URL @{triggerBody()?['Entity']?['properties']?['Url']}  is already a member of the blocked address group @{outputs('Configured_address_group')}",
-                                  "type": "TextBlock",
-                                  "wrap": true
-                                }
-                              },
-                              "description": "append address group text to adaptive card dynamically"
-                            },
-                            "Filter_array_URL_address_from_the_list_of_address_objects_to_unreference": {
-                              "runAfter": {
-                                "Set_dynamic_action_name": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "Query",
-                              "inputs": {
-                                "from": "@variables('AddressGroupMembers')",
-                                "where": "@not(equals(item(), triggerBody()?['Entity']?['properties']?['Url']))"
-                              },
-                              "description": "This filters the URL address from predefined address group to unreference/unblock URL"
-                            },
-                            "Set_dynamic_action_name": {
-                              "runAfter": {
-                                "Append_address_group_text": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "ActionName",
-                                "value": "UnBlock URL"
-                              },
-                              "description": "variable to set action name dynamically"
-                            },
-                            "unreference_URL_address_from_the_existing_group_members": {
-                              "runAfter": {
-                                "Filter_array_URL_address_from_the_list_of_address_objects_to_unreference": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "AddressGroupMembers",
-                                "value": "@body('Filter_array_URL_address_from_the_list_of_address_objects_to_unreference')"
-                              },
-                              "description": "unreference URL address from the group members and update"
-                            }
-                          },
-                          "else": {
-                            "actions": {
-                              "Append_URL_address_to_the_address_group_members": {
-                                "runAfter": {
-                                  "Append_address_group_text_to_adaptive_card_body": [
-                                    "Succeeded"
-                                  ]
-                                },
-                                "type": "AppendToArrayVariable",
-                                "inputs": {
-                                  "name": "AddressGroupMembers",
-                                  "value": "@triggerBody()?['Entity']?['properties']?['Url']"
-                                },
-                                "description": "append URL address to the address group members"
-                              },
-                              "Append_address_group_text_to_adaptive_card_body": {
-                                "type": "AppendToArrayVariable",
-                                "inputs": {
-                                  "name": "AdaptiveCardBody",
-                                  "value": {
-                                    "text": "The URL @{triggerBody()?['Entity']?['properties']?['Url']}  is not a member of the blocked address group @{outputs('Configured_address_group')}",
-                                    "type": "TextBlock",
-                                    "wrap": true
-                                  }
-                                },
-                                "description": "append address group text to adaptive card dynamically"
-                              },
-                              "Set_dynamic_action_name_to_variable_Action_name": {
-                                "runAfter": {
-                                  "Append_URL_address_to_the_address_group_members": [
-                                    "Succeeded"
-                                  ]
-                                },
-                                "type": "SetVariable",
-                                "inputs": {
-                                  "name": "ActionName",
-                                  "value": "Block URL"
-                                },
-                                "description": "set action name dynamically"
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "contains": [
-                                  "@variables('AddressGroupMembers')",
-                                  "@triggerBody()?['Entity']?['properties']?['Url']"
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If",
-                          "description": "condition to check the malicious URL address is present in the predefined address group and the URL is part of static member"
-                        }
-                      },
-                      "runAfter": {
-                        "Condition_to_check_if_the_URL_is_a_part_of_security_policy_rules": [
-                          "Succeeded"
-                        ]
-                      },
-                      "else": {
-                        "actions": {
-                          "Append_URL_to_array_of_address_group_members": {
-                            "runAfter": {
-                              "Append_to_array_variable_text_if_URL_is_not_a_member_of_blocked_address_group": [
-                                "Succeeded"
-                              ]
-                            },
-                            "type": "AppendToArrayVariable",
-                            "inputs": {
-                              "name": "AddressGroupMembers",
-                              "value": "@triggerBody()?['Entity']?['properties']?['Url']"
-                            },
-                            "description": "append the Malicious URL address to the existing group members to block / unblock from the predefined address group"
-                          },
-                          "Append_to_array_variable_text_if_URL_is_not_a_member_of_blocked_address_group": {
-                            "type": "AppendToArrayVariable",
-                            "inputs": {
-                              "name": "AdaptiveCardBody",
-                              "value": {
-                                "text": "The URL @{triggerBody()?['Entity']?['properties']?['Url']}  is not a member of the blocked address group @{outputs('Configured_address_group')}",
-                                "type": "TextBlock",
-                                "wrap": true
-                              }
-                            },
-                            "description": "This appends the text to display If URL is not a member of security policy rules"
-                          },
-                          "Set_variable_to_Block_URL": {
-                            "runAfter": {
-                              "Append_URL_to_array_of_address_group_members": [
-                                "Succeeded"
-                              ]
-                            },
-                            "type": "SetVariable",
-                            "inputs": {
-                              "name": "ActionName",
-                              "value": "Block URL"
-                            },
-                            "description": "This sets the variable block URL"
-                          }
-                        }
-                      },
-                      "expression": {
-                        "and": [
-                          {
-                            "greater": [
-                              "@length(body('Filter_array_of_URL_address_from_list_of_address_objects'))",
-                              0
-                            ]
-                          }
-                        ]
-                      },
-                      "type": "If",
-                      "description": "This checks if URL is a member of any of the list of address objects"
-                    },
-                    "Condition_to_check_if_the_URL_is_a_part_of_security_policy_rules": {
-                      "actions": {
-                        "Append_policy_text": {
-                          "type": "AppendToArrayVariable",
-                          "inputs": {
-                            "name": "AdaptiveCardBody",
-                            "value": {
-                              "text": "It is also member of the following security policy rules",
-                              "type": "TextBlock"
-                            }
-                          },
-                          "description": "dynamic policy text based on security policies"
-                        },
-                        "Append_security_policies": {
-                          "runAfter": {
-                            "Append_policy_text": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "AppendToArrayVariable",
-                          "inputs": {
-                            "name": "AdaptiveCardBody",
-                            "value": {
-                              "columns": [
-                                {
-                                  "items": "@body('Select_security_policy_rules')",
-                                  "type": "Column"
-                                }
-                              ],
-                              "type": "ColumnSet"
-                            }
-                          },
-                          "description": "append security policies which the URL address is exist"
-                        }
-                      },
-                      "runAfter": {
-                        "Select_security_policy_rules": [
-                          "Succeeded"
-                        ]
-                      },
-                      "else": {
-                        "actions": {
-                          "Append_policy_text_to_adaptive_card_body_variable": {
-                            "type": "AppendToArrayVariable",
-                            "inputs": {
-                              "name": "AdaptiveCardBody",
-                              "value": {
-                                "text": "It is not a member of any other Policy Rules",
-                                "type": "TextBlock"
-                              }
-                            },
-                            "description": "dynamic policy text based on security policies"
-                          },
-                          "Append_security_policies_to_adaptive_card_body_variable": {
-                            "runAfter": {
-                              "Append_policy_text_to_adaptive_card_body_variable": [
-                                "Succeeded"
-                              ]
-                            },
-                            "type": "AppendToArrayVariable",
-                            "inputs": {
-                              "name": "AdaptiveCardBody"
-                            },
-                            "description": "append security policies which the URL address is exist"
-                          }
-                        }
-                      },
-                      "expression": {
-                        "and": [
-                          {
-                            "greater": [
-                              "@length(body('Select_security_policy_rules'))",
-                              0
-                            ]
-                          }
-                        ]
-                      },
-                      "type": "If",
-                      "description": "condition to check if the URL address is present in the existing security policy rules to conditionally apply the policy text and security policy rules"
-                    },
-                    "Configured_address_group": {
-                      "runAfter": {
-                        "Set_variable_address_group_members": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Compose",
-                      "inputs": "@body('List_address_groups')?['result']?['entry']?[0]?['@name']",
-                      "description": "compose predefined address group"
-                    },
-                    "Filter_array_URL_from_list_of_security_rules": {
-                      "runAfter": {
-                        "Configured_address_group": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Query",
-                      "inputs": {
-                        "from": "@body('List_security_rules')?['result']?['entry']",
-                        "where": "@contains(item()?['destination']?['member'], triggerBody()?['Entity']?['properties']?['Url'])"
-                      },
-                      "description": "This filters all the security rules in which this URL is a member"
-                    },
-                    "Filter_array_of_URL_address_from_list_of_address_objects": {
-                      "runAfter": {
-                        "Set_variable_adaptive_card_body": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Query",
-                      "inputs": {
-                        "from": "@body('List_address_objects')?['result']?['entry']",
-                        "where": "@equals(item()?['fqdn'], triggerBody()?['Entity']?['properties']?['Url'])"
-                      },
-                      "description": "This filters the list of address objects in which this URL is a member "
-                    },
-                    "Initialize_variable_URL_address_action": {
-                      "runAfter": {
-                        "Initialize_variable_address_group_members": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "URLAddressAction",
-                            "type": "array"
-                          }
-                        ]
-                      },
-                      "description": "This holds the action taken on each URL "
-                    },
-                    "Initialize_variable_action_name": {
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "ActionName",
-                            "type": "string"
-                          }
-                        ]
-                      },
-                      "description": "variable to store action name to be displayed on adaptive card"
-                    },
-                    "Initialize_variable_adaptive_card_body": {
-                      "runAfter": {
-                        "Initialize_variable_action_name": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "AdaptiveCardBody",
-                            "type": "array"
-                          }
-                        ]
-                      },
-                      "description": "variable to store adaptive card body json"
-                    },
-                    "Initialize_variable_address_group_members": {
-                      "runAfter": {
-                        "Initialize_variable_adaptive_card_body": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "AddressGroupMembers",
-                            "type": "array"
-                          }
-                        ]
-                      },
-                      "description": "variable to store the list of address group members"
-                    },
-                    "List_address_groups": {
-                      "runAfter": {
-                        "Filter_array_of_URL_address_from_list_of_address_objects": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
-                          }
-                        },
-                        "method": "get",
-                        "path": "/restapi/v10.0/Objects/AddressGroups",
-                        "queries": {
-                          "location": "vsys",
-                          "name": "urladdress",
-                          "vsys": "vsys1"
-                        }
-                      },
-                      "description": "This gets complete list of address object groups present in the PAN-OS"
-                    },
-                    "List_address_objects": {
-                      "runAfter": {
-                        "Initialize_variable_URL_address_action": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
-                          }
-                        },
-                        "method": "get",
-                        "path": "/restapi/v10.0/Objects/Addresses",
-                        "queries": {
-                          "location": "vsys",
-                          "vsys": "vsys1"
-                        }
-                      },
-                      "description": "This gets complete list of address object present in the PAN-OS"
-                    },
-                    "List_security_rules": {
-                      "runAfter": {
-                        "List_address_objects": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
-                          }
-                        },
-                        "method": "get",
-                        "path": "/restapi/v10.0/Policies/SecurityRules",
-                        "queries": {
-                          "location": "vsys",
-                          "vsys": "vsys1"
-                        }
-                      },
-                      "description": "This gets complete list of security policy rules present in the PAN-OS"
-                    },
-                    "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response": {
-                      "runAfter": {
-                        "Set_variable_actions_on_URL_to_be_displayed_on_adaptive_card": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnectionWebhook",
-                      "inputs": {
-                        "body": {
-                          "body": {
-                            "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on URL's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_URL_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No :   \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident]()\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Azure Sentinal incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Microsoft Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n  {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
-                            "recipient": {
-                              "channelId": "@parameters('Teams channel Id')"
-                            },
-                            "shouldUpdateCard": true
-                          },
-                          "notificationUrl": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['teams']['connectionId']"
-                          }
-                        },
-                        "path": "/flowbot/actions/flowcontinuation/recipienttypes/channel/$subscriptions",
-                        "queries": {
-                          "groupId": "@parameters('Teams Group Id')"
-                        }
-                      }
-                    },
-                    "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3": {
-                      "runAfter": {
-                        "Condition_to_check_if_URL_address_already_present_in_list_of_address_objects": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnectionWebhook",
-                      "inputs": {
-                        "body": {
-                          "body": {
-                            "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\":@{variables('AdaptiveCardBody')} ,\n     \"actions\": [\n  {\n    \"title\": \"@{variables('ActionName')} ( add to @{outputs('Configured_address_group')} address group )\",\n    \"type\": \"Action.Submit\"\n  },\n  {\n    \"title\": \"Ignore\",\n    \"type\": \"Action.Submit\"\n  }\n],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
-                            "recipient": {
-                              "channelId": "@parameters('Teams channel Id')"
-                            },
-                            "shouldUpdateCard": true
-                          },
-                          "notificationUrl": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['teams']['connectionId']"
-                          }
-                        },
-                        "path": "/flowbot/actions/flowcontinuation/recipienttypes/channel/$subscriptions",
-                        "queries": {
-                          "groupId": "@parameters('Teams Group Id')"
-                        }
-                      }
-                    },
-                    "Select_security_policy_rules": {
-                      "runAfter": {
-                        "Filter_array_URL_from_list_of_security_rules": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Select",
-                      "inputs": {
-                        "from": "@body('Filter_array_URL_from_list_of_security_rules')",
-                        "select": {
-                          "text": " @{item()?['@name']}, action :  @{item()?['action']}",
-                          "type": "TextBlock",
-                          "weight": "bolder"
-                        }
-                      },
-                      "description": "prepare columns list to show the security policy rules in the adaptive card if URL address is present"
-                    },
-                    "Set_variable_actions_on_URL_to_be_displayed_on_adaptive_card": {
-                      "runAfter": {
-                        "Condition_based_on_user_inputs_from_the_adaptive_card": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Select",
-                      "inputs": {
-                        "from": "@variables('URLAddressAction')",
-                        "select": {
-                          "text": "@item()",
-                          "type": "TextBlock"
-                        }
-                      },
-                      "description": "This is used to compose the list of actions taken by SOC on respective URL addresses"
-                    },
-                    "Set_variable_adaptive_card_body": {
-                      "runAfter": {
-                        "List_security_rules": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "SetVariable",
-                      "inputs": {
-                        "name": "AdaptiveCardBody",
-                        "value": [
-                          {
-                            "size": "Large",
-                            "text": "Suspicious URL - Microsoft Sentinel",
-                            "type": "TextBlock",
-                            "weight": "Bolder",
-                            "wrap": true
-                          },
-                          {
-                            "text": "Possible Comprised URL @{triggerBody()?['Entity']?['properties']?['Url']} detected by the provider : ",
-                            "type": "TextBlock",
-                            "wrap": true
-                          },
-                          {
-                            "text": "  Incident  ",
-                            "type": "TextBlock",
-                            "weight": "Bolder",
-                            "wrap": true
-                          },
-                          {
-                            "text": " Incident No :   ",
-                            "type": "TextBlock",
-                            "weight": "Bolder",
-                            "wrap": true
-                          },
-                          {
-                            "text": "Incident description",
-                            "type": "TextBlock",
-                            "weight": "Bolder",
-                            "wrap": true
-                          },
-                          {
-                            "text": "[variables('blanks')]",
-                            "type": "TextBlock",
-                            "wrap": true
-                          },
-                          {
-                            "text": "[[[[Click here to view the Incident]()",
-                            "type": "TextBlock",
-                            "wrap": true
-                          },
-                          {
-                            "size": "Medium",
-                            "text": "Response in PAN-OS",
-                            "type": "TextBlock",
-                            "weight": "Bolder"
-                          },
-                          {
-                            "size": "Small",
-                            "style": "Person",
-                            "type": "Image",
-                            "url": "https://avatars2.githubusercontent.com/u/4855743?s=280&v=4"
-                          }
-                        ]
-                      },
-                      "description": "variable to hold adaptive card body"
-                    },
-                    "Set_variable_address_group_members": {
-                      "runAfter": {
-                        "List_address_groups": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "SetVariable",
-                      "inputs": {
-                        "name": "AddressGroupMembers",
-                        "value": "@body('List_address_groups')?['result']?['entry']?[0]?['static']?['member']"
-                      },
-                      "description": "assign list of address group members"
-                    }
-                  }
-                },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "PaloAltoConnector": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]",
-                        "connectionName": "[[variables('PaloaltoconnectorConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]"
-                      },
-                      "azuresentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      },
-                      "teams": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('TeamsConnectionName'))]",
-                        "connectionName": "[[variables('TeamsConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Teams')]"
-                      }
-                    }
-                  }
-                }
-              },
-              "name": "[[parameters('PlaybookName')]",
-              "type": "Microsoft.Logic/workflows",
-              "location": "[[variables('workspace-location-inline')]",
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "tags": {
-                "hidden-SentinelTemplateName": "PaloAlto-PAN-OS-BlockURL-EntityTrigger",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "apiVersion": "2017-07-01",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('TeamsConnectionName'))]"
-              ]
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('PaloaltoconnectorConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('PaloaltoconnectorConnectionName')]",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MicrosoftSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-3')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('TeamsConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('TeamsConnectionName')]",
-                "api": {
-                  "id": "[[variables('_connection-4')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId5'),'/'))))]",
-              "properties": {
-                "parentId": "[variables('playbookId5')]",
-                "contentId": "[variables('_playbookContentId5')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion5')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAlto-PAN-OS",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                },
-                "dependencies": {
-                  "criteria": [
-                    {
-                      "kind": "LogicAppsCustomConnector",
-                      "contentId": "[variables('_PaloAlto_PAN-OS_Rest_API_CustomConnector')]",
-                      "version": "[variables('playbookVersion1')]"
-                    }
-                  ]
-                }
-              }
-            }
-          ],
-          "metadata": {
-            "comments": "This playbook uses the PaloAlto connector to take necessary actions on URL address like Block URL/Unblock URL from predefined address group and also gives an option to close the incident.",
-            "title": "PaloAlto-PAN-OS-BlockURL-EntityTrigger",
-            "description": "This playbook allows blocking/unblocking URLs in PaloAlto, using **predefined address group**. This allows to make changes on predefined address group, which is attached to security policy rule.",
-            "prerequisites": [
-              "1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key.[Refer this link on how to generate the API Key](https://paloaltolactest.trafficmanager.net/restapi-doc/#tag/key-generation) \n\n 3. Address group should be created for PAN-OS and this should be used while creating playbooks."
-            ],
-            "mainSteps": [
-              "When a new Sentinel incident is created, this playbook gets triggered and performs below actions: \n\n 1. An adaptive card is sent to the SOC channel providing Incident information, URL address, list of existing security policy rules in which URL is a member of and provides an option to Block/Unblock URL Address by adding/removing it to/from the predefined address group. \n\n 2. The SOC can act on risky URL based on the information provided in the adaptive card, or ignore. \n\n ![PaloAlto-PAN-OS-BlockURL](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAlto-PAN-OS-BlockURL/designerscreenshot.PNG?raw=true) \n\n **This is the adaptive card SOC will receive when playbook is triggered for each risky URL for taking actions like block/unblock/ignore ::** \n\n ![Adaptive Card example](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAlto-PAN-OS-BlockURL/AdaptiveCardtoBlockorUnblock.PNG?raw=true) \n\n **This is the consolidate adaptive card about the summary of actions taken on URL and the incident configuration ::** \n\n ![Consolidated Adaptive Card example](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAlto-PAN-OS-BlockURL/SummarizedAdaptiveCard.PNG?raw=true)"
-            ],
-            "lastUpdateTime": "2023-05-30T00:00:00Z",
-            "entities": [
-              "Url"
-            ],
-            "tags": [
-              "Remediation",
-              "Response from teams"
-            ],
-            "postDeployment": [
-              "**a. Authorize connections** \n\n Once deployment is complete, you will need to authorize each connection. \n\n 1. Click the Microsoft Sentinel connection resource \n\n 2. Click edit API connection \n\n 3. Click Authorize \n\n 4. Sign in \n\n 5. Click Save \n\n 6. Repeat steps for other connection such as Teams connection and PAN-OS API connection (For authorizing the PAN-OS API connection, API Key needs to be provided) \n\n **b. Configurations in Sentinel** \n\n 1. In Microsoft sentinel analytical rules should be configured to trigger an incident with risky URL \n\n 2. Configure the automation rules to trigger this playbook"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId5')]",
-        "contentKind": "Playbook",
-        "displayName": "PaloAlto-PAN-OS-BlockURL-EntityTrigger",
-        "contentProductId": "[variables('_playbookcontentProductId5')]",
-        "id": "[variables('_playbookcontentProductId5')]",
-        "version": "[variables('playbookVersion5')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName6')]",
+      "name": "[variables('playbookTemplateSpecName7')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -6661,7 +6135,7 @@
         "description": "PaloAlto-PAN-OS-BlockURL Playbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion6')]",
+          "contentVersion": "[variables('playbookVersion7')]",
           "parameters": {
             "PlaybookName": {
               "defaultValue": "PaloAlto-PAN-OS-BlockURL",
@@ -7587,7 +7061,7 @@
                       "inputs": {
                         "body": {
                           "body": {
-                            "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on URL's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_URL_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No : @{triggerBody()?['object']?['properties']?['incidentNumber']}  \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident](@{triggerBody()?['object']?['properties']?['incidentUrl']})\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Azure Sentinal incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Microsoft Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"@{triggerBody()?['object']?['properties']?['severity']}\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n  {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
+                            "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on URL's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_URL_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No : @{triggerBody()?['object']?['properties']?['incidentNumber']}  \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident](@{triggerBody()?['object']?['properties']?['incidentUrl']})\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Microsoft Sentinel incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Microsoft Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"@{triggerBody()?['object']?['properties']?['severity']}\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n  {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
                             "recipient": {
                               "channelId": "@parameters('Teams channel Id')"
                             },
@@ -7727,12 +7201,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId6'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId7'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId6')]",
-                "contentId": "[variables('_playbookContentId6')]",
+                "parentId": "[variables('playbookId7')]",
+                "contentId": "[variables('_playbookContentId7')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion6')]",
+                "version": "[variables('playbookVersion7')]",
                 "source": {
                   "kind": "Solution",
                   "name": "PaloAlto-PAN-OS",
@@ -7765,10 +7239,7 @@
             "title": "PaloAlto-PAN-OS-BlockURL",
             "description": "This playbook allows blocking/unblocking URLs in PaloAlto, using **predefined address group**. This allows to make changes on predefined address group, which is attached to security policy rule.",
             "prerequisites": [
-              "1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key.[Refer this link on how to generate the API Key](https://paloaltolactest.trafficmanager.net/restapi-doc/#tag/key-generation) \n\n 3. Address group should be created for PAN-OS and this should be used while creating playbooks."
-            ],
-            "mainSteps": [
-              "When a new Sentinel incident is created, this playbook gets triggered and performs below actions: \n\n 1. An adaptive card is sent to the SOC channel providing Incident information, URL address, list of existing security policy rules in which URL is a member of and provides an option to Block/Unblock URL Address by adding/removing it to/from the predefined address group. \n\n 2. The SOC can act on risky URL based on the information provided in the adaptive card, or ignore. \n\n ![PaloAlto-PAN-OS-BlockURL](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAlto-PAN-OS-BlockURL/designerscreenshot.PNG?raw=true) \n\n **This is the adaptive card SOC will receive when playbook is triggered for each risky URL for taking actions like block/unblock/ignore ::** \n\n ![Adaptive Card example](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAlto-PAN-OS-BlockURL/AdaptiveCardtoBlockorUnblock.PNG?raw=true) \n\n **This is the consolidate adaptive card about the summary of actions taken on URL and the incident configuration ::** \n\n ![Consolidated Adaptive Card example](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAlto-PAN-OS-BlockURL/SummarizedAdaptiveCard.PNG?raw=true)"
+              "1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key.[Refer this link on how to generate the API Key](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key) \n\n 3. Address group should be created for PAN-OS and this should be used while creating playbooks."
             ],
             "lastUpdateTime": "2023-05-30T00:00:00Z",
             "entities": [
@@ -7795,259 +7266,9 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId6')]",
-        "contentKind": "Playbook",
-        "displayName": "PaloAlto-PAN-OS-BlockURL",
-        "contentProductId": "[variables('_playbookcontentProductId6')]",
-        "id": "[variables('_playbookcontentProductId6')]",
-        "version": "[variables('playbookVersion6')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName7')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAlto-PAN-OS-GetSystemInfo Playbook with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion7')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "PaloAlto-PAN-OS-GetSystemInfo",
-              "type": "string"
-            },
-            "CustomConnectorName": {
-              "defaultValue": "PAN-OSXmlApiCustomConnector",
-              "type": "string",
-              "metadata": {
-                "description": "Name of the custom connector, if you want to change the default name, make sure to use the same in all Paloalto automation playbooks as well"
-              }
-            }
-          },
-          "variables": {
-            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
-            "PaloaltoconnectorConnectionName": "[[concat('Paloaltoconnector-', parameters('PlaybookName'))]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
-            "_connection-2": "[[variables('connection-2')]",
-            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]",
-            "_connection-3": "[[variables('connection-3')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "properties": {
-                "provisioningState": "Succeeded",
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_incident": {
-                      "type": "ApiConnectionWebhook",
-                      "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "path": "/incident-creation"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Add_comment_to_incident_(V3)": {
-                      "runAfter": {
-                        "Query_Palo_Alto_XML_API": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "body": {
-                          "incidentArmId": "@triggerBody()?['object']?['id']",
-                          "message": "<p><span style=\"font-size: 16px\"><strong>System Info :</strong></span><br>\n<br>\n@{body('Query_Palo_Alto_XML_API')}</p>"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "method": "post",
-                        "path": "/Incidents/Comment"
-                      }
-                    },
-                    "Query_Palo_Alto_XML_API": {
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['paloaltoconnector']['connectionId']"
-                          }
-                        },
-                        "method": "get",
-                        "path": "/api/",
-                        "queries": {
-                          "cmd": "<show><system><info></info></system></show>",
-                          "type": "op"
-                        }
-                      }
-                    }
-                  }
-                },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "azuresentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      },
-                      "paloaltoconnector": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]",
-                        "connectionName": "[[variables('PaloaltoconnectorConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]"
-                      }
-                    }
-                  }
-                }
-              },
-              "name": "[[parameters('PlaybookName')]",
-              "type": "Microsoft.Logic/workflows",
-              "location": "[[variables('workspace-location-inline')]",
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "tags": {
-                "hidden-SentinelTemplateName": "PaloAlto-PAN-OS-GetSystemInfo",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "apiVersion": "2017-07-01",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]"
-              ]
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MicrosoftSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('PaloaltoconnectorConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('PaloaltoconnectorConnectionName')]",
-                "api": {
-                  "id": "[[variables('_connection-3')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId7'),'/'))))]",
-              "properties": {
-                "parentId": "[variables('playbookId7')]",
-                "contentId": "[variables('_playbookContentId7')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion7')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAlto-PAN-OS",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                },
-                "dependencies": {
-                  "criteria": [
-                    {
-                      "kind": "LogicAppsCustomConnector",
-                      "contentId": "[variables('_PaloAlto_PAN-OS_XML_API_CustomConnector')]",
-                      "version": "[variables('playbookVersion2')]"
-                    }
-                  ]
-                }
-              }
-            }
-          ],
-          "metadata": {
-            "title": "Get System Info - Palo Alto PAN-OS XML API",
-            "description": "This playbook allows us to get System Info of a Palo Alto device for a Microsoft Sentinel alert.",
-            "mainSteps": [
-              "When a new Sentinel incident is created, this playbook gets triggered and performs below actions: \n\n 1. Gets the various parameters from the alert \n\n 2. Gets the System Info for the device in the alert. \n\n 3. Creates a Sentinel Incident and updates it with the system info."
-            ],
-            "prerequisites": [
-              "1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key.[Refer this link on how to generate the API Key](https://paloaltolactest.trafficmanager.net/restapi-doc/#tag/key-generation) \n\n 3. This playbook only works for Palo Alto incidents."
-            ],
-            "lastUpdateTime": "2022-07-25T00:00:00Z",
-            "entities": [
-              "Ip"
-            ],
-            "tags": [
-              "Remediation",
-              "Response from teams"
-            ],
-            "postDeployment": [
-              "** a. Authorize connections ** Once deployment is complete, you will need to authorize each connection. \n\n 1. Click the Microsoft Sentinel connection resource \n\n 2. Click edit API connection \n\n 3. Click Authorize \n\n 4. Sign in \n\n 5. Click Save \n\n 6. Repeat steps for other connections such as Blob Store connection and PAN-OS API connection (For authorizing the PAN-OS API connection, API Key needs to be provided) \n\n ** b. Configurations in Sentinel ** 1. In Microsoft sentinel analytical rules should be configured to trigger an incident with risky IP \n\n 2. Configure the automation rules to trigger this playbook"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('_playbookContentId7')]",
         "contentKind": "Playbook",
-        "displayName": "PaloAlto-PAN-OS-GetSystemInfo",
+        "displayName": "PaloAlto-PAN-OS-BlockURL",
         "contentProductId": "[variables('_playbookcontentProductId7')]",
         "id": "[variables('_playbookcontentProductId7')]",
         "version": "[variables('playbookVersion7')]"
@@ -8062,41 +7283,35 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PaloAlto-PAN-OS-GetThreatPcap Playbook with template version 3.0.0",
+        "description": "PaloAlto-PAN-OS-BlockURL-EntityTrigger Playbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion8')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "PaloAlto-PAN-OS-GetThreatPcap",
+              "defaultValue": "PaloAlto-PAN-OS-BlockURL-EntityTrigger",
               "type": "string"
             },
-            "LogAnalyticsResourceGroup": {
+            "Address Group": {
               "type": "string",
               "metadata": {
-                "description": "Enter value for LogAnalyticsResourceGroup"
+                "description": "Enter value for Address Group"
               }
             },
-            "LogAnalyticsResourceName": {
+            "Teams Group Id": {
               "type": "string",
               "metadata": {
-                "description": "Enter value for LogAnalyticsResourceName"
+                "description": "Enter value for Teams Group Id"
               }
             },
-            "Storage Name": {
+            "Teams channel Id": {
               "type": "string",
               "metadata": {
-                "description": "Enter value for Storage Name"
-              }
-            },
-            "Container Name": {
-              "type": "string",
-              "metadata": {
-                "description": "Enter value for Container Name"
+                "description": "Enter value for Teams channel Id"
               }
             },
             "CustomConnectorName": {
-              "defaultValue": "PAN-OSXmlApiCustomConnector",
+              "defaultValue": "PAN-OSRestApiCustomConnector",
               "type": "string",
               "metadata": {
                 "description": "Name of the custom connector, if you want to change the default name, make sure to use the same in all Paloalto automation playbooks as well"
@@ -8104,18 +7319,15 @@
             }
           },
           "variables": {
-            "AzureblobConnectionName": "[[concat('Azureblob-', parameters('PlaybookName'))]",
-            "AzuremonitorlogsConnectionName": "[[concat('Azuremonitorlogs-', parameters('PlaybookName'))]",
-            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
             "PaloaltoconnectorConnectionName": "[[concat('Paloaltoconnector-', parameters('PlaybookName'))]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azureblob')]",
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "TeamsConnectionName": "[[concat('Teams-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]",
             "_connection-2": "[[variables('connection-2')]",
-            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuremonitorlogs')]",
+            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
             "_connection-3": "[[variables('connection-3')]",
-            "connection-4": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "connection-4": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Teams')]",
             "_connection-4": "[[variables('connection-4')]",
-            "connection-5": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]",
-            "_connection-5": "[[variables('connection-5')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
             "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
@@ -8132,25 +7344,21 @@
                     "$connections": {
                       "type": "Object"
                     },
-                    "Container Name": {
+                    "Address Group": {
                       "type": "string",
-                      "defaultValue": "[[parameters('Container Name')]"
+                      "defaultValue": "[[parameters('Address Group')]"
                     },
-                    "LogAnalyticsResourceGroup": {
+                    "Teams Group Id": {
                       "type": "string",
-                      "defaultValue": "[[parameters('LogAnalyticsResourceGroup')]"
+                      "defaultValue": "[[parameters('Teams Group Id')]"
                     },
-                    "LogAnalyticsResourceName": {
+                    "Teams channel Id": {
                       "type": "string",
-                      "defaultValue": "[[parameters('LogAnalyticsResourceName')]"
-                    },
-                    "Storage Name": {
-                      "type": "string",
-                      "defaultValue": "[[parameters('Storage Name')]"
+                      "defaultValue": "[[parameters('Teams channel Id')]"
                     }
                   },
                   "triggers": {
-                    "Microsoft_Sentinel_incident": {
+                    "Microsoft_Sentinel_entity": {
                       "type": "ApiConnectionWebhook",
                       "inputs": {
                         "body": {
@@ -8161,267 +7369,860 @@
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/incident-creation"
+                        "path": "/entity/@{encodeURIComponent('UrlEntity')}"
                       }
                     }
                   },
                   "actions": {
-                    "For_each": {
-                      "foreach": "@body('Parse_JSON_-_Result_of_Run_query')",
+                    "Condition_based_on_the_incident_configuration_from_adaptive_card": {
                       "actions": {
-                        "If_PCAP_ID_Exists": {
+                        "Add_comment_to_incident_(V3)": {
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
+                              "message": "<p>PAN-OS Playbook ran and performed the following actions:<br>\n@{variables('URLAddressAction')}<br>\n<br>\n<br>\n<br>\nActions taken on Sentinel : Add comment to incident and closure with classification reason &nbsp;@{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['data']?['incidentStatus']}</p>"
+                            },
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                              }
+                            },
+                            "method": "post",
+                            "path": "/Incidents/Comment"
+                          }
+                        },
+                        "Update_incident": {
+                          "runAfter": {
+                            "Add_comment_to_incident_(V3)": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "classification": {
+                                "ClassificationAndReason": "@{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['data']?['incidentStatus']}"
+                              },
+                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
+                              "severity": "@{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['data']?['incidentSeverity']}",
+                              "status": "Closed"
+                            },
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                              }
+                            },
+                            "method": "put",
+                            "path": "/Incidents"
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response": [
+                          "Succeeded"
+                        ]
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "equals": [
+                              "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['submitActionId']",
+                              "Change incident configuration"
+                            ]
+                          },
+                          {
+                            "not": {
+                              "equals": [
+                                "@triggerBody()?['IncidentArmID']",
+                                "@null"
+                              ]
+                            }
+                          }
+                        ]
+                      },
+                      "type": "If",
+                      "description": "This decides the action taken on the summarized adaptive card"
+                    },
+                    "Condition_based_on_user_inputs_from_the_adaptive_card": {
+                      "actions": {
+                        "Condition__to_check_if_user_chosen_Block": {
                           "actions": {
-                            "Condition": {
-                              "actions": {
-                                "Add_comment_to_incident_(V3)": {
-                                  "runAfter": {
-                                    "Create_blob_(V2)": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "ApiConnection",
-                                  "inputs": {
-                                    "body": {
-                                      "incidentArmId": "@triggerBody()?['object']?['id']",
-                                      "message": "<p>@{body('Create_blob_(V2)')?['Path']}</p>"
-                                    },
-                                    "host": {
-                                      "connection": {
-                                        "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                      }
-                                    },
-                                    "method": "post",
-                                    "path": "/Incidents/Comment"
+                            "Create_an_address_object": {
+                              "type": "ApiConnection",
+                              "inputs": {
+                                "body": {
+                                  "entry": {
+                                    "@@name": "@triggerBody()?['Entity']?['properties']?['Url']",
+                                    "description": "@triggerBody()?['Entity']?['properties']?['Url']",
+                                    "fqdn": "@triggerBody()?['Entity']?['properties']?['Url']"
                                   }
                                 },
-                                "Create_blob_(V2)": {
-                                  "type": "ApiConnection",
-                                  "inputs": {
-                                    "body": "\"@{body('Query_Palo_Alto_XML_API')}\"",
-                                    "headers": {
-                                      "ReadFileMetadataFromServer": true
-                                    },
-                                    "host": {
-                                      "connection": {
-                                        "name": "@parameters('$connections')['azureblob']['connectionId']"
-                                      }
-                                    },
-                                    "method": "post",
-                                    "path": "/v2/datasets/@{encodeURIComponent(encodeURIComponent(parameters('Storage Name')))}/files",
-                                    "queries": {
-                                      "folderPath": "/@{parameters('Container Name')}",
-                                      "name": "@{concat('paloalto',string(items('For_each')['pcap_id']),string(items('For_each')['time_1']), '.pcap')}",
-                                      "queryParametersSingleEncoded": true
-                                    }
-                                  },
-                                  "runtimeConfiguration": {
-                                    "contentTransfer": {
-                                      "transferMode": "Chunked"
-                                    }
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
                                   }
+                                },
+                                "method": "post",
+                                "path": "/restapi/v10.0/Objects/Addresses",
+                                "queries": {
+                                  "address type": "fqdn",
+                                  "location": "vsys",
+                                  "name": "@triggerBody()?['Entity']?['properties']?['Url']",
+                                  "vsys": "vsys1"
                                 }
                               },
-                              "runAfter": {
-                                "Query_Palo_Alto_XML_API": [
-                                  "Succeeded"
+                              "description": "This creates a new address object for the malicious URL"
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "equals": [
+                                  "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']",
+                                  "Block URL ( add to @{outputs('Configured_address_group')} address group )"
                                 ]
                               },
+                              {
+                                "equals": [
+                                  "@length(body('Filter_array_of_URL_address_from_list_of_address_objects'))",
+                                  0
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If",
+                          "description": "This check if user chooses Block URL"
+                        },
+                        "Condition_to_check_the_edit_an_address_object_group_status": {
+                          "actions": {
+                            "Condition_to_check_the_action_of_adaptive_card_to_set_the_action_summary": {
+                              "actions": {
+                                "Append_success_status_Blocked_URL_status_to_summary_card": {
+                                  "type": "AppendToArrayVariable",
+                                  "inputs": {
+                                    "name": "URLAddressAction",
+                                    "value": "URL Address : @{triggerBody()?['Entity']?['properties']?['Url']} ,  Action Taken :  Blocked  by               \n                       adding to @{outputs('Configured_address_group')}  ,  Status  :  Success"
+                                  },
+                                  "description": "append action taken to summarize on the adaptive card"
+                                }
+                              },
                               "else": {
                                 "actions": {
-                                  "Add_comment_to_incident_(V3)_3": {
-                                    "type": "ApiConnection",
+                                  "Append_success_status_UnBlocked_URL_status_to_summary_card": {
+                                    "type": "AppendToArrayVariable",
                                     "inputs": {
-                                      "body": {
-                                        "incidentArmId": "@triggerBody()?['object']?['id']",
-                                        "message": "<p>Playbook execution failed with error :<br>\nFor more details : please check Playbook run history .</p>"
-                                      },
-                                      "host": {
-                                        "connection": {
-                                          "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                        }
-                                      },
-                                      "method": "post",
-                                      "path": "/Incidents/Comment"
-                                    }
+                                      "name": "URLAddressAction",
+                                      "value": "URL Address : @{triggerBody()?['Entity']?['properties']?['Url']} ,  Action Taken :  UnBlocked  by               \n                       adding to @{outputs('Configured_address_group')}  ,  Status  :  Success"
+                                    },
+                                    "description": "append action taken to summarize on the adaptive card"
                                   }
                                 }
                               },
                               "expression": {
                                 "and": [
                                   {
-                                    "not": {
-                                      "contains": [
-                                        "@string(body('Query_Palo_Alto_XML_API'))",
-                                        "'status'"
-                                      ]
-                                    }
-                                  },
-                                  {
-                                    "not": {
-                                      "contains": [
-                                        "@string(body('Query_Palo_Alto_XML_API'))",
-                                        "error"
-                                      ]
-                                    }
-                                  },
-                                  {
-                                    "not": {
-                                      "contains": [
-                                        "@string(body('Query_Palo_Alto_XML_API'))",
-                                        "invalid"
-                                      ]
-                                    }
+                                    "equals": [
+                                      "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']",
+                                      "Block URL ( add to @{outputs('Configured_address_group')} address group )"
+                                    ]
                                   }
                                 ]
                               },
                               "type": "If"
-                            },
-                            "Query_Palo_Alto_XML_API": {
-                              "type": "ApiConnection",
-                              "inputs": {
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['paloaltoconnector']['connectionId']"
-                                  }
-                                },
-                                "method": "get",
-                                "path": "/api/",
-                                "queries": {
-                                  "category": "threat-pcap",
-                                  "device_name": "@items('For_each')['Computer']",
-                                  "pcap-id": "@items('For_each')['pcap_id']",
-                                  "search-time": "@items('For_each')['event_time']",
-                                  "sessionid": "@items('For_each')['sessionid']",
-                                  "type": "export"
-                                }
-                              }
                             }
                           },
+                          "runAfter": {
+                            "Update_an_address_object_group": [
+                              "Succeeded"
+                            ]
+                          },
                           "else": {
                             "actions": {
-                              "Add_comment_to_incident_(V3)_2": {
-                                "type": "ApiConnection",
+                              "Append_failure_status_to_summary_card": {
+                                "type": "AppendToArrayVariable",
                                 "inputs": {
-                                  "body": {
-                                    "incidentArmId": "@triggerBody()?['object']?['id']",
-                                    "message": "<p>Kindly provided the properly mapped fields in query result :<br>\n<br>\nReference :<br>\n\"TimeGenerated\": \"2023-05-29T11:28:42.6809438Z\",<br>\n\"Computer\": \"trustedwindows\",<br>\n\"pcap_id\": \"2343hjh234\",<br>\n\"sessionid\": \"87yujh67\",<br>\n\"event_time\": \"2023/28/29 11:28:42\"<br>\n</p>"
-                                  },
-                                  "host": {
-                                    "connection": {
-                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                    }
-                                  },
-                                  "method": "post",
-                                  "path": "/Incidents/Comment"
-                                }
+                                  "name": "URLAddressAction",
+                                  "value": "URL Address : @{triggerBody()?['Entity']?['properties']?['Url']}  ,  Action Taken :  @{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']} ,  Status :  Failure"
+                                },
+                                "description": "append action taken to summarize on the adaptive card"
                               }
                             }
                           },
                           "expression": {
                             "and": [
                               {
-                                "not": {
-                                  "equals": [
-                                    "@items('For_each')['pcap_id']",
-                                    "@null"
-                                  ]
-                                }
-                              },
-                              {
-                                "not": {
-                                  "equals": [
-                                    "@items('For_each')['pcap_id']",
-                                    0
-                                  ]
-                                }
+                                "equals": [
+                                  "@body('Update_an_address_object_group')?['@status']",
+                                  "success"
+                                ]
                               }
                             ]
                           },
                           "type": "If"
-                        }
-                      },
-                      "runAfter": {
-                        "Parse_JSON_-_Result_of_Run_query": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Foreach"
-                    },
-                    "Parse_JSON_-_Result_of_Run_query": {
-                      "runAfter": {
-                        "Run_query_and_list_results": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ParseJson",
-                      "inputs": {
-                        "content": "@body('Run_query_and_list_results')?['value']",
-                        "schema": {
-                          "items": {
-                            "properties": {
-                              "Computer": {
-                                "type": "string"
-                              },
-                              "TimeGenerated": {
-                                "type": "string"
-                              },
-                              "event_time": {
-                                "type": "string"
-                              },
-                              "pcap_id": {
-                                "type": "string"
-                              },
-                              "sessionid": {
-                                "type": "string"
+                        },
+                        "Update_an_address_object_group": {
+                          "runAfter": {
+                            "Condition__to_check_if_user_chosen_Block": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "entry": [
+                                {
+                                  "@@name": "@parameters('Address Group')",
+                                  "static": {
+                                    "member": "@{variables('AddressGroupMembers')}"
+                                  }
+                                }
+                              ]
+                            },
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
                               }
                             },
-                            "required": [
-                              "TimeGenerated",
-                              "Computer",
-                              "pcap_id",
-                              "sessionid",
-                              "event_time"
-                            ],
-                            "type": "object"
+                            "method": "put",
+                            "path": "/restapi/v10.0/Objects/AddressGroups",
+                            "queries": {
+                              "location": "vsys",
+                              "name": "@parameters('Address Group')",
+                              "vsys": "vsys1"
+                            }
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3": [
+                          "Succeeded"
+                        ]
+                      },
+                      "else": {
+                        "actions": {
+                          "Append_to_array_variable_URL_address_action_chosen": {
+                            "type": "AppendToArrayVariable",
+                            "inputs": {
+                              "name": "URLAddressAction",
+                              "value": "URL Address : @{triggerBody()?['Entity']?['properties']?['Url']},  Action Taken :  @{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']} ,  Status :  Success                                               "
+                            },
+                            "description": "This appends the action taken on URL to the list of existing actions"
+                          }
+                        }
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "not": {
+                              "equals": [
+                                "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']",
+                                "Ignore"
+                              ]
+                            }
+                          }
+                        ]
+                      },
+                      "type": "If",
+                      "description": "condition to check the submit action is block / unblock or Ignore"
+                    },
+                    "Condition_to_check_if_URL_address_already_present_in_list_of_address_objects": {
+                      "actions": {
+                        "Condition_to_check_if_URL_already_present_in_predefined_address_group": {
+                          "actions": {
+                            "Append_address_group_text": {
+                              "type": "AppendToArrayVariable",
+                              "inputs": {
+                                "name": "AdaptiveCardBody",
+                                "value": {
+                                  "text": "The URL @{triggerBody()?['Entity']?['properties']?['Url']}  is already a member of the blocked address group @{outputs('Configured_address_group')}",
+                                  "type": "TextBlock",
+                                  "wrap": true
+                                }
+                              },
+                              "description": "append address group text to adaptive card dynamically"
+                            },
+                            "Filter_array_URL_address_from_the_list_of_address_objects_to_unreference": {
+                              "runAfter": {
+                                "Set_dynamic_action_name": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "Query",
+                              "inputs": {
+                                "from": "@variables('AddressGroupMembers')",
+                                "where": "@not(equals(item(), triggerBody()?['Entity']?['properties']?['Url']))"
+                              },
+                              "description": "This filters the URL address from predefined address group to unreference/unblock URL"
+                            },
+                            "Set_dynamic_action_name": {
+                              "runAfter": {
+                                "Append_address_group_text": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "ActionName",
+                                "value": "UnBlock URL"
+                              },
+                              "description": "variable to set action name dynamically"
+                            },
+                            "unreference_URL_address_from_the_existing_group_members": {
+                              "runAfter": {
+                                "Filter_array_URL_address_from_the_list_of_address_objects_to_unreference": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "AddressGroupMembers",
+                                "value": "@body('Filter_array_URL_address_from_the_list_of_address_objects_to_unreference')"
+                              },
+                              "description": "unreference URL address from the group members and update"
+                            }
                           },
-                          "type": "array"
+                          "else": {
+                            "actions": {
+                              "Append_URL_address_to_the_address_group_members": {
+                                "runAfter": {
+                                  "Append_address_group_text_to_adaptive_card_body": [
+                                    "Succeeded"
+                                  ]
+                                },
+                                "type": "AppendToArrayVariable",
+                                "inputs": {
+                                  "name": "AddressGroupMembers",
+                                  "value": "@triggerBody()?['Entity']?['properties']?['Url']"
+                                },
+                                "description": "append URL address to the address group members"
+                              },
+                              "Append_address_group_text_to_adaptive_card_body": {
+                                "type": "AppendToArrayVariable",
+                                "inputs": {
+                                  "name": "AdaptiveCardBody",
+                                  "value": {
+                                    "text": "The URL @{triggerBody()?['Entity']?['properties']?['Url']}  is not a member of the blocked address group @{outputs('Configured_address_group')}",
+                                    "type": "TextBlock",
+                                    "wrap": true
+                                  }
+                                },
+                                "description": "append address group text to adaptive card dynamically"
+                              },
+                              "Set_dynamic_action_name_to_variable_Action_name": {
+                                "runAfter": {
+                                  "Append_URL_address_to_the_address_group_members": [
+                                    "Succeeded"
+                                  ]
+                                },
+                                "type": "SetVariable",
+                                "inputs": {
+                                  "name": "ActionName",
+                                  "value": "Block URL"
+                                },
+                                "description": "set action name dynamically"
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "contains": [
+                                  "@variables('AddressGroupMembers')",
+                                  "@triggerBody()?['Entity']?['properties']?['Url']"
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If",
+                          "description": "condition to check the malicious URL address is present in the predefined address group and the URL is part of static member"
+                        }
+                      },
+                      "runAfter": {
+                        "Condition_to_check_if_the_URL_is_a_part_of_security_policy_rules": [
+                          "Succeeded"
+                        ]
+                      },
+                      "else": {
+                        "actions": {
+                          "Append_URL_to_array_of_address_group_members": {
+                            "runAfter": {
+                              "Append_to_array_variable_text_if_URL_is_not_a_member_of_blocked_address_group": [
+                                "Succeeded"
+                              ]
+                            },
+                            "type": "AppendToArrayVariable",
+                            "inputs": {
+                              "name": "AddressGroupMembers",
+                              "value": "@triggerBody()?['Entity']?['properties']?['Url']"
+                            },
+                            "description": "append the Malicious URL address to the existing group members to block / unblock from the predefined address group"
+                          },
+                          "Append_to_array_variable_text_if_URL_is_not_a_member_of_blocked_address_group": {
+                            "type": "AppendToArrayVariable",
+                            "inputs": {
+                              "name": "AdaptiveCardBody",
+                              "value": {
+                                "text": "The URL @{triggerBody()?['Entity']?['properties']?['Url']}  is not a member of the blocked address group @{outputs('Configured_address_group')}",
+                                "type": "TextBlock",
+                                "wrap": true
+                              }
+                            },
+                            "description": "This appends the text to display If URL is not a member of security policy rules"
+                          },
+                          "Set_variable_to_Block_URL": {
+                            "runAfter": {
+                              "Append_URL_to_array_of_address_group_members": [
+                                "Succeeded"
+                              ]
+                            },
+                            "type": "SetVariable",
+                            "inputs": {
+                              "name": "ActionName",
+                              "value": "Block URL"
+                            },
+                            "description": "This sets the variable block URL"
+                          }
+                        }
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "greater": [
+                              "@length(body('Filter_array_of_URL_address_from_list_of_address_objects'))",
+                              0
+                            ]
+                          }
+                        ]
+                      },
+                      "type": "If",
+                      "description": "This checks if URL is a member of any of the list of address objects"
+                    },
+                    "Condition_to_check_if_the_URL_is_a_part_of_security_policy_rules": {
+                      "actions": {
+                        "Append_policy_text": {
+                          "type": "AppendToArrayVariable",
+                          "inputs": {
+                            "name": "AdaptiveCardBody",
+                            "value": {
+                              "text": "It is also member of the following security policy rules",
+                              "type": "TextBlock"
+                            }
+                          },
+                          "description": "dynamic policy text based on security policies"
+                        },
+                        "Append_security_policies": {
+                          "runAfter": {
+                            "Append_policy_text": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "AppendToArrayVariable",
+                          "inputs": {
+                            "name": "AdaptiveCardBody",
+                            "value": {
+                              "columns": [
+                                {
+                                  "items": "@body('Select_security_policy_rules')",
+                                  "type": "Column"
+                                }
+                              ],
+                              "type": "ColumnSet"
+                            }
+                          },
+                          "description": "append security policies which the URL address is exist"
+                        }
+                      },
+                      "runAfter": {
+                        "Select_security_policy_rules": [
+                          "Succeeded"
+                        ]
+                      },
+                      "else": {
+                        "actions": {
+                          "Append_policy_text_to_adaptive_card_body_variable": {
+                            "type": "AppendToArrayVariable",
+                            "inputs": {
+                              "name": "AdaptiveCardBody",
+                              "value": {
+                                "text": "It is not a member of any other Policy Rules",
+                                "type": "TextBlock"
+                              }
+                            },
+                            "description": "dynamic policy text based on security policies"
+                          },
+                          "Append_security_policies_to_adaptive_card_body_variable": {
+                            "runAfter": {
+                              "Append_policy_text_to_adaptive_card_body_variable": [
+                                "Succeeded"
+                              ]
+                            },
+                            "type": "AppendToArrayVariable",
+                            "inputs": {
+                              "name": "AdaptiveCardBody"
+                            },
+                            "description": "append security policies which the URL address is exist"
+                          }
+                        }
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "greater": [
+                              "@length(body('Select_security_policy_rules'))",
+                              0
+                            ]
+                          }
+                        ]
+                      },
+                      "type": "If",
+                      "description": "condition to check if the URL address is present in the existing security policy rules to conditionally apply the policy text and security policy rules"
+                    },
+                    "Configured_address_group": {
+                      "runAfter": {
+                        "Set_variable_address_group_members": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Compose",
+                      "inputs": "@body('List_address_groups')?['result']?['entry']?[0]?['@name']",
+                      "description": "compose predefined address group"
+                    },
+                    "Filter_array_URL_from_list_of_security_rules": {
+                      "runAfter": {
+                        "Configured_address_group": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Query",
+                      "inputs": {
+                        "from": "@body('List_security_rules')?['result']?['entry']",
+                        "where": "@contains(item()?['destination']?['member'], triggerBody()?['Entity']?['properties']?['Url'])"
+                      },
+                      "description": "This filters all the security rules in which this URL is a member"
+                    },
+                    "Filter_array_of_URL_address_from_list_of_address_objects": {
+                      "runAfter": {
+                        "Set_variable_adaptive_card_body": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Query",
+                      "inputs": {
+                        "from": "@body('List_address_objects')?['result']?['entry']",
+                        "where": "@equals(item()?['fqdn'], triggerBody()?['Entity']?['properties']?['Url'])"
+                      },
+                      "description": "This filters the list of address objects in which this URL is a member "
+                    },
+                    "Initialize_variable_URL_address_action": {
+                      "runAfter": {
+                        "Initialize_variable_address_group_members": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "URLAddressAction",
+                            "type": "array"
+                          }
+                        ]
+                      },
+                      "description": "This holds the action taken on each URL "
+                    },
+                    "Initialize_variable_action_name": {
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "ActionName",
+                            "type": "string"
+                          }
+                        ]
+                      },
+                      "description": "variable to store action name to be displayed on adaptive card"
+                    },
+                    "Initialize_variable_adaptive_card_body": {
+                      "runAfter": {
+                        "Initialize_variable_action_name": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "AdaptiveCardBody",
+                            "type": "array"
+                          }
+                        ]
+                      },
+                      "description": "variable to store adaptive card body json"
+                    },
+                    "Initialize_variable_address_group_members": {
+                      "runAfter": {
+                        "Initialize_variable_adaptive_card_body": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "AddressGroupMembers",
+                            "type": "array"
+                          }
+                        ]
+                      },
+                      "description": "variable to store the list of address group members"
+                    },
+                    "List_address_groups": {
+                      "runAfter": {
+                        "Filter_array_of_URL_address_from_list_of_address_objects": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
+                          }
+                        },
+                        "method": "get",
+                        "path": "/restapi/v10.0/Objects/AddressGroups",
+                        "queries": {
+                          "location": "vsys",
+                          "name": "urladdress",
+                          "vsys": "vsys1"
+                        }
+                      },
+                      "description": "This gets complete list of address object groups present in the PAN-OS"
+                    },
+                    "List_address_objects": {
+                      "runAfter": {
+                        "Initialize_variable_URL_address_action": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
+                          }
+                        },
+                        "method": "get",
+                        "path": "/restapi/v10.0/Objects/Addresses",
+                        "queries": {
+                          "location": "vsys",
+                          "vsys": "vsys1"
+                        }
+                      },
+                      "description": "This gets complete list of address object present in the PAN-OS"
+                    },
+                    "List_security_rules": {
+                      "runAfter": {
+                        "List_address_objects": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
+                          }
+                        },
+                        "method": "get",
+                        "path": "/restapi/v10.0/Policies/SecurityRules",
+                        "queries": {
+                          "location": "vsys",
+                          "vsys": "vsys1"
+                        }
+                      },
+                      "description": "This gets complete list of security policy rules present in the PAN-OS"
+                    },
+                    "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response": {
+                      "runAfter": {
+                        "Set_variable_actions_on_URL_to_be_displayed_on_adaptive_card": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "body": {
+                            "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on URL's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_URL_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No :   \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident]()\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Microsoft Sentinel incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Microsoft Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n  {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
+                            "recipient": {
+                              "channelId": "@parameters('Teams channel Id')"
+                            },
+                            "shouldUpdateCard": true
+                          },
+                          "notificationUrl": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['teams']['connectionId']"
+                          }
+                        },
+                        "path": "/flowbot/actions/flowcontinuation/recipienttypes/channel/$subscriptions",
+                        "queries": {
+                          "groupId": "@parameters('Teams Group Id')"
                         }
                       }
                     },
-                    "Run_query_and_list_results": {
-                      "type": "ApiConnection",
+                    "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3": {
+                      "runAfter": {
+                        "Condition_to_check_if_URL_address_already_present_in_list_of_address_objects": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnectionWebhook",
                       "inputs": {
-                        "body": "@{triggerBody()?['object']?['properties']?['alerts']?[0]?['properties']?['additionalData']?['Query']}\n| limit 10",
+                        "body": {
+                          "body": {
+                            "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\":@{variables('AdaptiveCardBody')} ,\n     \"actions\": [\n  {\n    \"title\": \"@{variables('ActionName')} ( add to @{outputs('Configured_address_group')} address group )\",\n    \"type\": \"Action.Submit\"\n  },\n  {\n    \"title\": \"Ignore\",\n    \"type\": \"Action.Submit\"\n  }\n],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
+                            "recipient": {
+                              "channelId": "@parameters('Teams channel Id')"
+                            },
+                            "shouldUpdateCard": true
+                          },
+                          "notificationUrl": "@{listCallbackUrl()}"
+                        },
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['azuremonitorlogs']['connectionId']"
+                            "name": "@parameters('$connections')['teams']['connectionId']"
                           }
                         },
-                        "method": "post",
-                        "path": "/queryData",
+                        "path": "/flowbot/actions/flowcontinuation/recipienttypes/channel/$subscriptions",
                         "queries": {
-                          "resourcegroups": "@parameters('LogAnalyticsResourceGroup')",
-                          "resourcename": "@parameters('LogAnalyticsResourceName')",
-                          "resourcetype": "Log Analytics Workspace",
-                          "subscriptions": "f70efef4-6505-4727-acd8-9d0b3bc0b80e",
-                          "timerange": "Set in query"
+                          "groupId": "@parameters('Teams Group Id')"
                         }
                       }
+                    },
+                    "Select_security_policy_rules": {
+                      "runAfter": {
+                        "Filter_array_URL_from_list_of_security_rules": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Select",
+                      "inputs": {
+                        "from": "@body('Filter_array_URL_from_list_of_security_rules')",
+                        "select": {
+                          "text": " @{item()?['@name']}, action :  @{item()?['action']}",
+                          "type": "TextBlock",
+                          "weight": "bolder"
+                        }
+                      },
+                      "description": "prepare columns list to show the security policy rules in the adaptive card if URL address is present"
+                    },
+                    "Set_variable_actions_on_URL_to_be_displayed_on_adaptive_card": {
+                      "runAfter": {
+                        "Condition_based_on_user_inputs_from_the_adaptive_card": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Select",
+                      "inputs": {
+                        "from": "@variables('URLAddressAction')",
+                        "select": {
+                          "text": "@item()",
+                          "type": "TextBlock"
+                        }
+                      },
+                      "description": "This is used to compose the list of actions taken by SOC on respective URL addresses"
+                    },
+                    "Set_variable_adaptive_card_body": {
+                      "runAfter": {
+                        "List_security_rules": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "SetVariable",
+                      "inputs": {
+                        "name": "AdaptiveCardBody",
+                        "value": [
+                          {
+                            "size": "Large",
+                            "text": "Suspicious URL - Microsoft Sentinel",
+                            "type": "TextBlock",
+                            "weight": "Bolder",
+                            "wrap": true
+                          },
+                          {
+                            "text": "Possible Comprised URL @{triggerBody()?['Entity']?['properties']?['Url']} detected by the provider : ",
+                            "type": "TextBlock",
+                            "wrap": true
+                          },
+                          {
+                            "text": "  Incident  ",
+                            "type": "TextBlock",
+                            "weight": "Bolder",
+                            "wrap": true
+                          },
+                          {
+                            "text": " Incident No :   ",
+                            "type": "TextBlock",
+                            "weight": "Bolder",
+                            "wrap": true
+                          },
+                          {
+                            "text": "Incident description",
+                            "type": "TextBlock",
+                            "weight": "Bolder",
+                            "wrap": true
+                          },
+                          {
+                            "text": "[variables('blanks')]",
+                            "type": "TextBlock",
+                            "wrap": true
+                          },
+                          {
+                            "text": "[[[[Click here to view the Incident]()",
+                            "type": "TextBlock",
+                            "wrap": true
+                          },
+                          {
+                            "size": "Medium",
+                            "text": "Response in PAN-OS",
+                            "type": "TextBlock",
+                            "weight": "Bolder"
+                          },
+                          {
+                            "size": "Small",
+                            "style": "Person",
+                            "type": "Image",
+                            "url": "https://avatars2.githubusercontent.com/u/4855743?s=280&v=4"
+                          }
+                        ]
+                      },
+                      "description": "variable to hold adaptive card body"
+                    },
+                    "Set_variable_address_group_members": {
+                      "runAfter": {
+                        "List_address_groups": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "SetVariable",
+                      "inputs": {
+                        "name": "AddressGroupMembers",
+                        "value": "@body('List_address_groups')?['result']?['entry']?[0]?['static']?['member']"
+                      },
+                      "description": "assign list of address group members"
                     }
                   }
                 },
                 "parameters": {
                   "$connections": {
                     "value": {
-                      "azureblob": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureblobConnectionName'))]",
-                        "connectionName": "[[variables('AzureblobConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azureblob')]"
-                      },
-                      "azuremonitorlogs": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzuremonitorlogsConnectionName'))]",
-                        "connectionName": "[[variables('AzuremonitorlogsConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuremonitorlogs')]"
+                      "PaloAltoConnector": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]",
+                        "connectionName": "[[variables('PaloaltoconnectorConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]"
                       },
                       "azuresentinel": {
                         "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
@@ -8433,10 +8234,10 @@
                           }
                         }
                       },
-                      "paloaltoconnector": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]",
-                        "connectionName": "[[variables('PaloaltoconnectorConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]"
+                      "teams": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('TeamsConnectionName'))]",
+                        "connectionName": "[[variables('TeamsConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Teams')]"
                       }
                     }
                   }
@@ -8449,44 +8250,30 @@
                 "type": "SystemAssigned"
               },
               "tags": {
-                "hidden-SentinelTemplateName": "PaloAlto-PAN-OS-GetThreatPcap",
+                "hidden-SentinelTemplateName": "PaloAlto-PAN-OS-BlockURL-EntityTrigger",
                 "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
               "apiVersion": "2017-07-01",
               "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('AzureblobConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('AzuremonitorlogsConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]",
                 "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]"
+                "[[resourceId('Microsoft.Web/connections', variables('TeamsConnectionName'))]"
               ]
             },
             {
               "type": "Microsoft.Web/connections",
               "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureblobConnectionName')]",
+              "name": "[[variables('PaloaltoconnectorConnectionName')]",
               "location": "[[variables('workspace-location-inline')]",
               "kind": "V1",
               "properties": {
-                "displayName": "[[variables('AzureblobConnectionName')]",
+                "displayName": "[[variables('PaloaltoconnectorConnectionName')]",
                 "api": {
                   "id": "[[variables('_connection-2')]"
                 }
               }
             },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('AzuremonitorlogsConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('AzuremonitorlogsConnectionName')]",
-                "api": {
-                  "id": "[[variables('_connection-3')]"
-                }
-              }
-            },
             {
               "type": "Microsoft.Web/connections",
               "apiVersion": "2016-06-01",
@@ -8497,20 +8284,20 @@
                 "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
                 "parameterValueType": "Alternative",
                 "api": {
-                  "id": "[[variables('_connection-4')]"
+                  "id": "[[variables('_connection-3')]"
                 }
               }
             },
             {
               "type": "Microsoft.Web/connections",
               "apiVersion": "2016-06-01",
-              "name": "[[variables('PaloaltoconnectorConnectionName')]",
+              "name": "[[variables('TeamsConnectionName')]",
               "location": "[[variables('workspace-location-inline')]",
               "kind": "V1",
               "properties": {
-                "displayName": "[[variables('PaloaltoconnectorConnectionName')]",
+                "displayName": "[[variables('TeamsConnectionName')]",
                 "api": {
-                  "id": "[[variables('_connection-5')]"
+                  "id": "[[variables('_connection-4')]"
                 }
               }
             },
@@ -8542,8 +8329,8 @@
                   "criteria": [
                     {
                       "kind": "LogicAppsCustomConnector",
-                      "contentId": "[variables('_PaloAlto_PAN-OS_XML_API_CustomConnector')]",
-                      "version": "[variables('playbookVersion2')]"
+                      "contentId": "[variables('_PaloAlto_PAN-OS_Rest_API_CustomConnector')]",
+                      "version": "[variables('playbookVersion1')]"
                     }
                   ]
                 }
@@ -8551,24 +8338,22 @@
             }
           ],
           "metadata": {
-            "title": "Get Threat PCAP - Palo Alto PAN-OS XML API",
-            "description": "This playbook allows us to get a threat PCAP for a given PCAP ID.",
-            "mainSteps": [
-              "When a new Sentinel incident is created, this playbook gets triggered and performs below actions: \n\n 1. Gets the various parameters from the alert \n\n 2. Gets the PCAP from the device. \n\n 3. Puts the PCAP in Blob Storage \n\n 4. Creates a Sentinel Incident and updates it with a link to the blob."
-            ],
+            "comments": "This playbook uses the PaloAlto connector to take necessary actions on URL address like Block URL/Unblock URL from predefined address group and also gives an option to close the incident.",
+            "title": "PaloAlto-PAN-OS-BlockURL-EntityTrigger",
+            "description": "This playbook allows blocking/unblocking URLs in PaloAlto, using **predefined address group**. This allows to make changes on predefined address group, which is attached to security policy rule.",
             "prerequisites": [
-              "1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key.[Refer this link on how to generate the API Key](https://paloaltolactest.trafficmanager.net/restapi-doc/#tag/key-generation) \n\n 3. This playbook only works for Palo Alto incidents with a threat PCAP where the PCAP ID is not null or zero."
+              "1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key.[Refer this link on how to generate the API Key](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key) \n\n 3. Address group should be created for PAN-OS and this should be used while creating playbooks."
             ],
-            "lastUpdateTime": "2022-07-25T00:00:00Z",
+            "lastUpdateTime": "2023-05-30T00:00:00Z",
             "entities": [
-              "hostname"
+              "Url"
             ],
             "tags": [
-              "Enrichment",
+              "Remediation",
               "Response from teams"
             ],
             "postDeployment": [
-              "** a. Authorize connections ** Once deployment is complete, you will need to authorize each connection. \n\n 1. Click the Microsoft Sentinel connection resource \n\n 2. Click edit API connection \n\n 3. Click Authorize \n\n 4. Sign in \n\n 5. Click Save \n\n 6. Repeat steps for other connections such as Blob Store connection and PAN-OS API connection (For authorizing the PAN-OS API connection, API Key needs to be provided) \n\n ** b. Configurations in Sentinel ** 1. In Microsoft sentinel analytical rules should be configured to trigger an incident with risky IP \n\n 2. Configure the automation rules to trigger this playbook"
+              "**a. Authorize connections** \n\n Once deployment is complete, you will need to authorize each connection. \n\n 1. Click the Microsoft Sentinel connection resource \n\n 2. Click edit API connection \n\n 3. Click Authorize \n\n 4. Sign in \n\n 5. Click Save \n\n 6. Repeat steps for other connection such as Teams connection and PAN-OS API connection (For authorizing the PAN-OS API connection, API Key needs to be provided) \n\n **b. Configurations in Sentinel** \n\n 1. In Microsoft sentinel analytical rules should be configured to trigger an incident with risky URL \n\n 2. Configure the automation rules to trigger this playbook"
             ],
             "releaseNotes": {
               "version": "1.0",
@@ -8586,7 +8371,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('_playbookContentId8')]",
         "contentKind": "Playbook",
-        "displayName": "PaloAlto-PAN-OS-GetThreatPcap",
+        "displayName": "PaloAlto-PAN-OS-BlockURL-EntityTrigger",
         "contentProductId": "[variables('_playbookcontentProductId8')]",
         "id": "[variables('_playbookcontentProductId8')]",
         "version": "[variables('playbookVersion8')]"
@@ -8601,15 +8386,33 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PaloAlto-PAN-OS-GetURLCategoryInfo Playbook with template version 3.0.0",
+        "description": "PaloAlto-PAN-OS-BlockIP-EntityTrigger Playbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion9')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "PaloAlto-PAN-OS-GetURLCategoryInfo",
+              "defaultValue": "PaloAlto-PAN-OS-BlockIP-EntityTrigger",
               "type": "string"
             },
+            "Address Group": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Address Group"
+              }
+            },
+            "Teams Group Id": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Teams Group Id"
+              }
+            },
+            "Teams channel Id": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Teams channel Id"
+              }
+            },
             "CustomConnectorName": {
               "defaultValue": "PAN-OSRestApiCustomConnector",
               "type": "string",
@@ -8619,12 +8422,15 @@
             }
           },
           "variables": {
-            "PAN-OsrestapicustomconnectorConnectionName": "[[concat('PAN-Osrestapicustomconnector-', parameters('PlaybookName'))]",
+            "PaloaltoconnectorConnectionName": "[[concat('Paloaltoconnector-', parameters('PlaybookName'))]",
             "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "TeamsConnectionName": "[[concat('Teams-', parameters('PlaybookName'))]",
             "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]",
             "_connection-2": "[[variables('connection-2')]",
             "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
             "_connection-3": "[[variables('connection-3')]",
+            "connection-4": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Teams')]",
+            "_connection-4": "[[variables('connection-4')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
             "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
@@ -8640,10 +8446,22 @@
                   "parameters": {
                     "$connections": {
                       "type": "Object"
+                    },
+                    "Address Group": {
+                      "type": "string",
+                      "defaultValue": "[[parameters('Address Group')]"
+                    },
+                    "Teams Group Id": {
+                      "type": "string",
+                      "defaultValue": "[[parameters('Teams Group Id')]"
+                    },
+                    "Teams channel Id": {
+                      "type": "string",
+                      "defaultValue": "[[parameters('Teams channel Id')]"
                     }
                   },
                   "triggers": {
-                    "When_Azure_Sentinel_incident_creation_rule_was_triggered_(Private_Preview_only)": {
+                    "Microsoft_Sentinel_entity": {
                       "type": "ApiConnectionWebhook",
                       "inputs": {
                         "body": {
@@ -8654,145 +8472,162 @@
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/incident-creation"
+                        "path": "/entity/@{encodeURIComponent('IP')}"
                       }
                     }
                   },
                   "actions": {
-                    "Add_comment_to_incident_(V3)_2": {
-                      "runAfter": {
-                        "Create_HTML_table_of_matched_custom_URL_category": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "body": {
-                          "incidentArmId": "@triggerBody()?['object']?['id']",
-                          "message": "<p>@{body('Create_HTML_table_of_matched_custom_URL_category')}<br>\n<br>\n@{body('Create_HTML_table_of_matched_address_objects')}<br>\n<br>\n<br>\n<br>\n</p>"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "method": "post",
-                        "path": "/Incidents/Comment"
-                      }
-                    },
-                    "Create_HTML_table_of_matched_address_objects": {
-                      "runAfter": {
-                        "For_each_-_collecting_urls_from_custom_URL_category": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Table",
-                      "inputs": {
-                        "format": "HTML",
-                        "from": "@variables('result')"
-                      }
-                    },
-                    "Create_HTML_table_of_matched_custom_URL_category": {
-                      "runAfter": {
-                        "Create_HTML_table_of_matched_address_objects": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Table",
-                      "inputs": {
-                        "format": "HTML",
-                        "from": "@variables('result1')"
-                      }
-                    },
-                    "Entities_-_Get_URLs": {
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "method": "post",
-                        "path": "/entities/url"
-                      }
-                    },
-                    "For_each_-_collecting_URL_from_address_objects": {
-                      "foreach": "@body('List_address_objects')?['result']?['entry']",
+                    "Condition_based_on_the_incident_configuration_from_adaptive_card": {
                       "actions": {
-                        "Condition_-_to_filter_fqdn_only": {
+                        "Add_comment_to_incident_(V3)": {
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
+                              "message": "<p>PAN-OS Playbook ran and performed the following actions:<br>\n@{variables('IPAddressAction')}<br>\n<br>\n<br>\n<br>\nActions taken on Sentinel : Add comment to incident and closure with classification reason &nbsp;@{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['data']['incidentStatus']}</p>"
+                            },
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                              }
+                            },
+                            "method": "post",
+                            "path": "/Incidents/Comment"
+                          }
+                        },
+                        "Update_incident": {
+                          "runAfter": {
+                            "Add_comment_to_incident_(V3)": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "classification": {
+                                "ClassificationAndReason": "@{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['data']['incidentStatus']}"
+                              },
+                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
+                              "severity": "@{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['data']['incidentSeverity']}",
+                              "status": "Closed"
+                            },
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                              }
+                            },
+                            "method": "put",
+                            "path": "/Incidents"
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response": [
+                          "Succeeded"
+                        ]
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "equals": [
+                              "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response')['submitActionId']",
+                              "Change incident configuration"
+                            ]
+                          },
+                          {
+                            "not": {
+                              "equals": [
+                                "@triggerBody()?['IncidentArmID']",
+                                "@null"
+                              ]
+                            }
+                          }
+                        ]
+                      },
+                      "type": "If",
+                      "description": "This decides the action taken on the summarized adaptive card"
+                    },
+                    "Condition_based_on_user_inputs_from_the_adaptive_card": {
+                      "actions": {
+                        "Condition__to_check_if_user_chosen_Block_IP": {
                           "actions": {
-                            "For_each": {
-                              "foreach": "@body('Entities_-_Get_URLs')?['URLs']",
-                              "actions": {
-                                "Condition": {
-                                  "actions": {
-                                    "Append_to_array_variable": {
-                                      "type": "AppendToArrayVariable",
-                                      "inputs": {
-                                        "name": "result",
-                                        "value": "@items('For_each_-_collecting_URL_from_address_objects')"
-                                      }
-                                    }
-                                  },
-                                  "expression": {
-                                    "and": [
-                                      {
-                                        "equals": [
-                                          "@items('For_each_-_collecting_URL_from_address_objects')?['fqdn']",
-                                          "@items('For_each')?['Url']"
-                                        ]
-                                      }
-                                    ]
-                                  },
-                                  "type": "If"
+                            "Create_an_address_object": {
+                              "type": "ApiConnection",
+                              "inputs": {
+                                "body": {
+                                  "entry": {
+                                    "@@name": "@triggerBody()?['Entity']?['properties']?['Address']",
+                                    "description": "@triggerBody()?['Entity']?['properties']?['Address']",
+                                    "ip-netmask": "@triggerBody()?['Entity']?['properties']?['Address']"
+                                  }
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/restapi/v10.0/Objects/Addresses",
+                                "queries": {
+                                  "address type": "ip-netmask",
+                                  "location": "vsys",
+                                  "name": "@triggerBody()?['Entity']?['properties']?['Address']",
+                                  "vsys": "vsys1"
                                 }
                               },
-                              "type": "Foreach"
+                              "description": "This creates a new address object for the malicious IP"
                             }
                           },
                           "expression": {
                             "and": [
                               {
-                                "contains": [
-                                  "@items('For_each_-_collecting_URL_from_address_objects')",
-                                  "fqdn"
+                                "equals": [
+                                  "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']",
+                                  "Block IP ( add to @{outputs('Configured_address_group')} address group )"
+                                ]
+                              },
+                              {
+                                "equals": [
+                                  "@length(body('Filter_array_of_Ip_address_from_list_of_address_objects'))",
+                                  0
                                 ]
                               }
                             ]
                           },
-                          "type": "If"
-                        }
-                      },
-                      "runAfter": {
-                        "List_custom_url_categories": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Foreach"
-                    },
-                    "For_each_-_collecting_urls_from_custom_URL_category": {
-                      "foreach": "@body('List_custom_url_categories')?['result']?['entry']",
-                      "actions": {
-                        "For_each_2": {
-                          "foreach": "@body('Entities_-_Get_URLs')?['URLs']",
+                          "type": "If",
+                          "description": "This check if user chooses Block IP"
+                        },
+                        "Condition_to_check_the_edit_an_address_object_group_status": {
                           "actions": {
-                            "Condition_2": {
+                            "Condition_to_check_the_action_of_adaptive_card_to_set_the_action_summary": {
                               "actions": {
-                                "Append_to_array_variable_2": {
+                                "Append_success_status_Blocked_IP_status_to_summary_card": {
                                   "type": "AppendToArrayVariable",
                                   "inputs": {
-                                    "name": "result1",
-                                    "value": "@items('For_each_-_collecting_urls_from_custom_URL_category')"
+                                    "name": "IPAddressAction",
+                                    "value": "IP Address : @{triggerBody()?['Entity']?['properties']?['Address']} ,  Action Taken :  Blocked  by               \n                       adding to @{outputs('Configured_address_group')}  ,  Status  :  Success"
+                                  },
+                                  "description": "append action taken to summarize on the adaptive card"
+                                }
+                              },
+                              "else": {
+                                "actions": {
+                                  "Append_success_status_UnBlocked_IP_status_to_summary_card": {
+                                    "type": "AppendToArrayVariable",
+                                    "inputs": {
+                                      "name": "IPAddressAction",
+                                      "value": "IP Address : @{triggerBody()?['Entity']?['properties']?['Address']} ,  Action Taken :  UnBlocked  by      \n                                  removing from @{outputs('Configured_address_group')}  ,  Status  :  Success"
+                                    },
+                                    "description": "append action taken to summarize on the adaptive card"
                                   }
                                 }
                               },
                               "expression": {
                                 "and": [
                                   {
-                                    "contains": [
-                                      "@items('For_each_-_collecting_urls_from_custom_URL_category')?['list']?['member']",
-                                      "@items('For_each_2')?['Url']"
+                                    "equals": [
+                                      "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']",
+                                      "Block IP ( add to @{outputs('Configured_address_group')} address group )"
                                     ]
                                   }
                                 ]
@@ -8800,19 +8635,454 @@
                               "type": "If"
                             }
                           },
-                          "type": "Foreach"
+                          "runAfter": {
+                            "Update_an_address_object_group": [
+                              "Succeeded"
+                            ]
+                          },
+                          "else": {
+                            "actions": {
+                              "Append_failure_status_to_summary_card": {
+                                "type": "AppendToArrayVariable",
+                                "inputs": {
+                                  "name": "IPAddressAction",
+                                  "value": "IP Address : @{triggerBody()?['Entity']?['properties']?['Address']} ,  Action Taken :  @{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']} ,  Status         :  Failure"
+                                },
+                                "description": "append action taken to summarize on the adaptive card"
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "equals": [
+                                  "@body('Update_an_address_object_group')?['@status']",
+                                  "success"
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If"
+                        },
+                        "Update_an_address_object_group": {
+                          "runAfter": {
+                            "Condition__to_check_if_user_chosen_Block_IP": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "entry": [
+                                {
+                                  "@@name": "@parameters('Address Group')",
+                                  "static": {
+                                    "member": "@{variables('AddressGroupMembers')}"
+                                  }
+                                }
+                              ]
+                            },
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
+                              }
+                            },
+                            "method": "put",
+                            "path": "/restapi/v10.0/Objects/AddressGroups",
+                            "queries": {
+                              "location": "vsys",
+                              "name": "@parameters('Address Group')",
+                              "vsys": "vsys1"
+                            }
+                          }
                         }
                       },
                       "runAfter": {
-                        "For_each_-_collecting_URL_from_address_objects": [
+                        "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3": [
                           "Succeeded"
                         ]
                       },
-                      "type": "Foreach"
+                      "else": {
+                        "actions": {
+                          "Append_to_array_variable_Ip_address_action_chosen": {
+                            "type": "AppendToArrayVariable",
+                            "inputs": {
+                              "name": "IPAddressAction",
+                              "value": "IP Address : @{triggerBody()?['Entity']?['properties']?['Address']} ,  Action Taken :  @{body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']} ,  Status :  Success                                               "
+                            },
+                            "description": "This appends the action taken on IP to the list of existing actions"
+                          }
+                        }
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "not": {
+                              "equals": [
+                                "@body('Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3')['submitActionId']",
+                                "Ignore"
+                              ]
+                            }
+                          }
+                        ]
+                      },
+                      "type": "If",
+                      "description": "condition to check the submit action is block / unblock or Ignore"
                     },
-                    "List_address_objects": {
+                    "Condition_to_check_if_Ip_address_already_present_in_list_of_address_objects": {
+                      "actions": {
+                        "Condition_to_check_if_Ip_already_present_in_predefined_address_group": {
+                          "actions": {
+                            "Append_address_group_text": {
+                              "type": "AppendToArrayVariable",
+                              "inputs": {
+                                "name": "AdaptiveCardBody",
+                                "value": {
+                                  "text": "The IP  @{triggerBody()?['Entity']?['properties']?['Address']} is already a member of the blocked address group @{outputs('Configured_address_group')}",
+                                  "type": "TextBlock",
+                                  "wrap": true
+                                }
+                              },
+                              "description": "append address group text to adaptive card dynamically"
+                            },
+                            "Filter_array_IP_address_from_the_list_of_address_objects_to_unreference": {
+                              "runAfter": {
+                                "Set_dynamic_action_name": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "Query",
+                              "inputs": {
+                                "from": "@variables('AddressGroupMembers')",
+                                "where": "@not(equals(item(), triggerBody()?['Entity']?['properties']?['Address']))"
+                              },
+                              "description": "This filters the IP address from predefined address group to unreference/unblock IP"
+                            },
+                            "Set_dynamic_action_name": {
+                              "runAfter": {
+                                "Append_address_group_text": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "ActionName",
+                                "value": "UnBlock IP"
+                              },
+                              "description": "variable to set action name dynamically"
+                            },
+                            "unreference_IP_address_from_the_existing_group_members": {
+                              "runAfter": {
+                                "Filter_array_IP_address_from_the_list_of_address_objects_to_unreference": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "AddressGroupMembers",
+                                "value": "@body('Filter_array_IP_address_from_the_list_of_address_objects_to_unreference')"
+                              },
+                              "description": "unreference IP address from the group members and update"
+                            }
+                          },
+                          "else": {
+                            "actions": {
+                              "Append_IP_address_to_the_address_group_members": {
+                                "runAfter": {
+                                  "Append_address_group_text_to_adaptive_card_body": [
+                                    "Succeeded"
+                                  ]
+                                },
+                                "type": "AppendToArrayVariable",
+                                "inputs": {
+                                  "name": "AddressGroupMembers",
+                                  "value": "@triggerBody()?['Entity']?['properties']?['Address']"
+                                },
+                                "description": "append IP address to the address group members"
+                              },
+                              "Append_address_group_text_to_adaptive_card_body": {
+                                "type": "AppendToArrayVariable",
+                                "inputs": {
+                                  "name": "AdaptiveCardBody",
+                                  "value": {
+                                    "text": "The IP  @{triggerBody()?['Entity']?['properties']?['Address']} is not a member of the blocked address group @{outputs('Configured_address_group')}",
+                                    "type": "TextBlock",
+                                    "wrap": true
+                                  }
+                                },
+                                "description": "append address group text to adaptive card dynamically"
+                              },
+                              "Set_dynamic_action_name_to_variable_Action_name": {
+                                "runAfter": {
+                                  "Append_IP_address_to_the_address_group_members": [
+                                    "Succeeded"
+                                  ]
+                                },
+                                "type": "SetVariable",
+                                "inputs": {
+                                  "name": "ActionName",
+                                  "value": "Block IP"
+                                },
+                                "description": "set action name dynamically"
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "contains": [
+                                  "@variables('AddressGroupMembers')",
+                                  "@triggerBody()?['Entity']?['properties']?['Address']"
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If",
+                          "description": "condition to check the malicious IP address is present in the predefined address group and the IP is part of static member"
+                        }
+                      },
                       "runAfter": {
-                        "Variable_for_storing_results_2": [
+                        "Condition_to_check_if_the_IP_is_a_part_of_security_policy_rules": [
+                          "Succeeded"
+                        ]
+                      },
+                      "else": {
+                        "actions": {
+                          "Append_IP_to_array_of_address_group_members": {
+                            "runAfter": {
+                              "Append_to_array_variable_text_if_IP_is_not_a_member_of_blocked_address_group": [
+                                "Succeeded"
+                              ]
+                            },
+                            "type": "AppendToArrayVariable",
+                            "inputs": {
+                              "name": "AddressGroupMembers",
+                              "value": "@triggerBody()?['Entity']?['properties']?['Address']"
+                            },
+                            "description": "append the Malicious IP address to the existing group members to block / unblock from the predefined address group"
+                          },
+                          "Append_to_array_variable_text_if_IP_is_not_a_member_of_blocked_address_group": {
+                            "type": "AppendToArrayVariable",
+                            "inputs": {
+                              "name": "AdaptiveCardBody",
+                              "value": {
+                                "text": "The IP  @{triggerBody()?['Entity']?['properties']?['Address']} is not a member of the blocked address group @{outputs('Configured_address_group')}",
+                                "type": "TextBlock",
+                                "wrap": true
+                              }
+                            },
+                            "description": "This appends the text to display If Ip is not a member of security policy rules"
+                          },
+                          "Set_variable_to_Block_Ip": {
+                            "runAfter": {
+                              "Append_IP_to_array_of_address_group_members": [
+                                "Succeeded"
+                              ]
+                            },
+                            "type": "SetVariable",
+                            "inputs": {
+                              "name": "ActionName",
+                              "value": "Block IP"
+                            },
+                            "description": "This sets the variable block IP"
+                          }
+                        }
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "greater": [
+                              "@length(body('Filter_array_of_Ip_address_from_list_of_address_objects'))",
+                              0
+                            ]
+                          }
+                        ]
+                      },
+                      "type": "If",
+                      "description": "This checks if Ip is a member of any of the list of address objects"
+                    },
+                    "Condition_to_check_if_the_IP_is_a_part_of_security_policy_rules": {
+                      "actions": {
+                        "Append_policy_text": {
+                          "type": "AppendToArrayVariable",
+                          "inputs": {
+                            "name": "AdaptiveCardBody",
+                            "value": {
+                              "text": "It is also member of the following security policy rules",
+                              "type": "TextBlock"
+                            }
+                          },
+                          "description": "dynamic policy text based on security policies"
+                        },
+                        "Append_security_policies": {
+                          "runAfter": {
+                            "Append_policy_text": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "AppendToArrayVariable",
+                          "inputs": {
+                            "name": "AdaptiveCardBody",
+                            "value": {
+                              "columns": [
+                                {
+                                  "items": "@body('Select_security_policy_rules')",
+                                  "type": "Column"
+                                }
+                              ],
+                              "type": "ColumnSet"
+                            }
+                          },
+                          "description": "append security policies which the IP address is exist"
+                        }
+                      },
+                      "runAfter": {
+                        "Select_security_policy_rules": [
+                          "Succeeded"
+                        ]
+                      },
+                      "else": {
+                        "actions": {
+                          "Append_policy_text_to_adaptive_card_body_variable": {
+                            "type": "AppendToArrayVariable",
+                            "inputs": {
+                              "name": "AdaptiveCardBody",
+                              "value": {
+                                "text": "It is not a member of any other Policy Rules",
+                                "type": "TextBlock"
+                              }
+                            },
+                            "description": "dynamic policy text based on security policies"
+                          },
+                          "Append_security_policies_to_adaptive_card_body_variable": {
+                            "runAfter": {
+                              "Append_policy_text_to_adaptive_card_body_variable": [
+                                "Succeeded"
+                              ]
+                            },
+                            "type": "AppendToArrayVariable",
+                            "inputs": {
+                              "name": "AdaptiveCardBody"
+                            },
+                            "description": "append security policies which the IP address is exist"
+                          }
+                        }
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "greater": [
+                              "@length(body('Select_security_policy_rules'))",
+                              0
+                            ]
+                          }
+                        ]
+                      },
+                      "type": "If",
+                      "description": "condition to check if the IP address is present in the existing security policy rules to conditionally apply the policy text and security policy rules"
+                    },
+                    "Configured_address_group": {
+                      "runAfter": {
+                        "Set_variable_address_group_members": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Compose",
+                      "inputs": "@body('List_address_groups')?['result']?['entry']?[0]?['@name']",
+                      "description": "compose predefined address group"
+                    },
+                    "Filter_array_Ip_from_list_of_security_rules": {
+                      "runAfter": {
+                        "Configured_address_group": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Query",
+                      "inputs": {
+                        "from": "@body('List_security_rules')?['result']?['entry']",
+                        "where": "@contains(item()?['source']?['member'], triggerBody()?['Entity']?['properties']?['Address'])"
+                      },
+                      "description": "This filters all the security rules in which this Ip is a member"
+                    },
+                    "Filter_array_of_Ip_address_from_list_of_address_objects": {
+                      "runAfter": {
+                        "Set_variable_adaptive_card_body": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Query",
+                      "inputs": {
+                        "from": "@body('List_address_objects')?['result']?['entry']",
+                        "where": "@equals(item()?['ip-netmask'], triggerBody()?['Entity']?['properties']?['Address'])"
+                      },
+                      "description": "This filters the list of address objects in which this Ip is a member "
+                    },
+                    "Initialize_variable_IP_address_action": {
+                      "runAfter": {
+                        "Initialize_variable_address_group_members": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "IPAddressAction",
+                            "type": "array"
+                          }
+                        ]
+                      },
+                      "description": "This holds the action taken on each IP "
+                    },
+                    "Initialize_variable_action_name": {
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "ActionName",
+                            "type": "string"
+                          }
+                        ]
+                      },
+                      "description": "variable to store action name to be displayed on adaptive card"
+                    },
+                    "Initialize_variable_adaptive_card_body": {
+                      "runAfter": {
+                        "Initialize_variable_action_name": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "AdaptiveCardBody",
+                            "type": "array"
+                          }
+                        ]
+                      },
+                      "description": "variable to store adaptive card body json"
+                    },
+                    "Initialize_variable_address_group_members": {
+                      "runAfter": {
+                        "Initialize_variable_adaptive_card_body": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "AddressGroupMembers",
+                            "type": "array"
+                          }
+                        ]
+                      },
+                      "description": "variable to store the list of address group members"
+                    },
+                    "List_address_groups": {
+                      "runAfter": {
+                        "Filter_array_of_Ip_address_from_list_of_address_objects": [
                           "Succeeded"
                         ]
                       },
@@ -8820,7 +9090,30 @@
                       "inputs": {
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['PAN-OSRestApiCustomConnector']['connectionId']"
+                            "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
+                          }
+                        },
+                        "method": "get",
+                        "path": "/restapi/v10.0/Objects/AddressGroups",
+                        "queries": {
+                          "location": "vsys",
+                          "name": "testaddressgroup",
+                          "vsys": "vsys1"
+                        }
+                      },
+                      "description": "This gets complete list of address object groups present in the PAN-OS"
+                    },
+                    "List_address_objects": {
+                      "runAfter": {
+                        "Initialize_variable_IP_address_action": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
                           }
                         },
                         "method": "get",
@@ -8830,9 +9123,9 @@
                           "vsys": "vsys1"
                         }
                       },
-                      "description": "This Lists all the address objects present in the PAN-OS"
+                      "description": "This gets complete list of address object present in the PAN-OS"
                     },
-                    "List_custom_url_categories": {
+                    "List_security_rules": {
                       "runAfter": {
                         "List_address_objects": [
                           "Succeeded"
@@ -8842,57 +9135,196 @@
                       "inputs": {
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['PAN-OSRestApiCustomConnector']['connectionId']"
+                            "name": "@parameters('$connections')['PaloAltoConnector']['connectionId']"
                           }
                         },
                         "method": "get",
-                        "path": "/restapi/v10.0/Objects/CustomURLCategories",
+                        "path": "/restapi/v10.0/Policies/SecurityRules",
                         "queries": {
                           "location": "vsys",
                           "vsys": "vsys1"
                         }
-                      }
+                      },
+                      "description": "This gets complete list of security policy rules present in the PAN-OS"
                     },
-                    "Variable_for_storing_results": {
+                    "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response": {
                       "runAfter": {
-                        "Entities_-_Get_URLs": [
+                        "Set_variable_actions_on_IP_to_be_displayed_on_adaptive_card": [
                           "Succeeded"
                         ]
                       },
-                      "type": "InitializeVariable",
+                      "type": "ApiConnectionWebhook",
                       "inputs": {
-                        "variables": [
-                          {
-                            "name": "result",
-                            "type": "array"
+                        "body": {
+                          "body": {
+                            "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on IP's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_IP_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No :   \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident]()\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Microsoft Sentinel incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Microsoft Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n{\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
+                            "recipient": {
+                              "channelId": "@parameters('Teams channel Id')"
+                            },
+                            "shouldUpdateCard": true
+                          },
+                          "notificationUrl": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['teams']['connectionId']"
                           }
-                        ]
+                        },
+                        "path": "/flowbot/actions/flowcontinuation/recipienttypes/channel/$subscriptions",
+                        "queries": {
+                          "groupId": "@parameters('Teams Group Id')"
+                        }
                       }
                     },
-                    "Variable_for_storing_results_2": {
+                    "Post_an_Adaptive_Card_to_a_Teams_channel_and_wait_for_a_response_3": {
                       "runAfter": {
-                        "Variable_for_storing_results": [
+                        "Condition_to_check_if_Ip_address_already_present_in_list_of_address_objects": [
                           "Succeeded"
                         ]
                       },
-                      "type": "InitializeVariable",
+                      "type": "ApiConnectionWebhook",
                       "inputs": {
-                        "variables": [
+                        "body": {
+                          "body": {
+                            "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\":@{variables('AdaptiveCardBody')} ,\n     \"actions\": [\n  {\n    \"title\": \"@{variables('ActionName')} ( add to @{outputs('Configured_address_group')} address group )\",\n    \"type\": \"Action.Submit\"\n  },\n  {\n    \"title\": \"Ignore\",\n    \"type\": \"Action.Submit\"\n  }\n],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
+                            "recipient": {
+                              "channelId": "@parameters('Teams channel Id')"
+                            },
+                            "shouldUpdateCard": true
+                          },
+                          "notificationUrl": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['teams']['connectionId']"
+                          }
+                        },
+                        "path": "/flowbot/actions/flowcontinuation/recipienttypes/channel/$subscriptions",
+                        "queries": {
+                          "groupId": "@parameters('Teams Group Id')"
+                        }
+                      }
+                    },
+                    "Select_security_policy_rules": {
+                      "runAfter": {
+                        "Filter_array_Ip_from_list_of_security_rules": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Select",
+                      "inputs": {
+                        "from": "@body('Filter_array_Ip_from_list_of_security_rules')",
+                        "select": {
+                          "text": " @{item()?['@name']}, action :  @{item()?['action']}",
+                          "type": "TextBlock",
+                          "weight": "bolder"
+                        }
+                      },
+                      "description": "prepare columns list to show the security policy rules in the adaptive card if IP address is present"
+                    },
+                    "Set_variable_actions_on_IP_to_be_displayed_on_adaptive_card": {
+                      "runAfter": {
+                        "Condition_based_on_user_inputs_from_the_adaptive_card": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Select",
+                      "inputs": {
+                        "from": "@variables('IPAddressAction')",
+                        "select": {
+                          "text": "@item()",
+                          "type": "TextBlock"
+                        }
+                      },
+                      "description": "This is used to compose the list of actions taken by SOC on respective IP addresses"
+                    },
+                    "Set_variable_adaptive_card_body": {
+                      "runAfter": {
+                        "List_security_rules": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "SetVariable",
+                      "inputs": {
+                        "name": "AdaptiveCardBody",
+                        "value": [
                           {
-                            "name": "result1",
-                            "type": "array"
+                            "size": "Large",
+                            "text": "Suspicious IP - Microsoft Sentinel",
+                            "type": "TextBlock",
+                            "weight": "Bolder",
+                            "wrap": true
+                          },
+                          {
+                            "text": "Possible Comprised IP @{triggerBody()?['Entity']?['properties']?['Address']} detected by the provider  :  ",
+                            "type": "TextBlock",
+                            "wrap": true
+                          },
+                          {
+                            "text": "  Incident  ",
+                            "type": "TextBlock",
+                            "weight": "Bolder",
+                            "wrap": true
+                          },
+                          {
+                            "text": " Incident No :   ",
+                            "type": "TextBlock",
+                            "weight": "Bolder",
+                            "wrap": true
+                          },
+                          {
+                            "text": "Incident description",
+                            "type": "TextBlock",
+                            "weight": "Bolder",
+                            "wrap": true
+                          },
+                          {
+                            "text": "[variables('blanks')]",
+                            "type": "TextBlock",
+                            "wrap": true
+                          },
+                          {
+                            "text": "[[[[Click here to view the Incident]()",
+                            "type": "TextBlock",
+                            "wrap": true
+                          },
+                          {
+                            "size": "Medium",
+                            "text": "Response in PAN-OS",
+                            "type": "TextBlock",
+                            "weight": "Bolder"
+                          },
+                          {
+                            "size": "Small",
+                            "style": "Person",
+                            "type": "Image",
+                            "url": "https://avatars2.githubusercontent.com/u/4855743?s=280&v=4"
                           }
                         ]
-                      }
+                      },
+                      "description": "variable to hold adaptive card body"
+                    },
+                    "Set_variable_address_group_members": {
+                      "runAfter": {
+                        "List_address_groups": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "SetVariable",
+                      "inputs": {
+                        "name": "AddressGroupMembers",
+                        "value": "@body('List_address_groups')?['result']?['entry']?[0]?['static']?['member']"
+                      },
+                      "description": "assign list of address group members"
                     }
                   }
                 },
                 "parameters": {
                   "$connections": {
                     "value": {
-                      "PAN-OSRestApiCustomConnector": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('PAN-OsrestapicustomconnectorConnectionName'))]",
-                        "connectionName": "[[variables('PAN-OsrestapicustomconnectorConnectionName')]",
+                      "PaloAltoConnector": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]",
+                        "connectionName": "[[variables('PaloaltoconnectorConnectionName')]",
                         "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]"
                       },
                       "azuresentinel": {
@@ -8904,6 +9336,11 @@
                             "type": "ManagedServiceIdentity"
                           }
                         }
+                      },
+                      "teams": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('TeamsConnectionName'))]",
+                        "connectionName": "[[variables('TeamsConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Teams')]"
                       }
                     }
                   }
@@ -8912,28 +9349,29 @@
               "name": "[[parameters('PlaybookName')]",
               "type": "Microsoft.Logic/workflows",
               "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "hidden-SentinelTemplateName": "PaloAlto-PAN-OS-GetURLCategoryInfo",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
               "identity": {
                 "type": "SystemAssigned"
               },
+              "tags": {
+                "hidden-SentinelTemplateName": "PaloAlto-PAN-OS-BlockIP-EntityTrigger",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
               "apiVersion": "2017-07-01",
               "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('PAN-OsrestapicustomconnectorConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
+                "[[resourceId('Microsoft.Web/connections', variables('PaloaltoconnectorConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('TeamsConnectionName'))]"
               ]
             },
             {
               "type": "Microsoft.Web/connections",
               "apiVersion": "2016-06-01",
-              "name": "[[variables('PAN-OsrestapicustomconnectorConnectionName')]",
+              "name": "[[variables('PaloaltoconnectorConnectionName')]",
               "location": "[[variables('workspace-location-inline')]",
               "kind": "V1",
               "properties": {
-                "displayName": "[[variables('PAN-OsrestapicustomconnectorConnectionName')]",
+                "displayName": "[[variables('PaloaltoconnectorConnectionName')]",
                 "api": {
                   "id": "[[variables('_connection-2')]"
                 }
@@ -8953,6 +9391,19 @@
                 }
               }
             },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('TeamsConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('TeamsConnectionName')]",
+                "api": {
+                  "id": "[[variables('_connection-4')]"
+                }
+              }
+            },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
@@ -8990,26 +9441,23 @@
             }
           ],
           "metadata": {
-            "comments": "This playbook uses the PaloAlto connector to automatically enrich incidents generated by Sentinel for address object details and URL filtering category information from PAN-OS",
-            "title": "PaloAlto-PAN-OS-GetURLCategoryInfo",
-            "description": " When a new sentinal incident is created, this playbook gets triggered and performs below actions:",
-            "mainSteps": [
-              "1. Fetches the address group details and URL filtering category information from PAN-OS \n\n 2. Updates all the collected information in incident \n\n ![PaloAlto-PAN-OS-GetURLCategoryInfo](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAlto-PAN-OS-GetURLCategoryInfo/designerscreenshot.PNG?raw=true)"
-            ],
+            "title": "Block IP - Palo Alto PAN-OS - Entity trigger",
+            "description": "This playbook interacts with relevant stakeholders, such incident response team, to approve blocking/allowing IPs in Palo Alto PAN-OS, using **Address Object Groups**. This allows to make changes on predefined address group, which is attached to predefined security policy rule.",
             "prerequisites": [
-              "1. PAN-OS Custom Connector needs to be deployed prior to the deployment of this playbook under the same subscription. \n\n 2. Generate an API key. [Refer this link on how to generate the API Key](https://paloaltolactest.trafficmanager.net/restapi-doc/#tag/key-generation)"
+              "1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key. [Refer this link on how to generate the API Key](https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key) \n\n 3. Address group should be created for PAN-OS and this should be used while creating playbooks."
             ],
-            "lastUpdateTime": "2023-05-30T00:00:00Z",
+            "lastUpdateTime": "2022-12-06T00:00:00Z",
             "entities": [
-              "url"
+              "Ip"
             ],
             "tags": [
-              "Enrichment",
-              "PaloAlto",
+              "Remediation",
+              "Response from teams",
+              "Paloalto",
               "Pan-os"
             ],
             "postDeployment": [
-              "** a. Authorize connections ** Once deployment is complete, you will need to authorize each connection. \n\n 1. Click the Microsoft Sentinel connection resource \n\n 2. Click edit API connection \n\n 3. Click Authorize \n\n 4. Sign in \n\n 5. Click Save \n\n 6. Repeat steps for PAN-OS API Connection (For authorizing the PAN-OS API connection, API Key needs to be provided) \n\n ** b. Configurations in Sentinel ** 1. In Microsoft sentinel analytical rules should be configured to trigger an incident with risky user account \n\n 2. Configure the automation rules to trigger this playbook"
+              "**a. Authorize connections** \n\n Once deployment is complete, you will need to authorize each connection. \n\n 1. Click the Microsoft Sentinel connection resource \n\n 2. Click edit API connection \n\n 3. Click Authorize \n\n 4. Sign in \n\n 5. Click Save \n\n 6. Repeat steps for other connection such as Teams connection and PAN-OS API connection (For authorizing the PAN-OS API connection, API Key needs to be provided) \n\n **b. Configurations in Sentinel** \n\n 1. In Microsoft sentinel analytical rules should be configured to trigger an incident with risky IP \n\n 2. Configure the automation rules to trigger this playbook"
             ],
             "releaseNotes": {
               "version": "1.0",
@@ -9027,863 +9475,12 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('_playbookContentId9')]",
         "contentKind": "Playbook",
-        "displayName": "PaloAlto-PAN-OS-GetURLCategoryInfo",
+        "displayName": "PaloAlto-PAN-OS-BlockIP-EntityTrigger",
         "contentProductId": "[variables('_playbookcontentProductId9')]",
         "id": "[variables('_playbookcontentProductId9')]",
         "version": "[variables('playbookVersion9')]"
       }
     },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('workbookTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoOverviewWorkbook Workbook with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('workbookVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.Insights/workbooks",
-              "name": "[variables('workbookContentId1')]",
-              "location": "[parameters('workspace-location')]",
-              "kind": "shared",
-              "apiVersion": "2021-08-01",
-              "metadata": {
-                "description": "Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results."
-              },
-              "properties": {
-                "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"font-size: 200%;\\\">Palo Alto Networks overview</div>\"},\"name\":\"text - 0\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"query\":\"\",\"parameters\":[{\"id\":\"a5c18655-3e2d-4d12-8ba4-82e57b296581\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":2592000000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true}},{\"id\":\"32f5a8aa-9c54-4fd1-a2b9-8461b2c57f55\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Source_IP\",\"label\":\"Source IP\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"CommonSecurityLog\\r\\n| summarize Count = count()/1000 by SourceIP\\r\\n| where SourceIP != \\\"\\\"\\r\\n| order by Count desc, SourceIP asc\\r\\n| project Value = SourceIP, Label = strcat(SourceIP, \\\" - \\\", Count, \\\"k\\\"), Selected = false\\r\\n\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\"},\"timeContext\":{\"durationMs\":1800000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"b937ca33-bc62-4183-bc0f-9ad8306dc36a\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Destination_IP\",\"label\":\"Destination IP\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"CommonSecurityLog\\r\\n| summarize Count = count()/1000 by DestinationIP\\r\\n| where DestinationIP != \\\"\\\"\\r\\n| order by Count desc, DestinationIP asc\\r\\n| project Value = DestinationIP, Label = strcat(DestinationIP, \\\" - \\\", Count, \\\"k\\\"), Selected = false\",\"value\":[\"value::all\"],\"typeSettings\":{\"limitSelectTo\":10,\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\"},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"query\":\"\",\"parameters\":[{\"id\":\"7f28bae3-a11f-408a-832f-77a0f3e633d7\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"EventClass\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| distinct DeviceEventClassID\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\"},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 35\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP})\\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where \\\"{EventClass:lable}\\\" == \\\"All\\\" or \\\"{EventClass:lable}\\\" == \\\"All\\\" or DeviceEventClassID in ({EventClass});\\r\\ndata\\r\\n| summarize Count = count() by Activity\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by Activity)\\r\\n on Activity\\r\\n| project-away Activity1, TimeGenerated\\r\\n| extend Activitys = Activity\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend Activity = 'All', Activitys = '*' \\r\\n)\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":4,\"exportFieldName\":\"Activity\",\"exportParameterName\":\"activities\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Activities, by volume\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Activity\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Count\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blueDark\",\"showIcon\":true}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"lightBlue\",\"showIcon\":true}},{\"columnMatch\":\"Activitys\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"jkey\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"jkey1\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Activity\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"showIcon\":true}},\"showBorder\":false}},\"name\":\"all activities\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP})\\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where \\\"{EventClass:lable}\\\" == \\\"All\\\" or DeviceEventClassID in ({EventClass})\\r\\n| where '{activities}' == \\\"All\\\" or Activity == '{activities}'\\r\\n| summarize LogVolume=count() by DeviceEventClassID, bin_at(TimeGenerated, {TimeRange:grain}, {TimeRange:start})\",\"size\":0,\"aggregation\":3,\"exportToExcelOptions\":\"visible\",\"title\":\"Event trend, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DeviceEventClassID\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"LogVolume\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"Event trend by time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"//trend by sevearity\\r\\nCommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where \\\"{EventClass:lable}\\\" == \\\"All\\\" or DeviceEventClassID in ({EventClass})\\r\\n| where '{activities}' == \\\"All\\\" or Activity == '{activities}'\\r\\n| summarize count() by bin_at(TimeGenerated, {TimeRange:grain},{TimeRange:start}), LogSeverity\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Events severity, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"LogSeverity\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"LogSeverity\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"count_\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"Events severity over time\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n### Traffic events summary\"},\"name\":\"text - 11\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ \\\"Traffic\\\";\\r\\ndata\\r\\n| summarize Count = count() by DeviceEventClassID\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeviceEventClassID)\\r\\n on DeviceEventClassID\\r\\n| project-away DeviceEventClassID1, TimeGenerated\\r\\n| extend DeviceEventClassIDs = DeviceEventClassID\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend DeviceEventClassID = 'All', DeviceEventClassIDs = '*' \\r\\n)\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":4,\"exportFieldName\":\"DeviceEventClassID\",\"exportParameterName\":\"EventClass\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Device events Id summary - click to filter the graph below\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DeviceEventClassID\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"50\",\"name\":\"Traffic event summary\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ \\\"Traffic\\\";\\r\\ndata\\r\\n| summarize Count = count() by DeviceAction\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeviceAction)\\r\\n on DeviceAction\\r\\n| project-away DeviceAction1, TimeGenerated\\r\\n| extend DeviceAction = DeviceAction\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend DeviceAction = 'All', DeviceActions = '*' \\r\\n)\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":4,\"exportFieldName\":\"DeviceAction\",\"exportParameterName\":\"DeviceAction\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Device action summary - click to filter the graph below\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DeviceAction\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Count\",\"formatter\":3,\"formatOptions\":{\"palette\":\"blueDark\",\"showIcon\":true}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blueDark\",\"showIcon\":true}},{\"columnMatch\":\"jkey\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"jkey1\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"DeviceActions\",\"formatter\":5,\"formatOptions\":{\"showIcon\":true}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DeviceAction\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Traffic activity summary\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'TRAFFIC'\\r\\n| where '{EventClass}' == \\\"All\\\" or DeviceEventClassID=='{EventClass}'\\r\\n| summarize EventCount= count() by DeviceAction, bin_at(TimeGenerated, {TimeRange:grain}, {TimeRange:start})\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Device action, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\"},\"customWidth\":\"50\",\"name\":\"Traffic activity by time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where '{DeviceAction}' == \\\"All\\\" or DeviceAction=='{DeviceAction}'\\r\\n| where Activity =~ \\\"Traffic\\\"\\r\\n| summarize EventCount= count() by DeviceEventClassID, bin_at(TimeGenerated, {TimeRange:grain}, {TimeRange:start})\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Device events Id, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\"},\"customWidth\":\"50\",\"name\":\"Traffic class ID by time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS' \\r\\n| where DeviceVendor =~ 'Palo Alto Networks' \\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'TRAFFIC' \\r\\n| where DeviceEventClassID =~ 'end' \\r\\n| extend Reason = coalesce(\\r\\n                            column_ifexists(\\\"Reason\\\", \\\"\\\"),\\r\\n                            extract(';reason=(.*?);',1,AdditionalExtensions),\\r\\n                            \\\"\\\"\\r\\n                        )\\r\\n| summarize ReasonCount= count() by  Reason, TimeGenerated  \\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Reasons for session ending, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\"},\"customWidth\":\"50\",\"name\":\"Reasons for session ending\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"// Data sent outbound vs inbound\\r\\nCommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'TRAFFIC'\\r\\n| extend Direction=iff(DeviceCustomString4=~'Trust','Outbound' ,'Inbound' )\\r\\n| summarize DataSentOutBoundMB=sumif(SentBytes, Direction=~'Outbound')/1048576,   DataRecievedInboundMB=sumif(ReceivedBytes, Direction=~'Inbound')/1048576 by TimeGenerated\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Sent and received data, by volume\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\"},\"customWidth\":\"50\",\"name\":\"Sent and received data by volume\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Web filter\"},\"name\":\"text - 12\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID  =~ 'url'\\r\\n| where DeviceAction contains 'block'\\r\\n| summarize ProtocolCount=count()  by ApplicationProtocol\\r\\n| top 5 by ProtocolCount desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 blocked URLs, by application protocol\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ProtocolCount\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"purple\",\"showIcon\":true}}]}},\"customWidth\":\"25\",\"name\":\"Top 5 blocked URLs by application protocol\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID  =~ 'url'\\r\\n| where DeviceAction in ('block-url', 'block-continue')\\r\\n| summarize CategoryCount=count() by DeviceCustomString2\\r\\n| project-rename CategoryName= DeviceCustomString2\\r\\n| top 5 by CategoryCount\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 URL blocked, by category\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"CategoryName\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"CategoryCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"25\",\"name\":\"op 5 URL blocked by category\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'url'\\r\\n| where DeviceAction in ('block-url', 'block-continue')\\r\\n| summarize URLCount=count() by RequestURL\\r\\n| top 5 by URLCount desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 blocked URLs\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"25\",\"name\":\"Top 5 blocked URLs\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID  =~ 'url'\\r\\n| summarize ProtocolCount=count() by ApplicationProtocol\\r\\n| top 5 by ProtocolCount desc\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 URLs, by application protocols\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ProtocolCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"25\",\"name\":\"Top 5 URLs by application protocols\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'url'\\r\\n| where DeviceAction in ('alert', 'continue')\\r\\n| summarize URLCount=count() by RequestURL\\r\\n| top 5 by URLCount desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 allowed URLs\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"RequestURL\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"URLCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"25\",\"name\":\"Top 5 allowed URLs\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'url'\\r\\n| summarize ActionCount=count() by DeviceAction\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"URL threat event summary\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DeviceAction\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ActionCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"25\",\"name\":\"URL threat event summary\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'url'\\r\\n| where DeviceAction contains 'block'\\r\\n| extend PAReferer= extract(';PanOSReferer=(.*?);',1,AdditionalExtensions)\\r\\n| where PAReferer !=''\\r\\n| summarize RefererCount= count() by PAReferer\\r\\n| top 5 by RefererCount desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 referrers for blocked URLs\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"25\",\"name\":\"Top 5 referrers for blocked URLs\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID  =~ 'url'\\r\\n| where DeviceAction in ('alert', 'continue')\\r\\n| summarize CategoryCount=count() by DeviceCustomString2\\r\\n| project-rename CategoryName= DeviceCustomString2\\r\\n| top 5 by CategoryCount desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 allowed URLs, by category\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"CategoryName\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"CategoryCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"25\",\"name\":\"Top 5 allowed URLs, by category\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID  =~ 'url'\\r\\n| where DeviceAction !contains 'block'\\r\\n| summarize ProtocolCount=count()  by ApplicationProtocol\\r\\n| top 5 by ProtocolCount desc\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 allowed URLs, by application protocol\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ProtocolCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"33\",\"name\":\"Top 5 allowed URLs by application protocol\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'url'\\r\\n| summarize ActionCount=count() by DeviceAction, TimeGenerated\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Web filter ativity, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DeviceAction\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ActionCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"33\",\"name\":\"Web filter ativity by time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where DeviceEventClassID =~ 'url'\\r\\n| where DeviceAction in ('alert', 'continue')\\r\\n| summarize IPCount=count() by SourceIP\\r\\n| top 5 by IPCount  desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 allowed web traffic source IP addresses\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"SourceIP\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"IPCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"33\",\"name\":\"Top 5 allowed web traffic source IP addresses\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Wildfire\"},\"name\":\"text - 24\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'wildfire'\\r\\n| summarize ActionCount=count() by DeviceAction, TimeGenerated\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Wildfire events, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\"},\"customWidth\":\"50\",\"name\":\"Wildfire events, by time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~'wildfire'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP});\\r\\ndata\\r\\n| summarize Count = count() by DeviceAction\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeviceAction)\\r\\n on DeviceAction\\r\\n| project-away DeviceAction1, TimeGenerated\\r\\n| extend DeviceActions = DeviceAction\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend DeviceAction = 'All', DeviceActions = '*' \\r\\n)\\r\\n| project DeviceAction, Count, Trend\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":4,\"exportFieldName\":\"DeviceAction\",\"exportParameterName\":\"DeviceAction\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 Wildfire activities\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DeviceAction\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Count\",\"formatter\":3,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"grayBlue\",\"showIcon\":true}},{\"columnMatch\":\"DeviceActions\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"jkey\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"jkey1\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}}],\"sortBy\":[{\"itemKey\":\"DeviceAction\",\"sortOrder\":1}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DeviceAction\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"25\",\"name\":\"Top 5 Wildfire activities\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~'wildfire'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP});\\r\\ndata\\r\\n| summarize Count = count() by DeviceCustomString2\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeviceCustomString2)\\r\\n on DeviceCustomString2\\r\\n| project-away DeviceCustomString21, TimeGenerated\\r\\n| extend DeviceCustomString2s = DeviceCustomString2\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend DeviceCustomString2 = 'All', DeviceCustomString2s = '*' \\r\\n)\\r\\n| project DeviceCustomString2, Count, Trend\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":4,\"exportFieldName\":\"DeviceCustomString2\",\"exportParameterName\":\"DeviceString\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 Wildfire verdicts\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DeviceAction\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Count\",\"formatter\":3,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"grayBlue\",\"showIcon\":true}},{\"columnMatch\":\"DeviceActions\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"jkey\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"jkey1\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}}],\"sortBy\":[{\"itemKey\":\"DeviceAction\",\"sortOrder\":1}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DeviceCustomString2\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"25\",\"name\":\"Top 5 Wildfire verdicts\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'wildfire'\\r\\n| where '{DeviceAction}' == \\\"All\\\" or DeviceAction=='{DeviceAction}'\\r\\n| where '{DeviceString}' == \\\"All\\\" or DeviceCustomString2=='{DeviceString}'\\r\\n| project TimeGenerated, ReceiptTime, LogSeverity, DeviceAction, ['URL Category'] =DeviceCustomString2, DestinationPort, DestinationIP, Message, SourcePort, SourceIP, DestinationUserID, RequestURL\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Wildfire events\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"filter\":true}},\"name\":\"Wildfire events\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## General statistics\"},\"name\":\"text - 30\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where DeviceEventClassID  =~ 'file'\\r\\n| where DeviceAction contains 'deny'\\r\\n| summarize ProtocolCount=count()  by ApplicationProtocol\\r\\n| top 5 by ProtocolCount desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 denied files, by application protocol\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ProtocolCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"33\",\"name\":\"Top 5 denied files by application protocol\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where DeviceEventClassID  =~ 'file'\\r\\n| where DeviceAction !contains 'deny'\\r\\n| summarize ProtocolCount=count()  by ApplicationProtocol\\r\\n| top 5 by ProtocolCount desc\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top 5 allowed files, by application protocol\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ProtocolCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"customWidth\":\"33\",\"name\":\"Top 5 allowed files by application protocol\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"//Palo Alto File Category By Action Summary\\r\\nCommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS' \\r\\n| where DeviceVendor =~ 'Palo Alto Networks' \\r\\n| where Activity =~ 'THREAT'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where DeviceEventClassID =~ 'file' \\r\\n| extend PACategory= coalesce(\\r\\n                            column_ifexists(\\\"DeviceEventCategory\\\", \\\"\\\"),\\r\\n                            extract(';cat=(.*?)($|;)',1,AdditionalExtensions),\\r\\n                            \\\"\\\"\\r\\n                        )\\r\\n| summarize CategoryCount=count() by PACategory\\r\\n| sort by CategoryCount\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Summary of Palo Alto file categories, by activity\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"PACategory\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"CategoryCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}}]}},\"customWidth\":\"33\",\"name\":\"Summary of Palo Alto file categories by activity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~'file'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP});\\r\\ndata\\r\\n| summarize Count = count() by DeviceAction\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeviceAction)\\r\\n on DeviceAction\\r\\n| project-away DeviceAction1, TimeGenerated\\r\\n| extend DeviceActions = DeviceAction\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend DeviceAction = 'All', DeviceActions = '*' \\r\\n)\\r\\n| project DeviceAction, Count, Trend\\r\\n| order by Count desc\\r\\n| take 10\\r\\n\",\"size\":4,\"exportFieldName\":\"DeviceAction\",\"exportParameterName\":\"SelectedDA\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Summary of file type activities\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DeviceAction\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"25\",\"name\":\"Summary of file type activities\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~ 'file'\\r\\n| where \\\"{Destination_IP:lable}\\\"==\\\"All\\\" or DestinationIP in ({Destination_IP}) \\r\\n| where \\\"{Source_IP:lable}\\\" == \\\"All\\\" or SourceIP in ({Source_IP})\\r\\n| where '{SelectedDA}' == \\\"All\\\" or DeviceAction == '{SelectedDA}'\\r\\n| summarize ActionCount=count() by DeviceAction, bin(TimeGenerated, {TimeRange:grain})\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Compare allowed and denied files, by time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\"},\"name\":\"Compare allowed and denied files by time\"}],\"fromTemplateId\":\"sentinel-PaloAltoOverview\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
-                "version": "1.0",
-                "sourceId": "[variables('workspaceResourceId')]",
-                "category": "sentinel"
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
-              "properties": {
-                "description": "@{workbookKey=PaloAltoOverviewWorkbook; logoFileName=paloalto_logo.svg; description=Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.2.0; title=Palo Alto overview; templateRelativePath=PaloAltoOverview.json; subtitle=; provider=Microsoft}.description",
-                "parentId": "[variables('workbookId1')]",
-                "contentId": "[variables('_workbookContentId1')]",
-                "kind": "Workbook",
-                "version": "[variables('workbookVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAlto-PAN-OS",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                },
-                "dependencies": {
-                  "operator": "AND",
-                  "criteria": [
-                    {
-                      "contentId": "CommonSecurityLog",
-                      "kind": "DataType"
-                    },
-                    {
-                      "contentId": "PaloAltoNetworks",
-                      "kind": "DataConnector"
-                    }
-                  ]
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_workbookContentId1')]",
-        "contentKind": "Workbook",
-        "displayName": "[parameters('workbook1-name')]",
-        "contentProductId": "[variables('_workbookcontentProductId1')]",
-        "id": "[variables('_workbookcontentProductId1')]",
-        "version": "[variables('workbookVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('workbookTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoNetworkThreatWorkbook Workbook with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('workbookVersion2')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.Insights/workbooks",
-              "name": "[variables('workbookContentId2')]",
-              "location": "[parameters('workspace-location')]",
-              "kind": "shared",
-              "apiVersion": "2021-08-01",
-              "metadata": {
-                "description": "Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events."
-              },
-              "properties": {
-                "displayName": "[parameters('workbook2-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Palo Alto network threat\\n\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"query\":\"\",\"parameters\":[{\"id\":\"d0ccb5c6-8a07-4b7e-9abf-38fa4dcc0baf\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":43200000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT' and DeviceEventClassID != 'url' and DeviceEventClassID != 'file';\\r\\ndata\\r\\n| summarize Count = count() by DeviceEventClassID\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeviceEventClassID)\\r\\n on DeviceEventClassID\\r\\n| project-away DeviceEventClassID1, TimeGenerated\\r\\n| extend DeviceEventClassIDs = DeviceEventClassID\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend DeviceEventClassID = 'All', DeviceEventClassIDs = '*' \\r\\n)\\r\\n| project DeviceEventClassID, Count, Trend\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":3,\"exportFieldName\":\"DeviceEventClassID\",\"exportParameterName\":\"SelectedSubtype\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Threats, by subtypes\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DeviceEventClassID\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blueDark\",\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Threats by subtypes\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where DeviceEventClassID =~'wildfire';\\r\\ndata\\r\\n| summarize Count = count() by DeviceCustomString2\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeviceCustomString2)\\r\\n on DeviceCustomString2\\r\\n| project-away DeviceCustomString21, TimeGenerated\\r\\n| extend DeviceCustomString2s = DeviceCustomString2\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend DeviceCustomString2 = 'All', DeviceCustomString2s = '*' \\r\\n)\\r\\n| project DeviceCustomString2, Count, Trend\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":3,\"exportFieldName\":\"DeviceCustomString2\",\"exportParameterName\":\"SelectedWildfire\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"WildFire verdicts\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DeviceCustomString2\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blueDark\",\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"WildFire verdicts\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT' and LogSeverity != 'url' and LogSeverity != 'file';\\r\\ndata\\r\\n| summarize Count = count() by LogSeverity\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by LogSeverity)\\r\\n on LogSeverity\\r\\n| project-away LogSeverity1, TimeGenerated\\r\\n| extend LogSeveritys = LogSeverity\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend LogSeverity = 'All', LogSeveritys = '*' \\r\\n)\\r\\n| project LogSeverity, Count, Trend\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":3,\"exportFieldName\":\"LogSeverity\",\"exportParameterName\":\"SelectedSeverity\",\"exportDefaultValue\":\"All\",\"exportToExcelOptions\":\"visible\",\"title\":\"Threats severity\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Count\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"lightBlue\",\"showIcon\":true}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"LogSeverity\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blueDark\",\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Threats severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT' and DeviceEventClassID != 'url' and DeviceEventClassID != 'file'\\r\\n| where '{SelectedSubtype}' == \\\"All\\\" or '{SelectedSubtype}'==DeviceEventClassID\\r\\n| where '{SelectedWildfire}' == \\\"All\\\" or '{SelectedWildfire}'==DeviceCustomString2\\r\\n| where '{SelectedSeverity}' == \\\"All\\\" or '{SelectedSeverity}'==LogSeverity\\r\\n| summarize count() by bin(TimeGenerated, 1h), DeviceEventClassID\\r\\n| render timechart\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Threat subtypes over time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"37.5\",\"name\":\"Threat subtypes over time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT' and DeviceEventClassID != 'url' and DeviceEventClassID != 'file'\\r\\n| where '{SelectedSubtype}' == \\\"All\\\" or '{SelectedSubtype}'==DeviceEventClassID\\r\\n| where '{SelectedWildfire}' == \\\"All\\\" or '{SelectedWildfire}'==DeviceCustomString2\\r\\n| where '{SelectedSeverity}' == \\\"All\\\" or '{SelectedSeverity}'==LogSeverity\\r\\n| summarize count() by bin(TimeGenerated, 1h), LogSeverity\\r\\n| render timechart\\r\\n\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Threat severity over time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"37.5\",\"name\":\"Threat severity over time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let data = CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT' and DeviceEventClassID != 'url' and DeviceEventClassID != 'file'\\r\\n| where '{SelectedSubtype}' == \\\"All\\\" or '{SelectedSubtype}'==DeviceEventClassID\\r\\n| where '{SelectedWildfire}' == \\\"All\\\" or '{SelectedWildfire}'==DeviceCustomString2\\r\\n| where '{SelectedSeverity}' == \\\"All\\\" or '{SelectedSeverity}'==LogSeverity;\\r\\ndata\\r\\n| summarize Count = count() by ApplicationProtocol\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ApplicationProtocol)\\r\\n on ApplicationProtocol\\r\\n| project-away ApplicationProtocol1, TimeGenerated\\r\\n| extend ApplicationProtocols = ApplicationProtocol\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count() \\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend ApplicationProtocol = 'All', ApplicationProtocols = '*' \\r\\n)\\r\\n| project ApplicationProtocol, Count, Trend\\r\\n| order by Count desc\\r\\n| take 10\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Threats, by application\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"showIcon\":true}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blueDark\",\"showIcon\":true}},\"showBorder\":false}},\"customWidth\":\"25\",\"name\":\"Threats by application\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where Activity =~ 'THREAT'\\r\\n| where '{SelectedSubtype}' == \\\"All\\\" or '{SelectedSubtype}'==DeviceEventClassID\\r\\n| where '{SelectedWildfire}' == \\\"All\\\" or '{SelectedWildfire}'==DeviceCustomString2\\r\\n| where '{SelectedSeverity}' == \\\"All\\\" or '{SelectedSeverity}'==LogSeverity\\r\\n| project TimeGenerated, ReceiptTime, LogSeverity, DeviceAction, ['URL Category'] =DeviceCustomString2, DestinationPort, DestinationIP, Message, SourcePort, SourceIP, DestinationUserID, RequestURL\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Threat events\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"filter\":true}},\"name\":\"All Threat Events\"},{\"type\":1,\"content\":{\"json\":\"---\"},\"name\":\"text - 11\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| where DeviceEventClassID =~ 'vulnerability' \\r\\n| extend ThreatId = coalesce(\\r\\n                            column_ifexists(\\\"DeviceEventCategory\\\", \\\"\\\"),\\r\\n                            extract('cat=([^;]+)',1,AdditionalExtensions),\\r\\n                            \\\"\\\"\\r\\n                        )\\r\\n| summarize Amount=count() by ThreatId, LogSeverity\\r\\n| top 20 by Amount\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top vulnerability events\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatId\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"LogSeverity\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Amount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}],\"filter\":true}},\"customWidth\":\"50\",\"name\":\"Top vulnerability events\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n| search DeviceEventClassID:'*virus*'\\r\\n| summarize Amount=count() by RequestURL, DeviceEventClassID, DestinationIP, SourceIP, ApplicationProtocol\\r\\n| top 20 by Amount\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Virus and malware events\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"RequestURL\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"DeviceEventClassID\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"DestinationIP\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"SourceIP\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ApplicationProtocol\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Amount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}},{\"columnMatch\":\"SourceUserID\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}],\"filter\":true}},\"customWidth\":\"50\",\"name\":\"Virus and malware events\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"CommonSecurityLog\\r\\n| where DeviceProduct has 'PAN-OS'\\r\\n| where DeviceVendor =~ 'Palo Alto Networks'\\r\\n//| where DeviceEventClassID =~ 'correlation' \\r\\n| extend ThreatId = coalesce(\\r\\n                            column_ifexists(\\\"DeviceEventCategory\\\", \\\"\\\"),\\r\\n                            extract('cat=([^;]+)',1,AdditionalExtensions),\\r\\n                            \\\"\\\"\\r\\n                        )\\r\\n| extend ThreatCategory = extract('PanOSThreatCategory=([^;]+)',1, AdditionalExtensions)\\r\\n| summarize Amount=count() by ThreatId, ThreatCategory, LogSeverity\\r\\n| top 20 by Amount\",\"size\":0,\"exportToExcelOptions\":\"visible\",\"title\":\"Top correlation events\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatId\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"ThreatCategory\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"LogSeverity\",\"formatter\":0,\"formatOptions\":{\"showIcon\":true}},{\"columnMatch\":\"Amount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"coldHot\",\"showIcon\":true}}]}},\"name\":\"Top correlation events\"}],\"fromTemplateId\":\"sentinel-PaloAltoNetworkThreat\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
-                "version": "1.0",
-                "sourceId": "[variables('workspaceResourceId')]",
-                "category": "sentinel"
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId2'),'/'))))]",
-              "properties": {
-                "description": "@{workbookKey=PaloAltoNetworkThreatWorkbook; logoFileName=paloalto_logo.svg; description=Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.1.0; title=Palo Alto Network Threat; templateRelativePath=PaloAltoNetworkThreat.json; subtitle=; provider=Palo Alto Networks}.description",
-                "parentId": "[variables('workbookId2')]",
-                "contentId": "[variables('_workbookContentId2')]",
-                "kind": "Workbook",
-                "version": "[variables('workbookVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAlto-PAN-OS",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                },
-                "dependencies": {
-                  "operator": "AND",
-                  "criteria": [
-                    {
-                      "contentId": "CommonSecurityLog",
-                      "kind": "DataType"
-                    },
-                    {
-                      "contentId": "PaloAltoNetworks",
-                      "kind": "DataConnector"
-                    }
-                  ]
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_workbookContentId2')]",
-        "contentKind": "Workbook",
-        "displayName": "[parameters('workbook2-name')]",
-        "contentProductId": "[variables('_workbookcontentProductId2')]",
-        "id": "[variables('_workbookcontentProductId2')]",
-        "version": "[variables('workbookVersion2')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAlto-UnusualThreatSignatures_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId1')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "Identifies Palo Alto Threat signatures from unusual IP addresses which are not historically seen. \nThis detection is also leveraged and required for MDE and PAN Fusion scenario\nhttps://docs.microsoft.com/Azure/sentinel/fusion-scenario-reference#network-request-to-tor-anonymization-service-followed-by-anomalous-traffic-flagged-by-palo-alto-networks-firewall",
-                "displayName": "Palo Alto Threat signatures from Unusual IP addresses",
-                "enabled": false,
-                "query": "let starttime = 7d;\nlet endtime = 1d;\nlet timeframe = 1h;\nlet HistThreshold = 25; \nlet CurrThreshold = 10; \nlet HistoricalThreats = CommonSecurityLog\n| where isnotempty(SourceIP)\n| where TimeGenerated between (startofday(ago(starttime))..startofday(ago(endtime)))\n| where DeviceVendor =~ \"Palo Alto Networks\"\n| where Activity =~ \"THREAT\" and SimplifiedDeviceAction =~ \"alert\" \n| where DeviceEventClassID in ('spyware', 'scan', 'file', 'vulnerability', 'flood', 'packet', 'virus','wildfire', 'wildfire-virus')\n| summarize TotalEvents = count(), ThreatTypes = make_set(DeviceEventClassID), DestinationIpList = make_set(DestinationIP), FirstSeen = min(TimeGenerated) , LastSeen = max(TimeGenerated) by SourceIP, DeviceAction, DeviceVendor;\nlet CurrentHourThreats =  CommonSecurityLog\n| where isnotempty(SourceIP)\n| where TimeGenerated > ago(timeframe)\n| where DeviceVendor =~ \"Palo Alto Networks\"\n| where Activity =~ \"THREAT\" and SimplifiedDeviceAction =~ \"alert\" \n| where DeviceEventClassID in ('spyware', 'scan', 'file', 'vulnerability', 'flood', 'packet', 'virus','wildfire', 'wildfire-virus')\n| summarize TotalEvents = count(), ThreatTypes = make_set(DeviceEventClassID), DestinationIpList = make_set(DestinationIP), FirstSeen = min(TimeGenerated) , LastSeen = max(TimeGenerated) by SourceIP, DeviceAction, DeviceProduct, DeviceVendor;\nCurrentHourThreats \n| where TotalEvents < CurrThreshold\n| join kind = leftanti (HistoricalThreats \n| where TotalEvents > HistThreshold) on SourceIP\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "P7D",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "connectorId": "PaloAltoNetworks",
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ]
-                  },
-                  {
-                    "connectorId": "PaloAltoNetworksAma",
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ]
-                  }
-                ],
-                "tactics": [
-                  "Discovery",
-                  "Exfiltration",
-                  "CommandAndControl"
-                ],
-                "techniques": [
-                  "T1046",
-                  "T1030",
-                  "T1071"
-                ],
-                "entityMappings": [
-                  {
-                    "entityType": "IP",
-                    "fieldMappings": [
-                      {
-                        "identifier": "Address",
-                        "columnName": "SourceIP"
-                      }
-                    ]
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]",
-              "properties": {
-                "description": "PaloAlto-PAN-OS Analytics Rule 1",
-                "parentId": "[variables('analyticRuleId1')]",
-                "contentId": "[variables('_analyticRulecontentId1')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAlto-PAN-OS",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId1')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Palo Alto Threat signatures from Unusual IP addresses",
-        "contentProductId": "[variables('_analyticRulecontentProductId1')]",
-        "id": "[variables('_analyticRulecontentProductId1')]",
-        "version": "[variables('analyticRuleVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "FileHashEntity_Covid19_CommonSecurityLog_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion2')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId2')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "Identifies a match in CommonSecurityLog Event data from any FileHash published in the Microsoft COVID-19 Threat Intel Feed - as described at https://www.microsoft.com/security/blog/2020/05/14/open-sourcing-covid-threat-intelligence/",
-                "displayName": "Microsoft COVID-19 file hash indicator matches",
-                "enabled": false,
-                "query": "let dt_lookBack = 1h;\nlet covidIndicators = (externaldata(TimeGenerated:datetime, FileHashValue:string, FileHashType: string, TlpLevel: string, Product: string, ThreatType: string, Description: string )\n[@\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/Microsoft.Covid19.Indicators.csv\"] with (format=\"csv\"));\nlet fileHashIndicators = covidIndicators\n| where isnotempty(FileHashValue);\n// Handle matches against both lower case and uppercase versions of the hash:\n(fileHashIndicators | extend FileHashValue = tolower(FileHashValue)\n| union (fileHashIndicators | extend FileHashValue = toupper(FileHashValue)))\n// using innerunique to keep perf fast and result set low, we only need one match to indicate potential malicious activity that needs to be investigated\n|  join kind=innerunique (\n   CommonSecurityLog | where TimeGenerated >= ago(dt_lookBack)\n   | where isnotempty(FileHash)\n   | extend CommonSecurityLog_TimeGenerated = TimeGenerated\n   )\non $left.FileHashValue == $right.FileHash\n| summarize CommonSecurityLog_TimeGenerated = arg_max(CommonSecurityLog_TimeGenerated, *) by FileHashValue\n| project CommonSecurityLog_TimeGenerated, FileHashValue, FileHashType, Description, ThreatType,\nSourceIP, SourcePort, DestinationIP, DestinationPort, SourceUserID, SourceUserName, DeviceName, DeviceAction,\nRequestURL, DestinationUserName, DestinationUserID, ApplicationProtocol, Activity\n| extend timestamp = CommonSecurityLog_TimeGenerated, IPCustomEntity = SourceIP, HostCustomEntity = DeviceName, AccountCustomEntity = SourceUserName\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "P14D",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "connectorId": "PaloAltoNetworks",
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ]
-                  },
-                  {
-                    "connectorId": "PaloAltoNetworksAma",
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ]
-                  }
-                ],
-                "tactics": [
-                  "Impact"
-                ],
-                "entityMappings": [
-                  {
-                    "entityType": "Account",
-                    "fieldMappings": [
-                      {
-                        "identifier": "FullName",
-                        "columnName": "AccountCustomEntity"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "Host",
-                    "fieldMappings": [
-                      {
-                        "identifier": "FullName",
-                        "columnName": "HostCustomEntity"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "IP",
-                    "fieldMappings": [
-                      {
-                        "identifier": "Address",
-                        "columnName": "IPCustomEntity"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "FileHash",
-                    "fieldMappings": [
-                      {
-                        "identifier": "Value",
-                        "columnName": "FileHashValue"
-                      },
-                      {
-                        "identifier": "Algorithm",
-                        "columnName": "FileHashType"
-                      }
-                    ]
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId2'),'/'))))]",
-              "properties": {
-                "description": "PaloAlto-PAN-OS Analytics Rule 2",
-                "parentId": "[variables('analyticRuleId2')]",
-                "contentId": "[variables('_analyticRulecontentId2')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAlto-PAN-OS",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId2')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Microsoft COVID-19 file hash indicator matches",
-        "contentProductId": "[variables('_analyticRulecontentProductId2')]",
-        "id": "[variables('_analyticRulecontentProductId2')]",
-        "version": "[variables('analyticRuleVersion2')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName3')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAlto-NetworkBeaconing_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion3')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId3')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "Identifies beaconing patterns from Palo Alto Network traffic logs based on recurrent timedelta patterns.\nThe query leverages various KQL functions to calculate time deltas and then compares it with total events observed in a day to find percentage of beaconing.\nThis outbound beaconing pattern to untrusted public networks should be investigated for any malware callbacks or data exfiltration attempts.\nReference Blog:\nhttp://www.austintaylor.io/detect/beaconing/intrusion/detection/system/command/control/flare/elastic/stack/2017/06/10/detect-beaconing-with-flare-elasticsearch-and-intrusion-detection-systems/\nhttps://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/detect-network-beaconing-via-intra-request-time-delta-patterns/ba-p/779586",
-                "displayName": "Palo Alto - potential beaconing detected",
-                "enabled": false,
-                "query": "let starttime = 2d;\nlet endtime = 1d;\nlet TimeDeltaThreshold = 25;\nlet TotalEventsThreshold = 30;\nlet MostFrequentTimeDeltaThreshold = 25;\nlet PercentBeaconThreshold = 80;\nCommonSecurityLog\n| where DeviceVendor == \"Palo Alto Networks\" and Activity == \"TRAFFIC\"\n| where TimeGenerated between (startofday(ago(starttime))..startofday(ago(endtime)))\n| where ipv4_is_private(DestinationIP)== false\n| project TimeGenerated, DeviceName, SourceUserID, SourceIP, SourcePort, DestinationIP, DestinationPort, ReceivedBytes, SentBytes\n| sort by SourceIP asc,TimeGenerated asc, DestinationIP asc, DestinationPort asc\n| serialize\n| extend nextTimeGenerated = next(TimeGenerated, 1), nextSourceIP = next(SourceIP, 1)\n| extend TimeDeltainSeconds = datetime_diff('second',nextTimeGenerated,TimeGenerated)\n| where SourceIP == nextSourceIP\n//Whitelisting criteria/ threshold criteria\n| where TimeDeltainSeconds > TimeDeltaThreshold\n| summarize count(), sum(ReceivedBytes), sum(SentBytes)\nby TimeDeltainSeconds, bin(TimeGenerated, 1h), DeviceName, SourceUserID, SourceIP, DestinationIP, DestinationPort\n| summarize (MostFrequentTimeDeltaCount, MostFrequentTimeDeltainSeconds) = arg_max(count_, TimeDeltainSeconds), TotalEvents=sum(count_), TotalSentBytes = sum(sum_SentBytes), TotalReceivedBytes = sum(sum_ReceivedBytes)\nby bin(TimeGenerated, 1h), DeviceName, SourceUserID, SourceIP, DestinationIP, DestinationPort\n| where TotalEvents > TotalEventsThreshold and MostFrequentTimeDeltaCount > MostFrequentTimeDeltaThreshold\n| extend BeaconPercent = MostFrequentTimeDeltaCount/toreal(TotalEvents) * 100\n| where BeaconPercent > PercentBeaconThreshold\n| extend timestamp = TimeGenerated, IPCustomEntity = DestinationIP, AccountCustomEntity = SourceUserID, HostCustomEntity = DeviceName\n",
-                "queryFrequency": "P1D",
-                "queryPeriod": "P2D",
-                "severity": "Low",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "connectorId": "PaloAltoNetworks",
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ]
-                  },
-                  {
-                    "connectorId": "PaloAltoNetworksAma",
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ]
-                  }
-                ],
-                "tactics": [
-                  "CommandAndControl"
-                ],
-                "techniques": [
-                  "T1071",
-                  "T1571"
-                ],
-                "entityMappings": [
-                  {
-                    "entityType": "Account",
-                    "fieldMappings": [
-                      {
-                        "identifier": "FullName",
-                        "columnName": "AccountCustomEntity"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "Host",
-                    "fieldMappings": [
-                      {
-                        "identifier": "FullName",
-                        "columnName": "HostCustomEntity"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "IP",
-                    "fieldMappings": [
-                      {
-                        "identifier": "Address",
-                        "columnName": "IPCustomEntity"
-                      }
-                    ]
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId3'),'/'))))]",
-              "properties": {
-                "description": "PaloAlto-PAN-OS Analytics Rule 3",
-                "parentId": "[variables('analyticRuleId3')]",
-                "contentId": "[variables('_analyticRulecontentId3')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion3')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAlto-PAN-OS",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId3')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Palo Alto - potential beaconing detected",
-        "contentProductId": "[variables('_analyticRulecontentProductId3')]",
-        "id": "[variables('_analyticRulecontentProductId3')]",
-        "version": "[variables('analyticRuleVersion3')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName4')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAlto-PortScanning_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion4')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId4')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "Identifies a list of internal Source IPs (10.x.x.x Hosts) that have triggered 10 or more non-graceful tcp server resets from one or more Destination IPs which\nresults in an \"ApplicationProtocol = incomplete\" designation. The server resets coupled with an \"Incomplete\" ApplicationProtocol designation can be an indication\nof internal to external port scanning or probing attack.\nReferences: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClUvCAK and\nhttps://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTaCAK",
-                "displayName": "Palo Alto - possible internal to external port scanning",
-                "enabled": false,
-                "query": "CommonSecurityLog\n| where isnotempty(DestinationPort) and DeviceAction !in (\"reset-both\", \"deny\")\n// filter out common usage ports. Add ports that are legitimate for your environment\n| where DestinationPort !in (\"443\", \"53\", \"389\", \"80\", \"0\", \"880\", \"8888\", \"8080\")\n| where ApplicationProtocol == \"incomplete\"\n// filter out IANA ephemeral or negotiated ports as per https://en.wikipedia.org/wiki/Ephemeral_port\n| where DestinationPort !between (toint(49512) .. toint(65535))\n| where Computer != \"\"\n| where DestinationIP !startswith \"10.\"\n| extend Reason = coalesce(\n                              column_ifexists(\"Reason\", \"\"),\n                              extract(\"reason=(.+?)(;|$)\", 1, AdditionalExtensions),\n                              \"\"\n                          )\n// Filter out any graceful reset reasons of AGED OUT which occurs when a TCP session closes with a FIN due to aging out.\n| where Reason !has \"aged-out\"\n// Filter out any TCP FIN which occurs when a TCP FIN is used to gracefully close half or both sides of a connection.\n| where Reason !has \"tcp-fin\"\n// Uncomment one of the following where clauses to trigger on specific TCP reset reasons\n// See Palo Alto article for details - https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClUvCAK\n// TCP RST-server - Occurs when the server sends a TCP reset to the client\n// | where AdditionalExtensions has \"reason=tcp-rst-from-server\"\n// TCP RST-client - Occurs when the client sends a TCP reset to the server\n// | where AdditionalExtensions has \"reason=tcp-rst-from-client\"\n// Already performed\n//| extend reason = tostring(split(AdditionalExtensions, \";\")[3])\n| summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), count() by DeviceName, SourceUserID, SourceIP, ApplicationProtocol, Reason, DestinationPort, Protocol, DeviceVendor, DeviceProduct, DeviceAction, DestinationIP\n| where count_ >= 10\n| summarize StartTimeUtc = min(StartTimeUtc), EndTimeUtc = max(EndTimeUtc), makeset(DestinationIP), totalcount = sum(count_) by DeviceName, SourceUserID, SourceIP, ApplicationProtocol, Reason, DestinationPort, Protocol, DeviceVendor, DeviceProduct, DeviceAction\n| extend timestamp = StartTimeUtc, IPCustomEntity = SourceIP, AccountCustomEntity = SourceUserID, HostCustomEntity = DeviceName\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "Low",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "connectorId": "PaloAltoNetworks",
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ]
-                  },
-                  {
-                    "connectorId": "PaloAltoNetworksAma",
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ]
-                  }
-                ],
-                "tactics": [
-                  "Discovery"
-                ],
-                "techniques": [
-                  "T1046"
-                ],
-                "entityMappings": [
-                  {
-                    "entityType": "Account",
-                    "fieldMappings": [
-                      {
-                        "identifier": "FullName",
-                        "columnName": "AccountCustomEntity"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "Host",
-                    "fieldMappings": [
-                      {
-                        "identifier": "FullName",
-                        "columnName": "HostCustomEntity"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "IP",
-                    "fieldMappings": [
-                      {
-                        "identifier": "Address",
-                        "columnName": "IPCustomEntity"
-                      }
-                    ]
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId4'),'/'))))]",
-              "properties": {
-                "description": "PaloAlto-PAN-OS Analytics Rule 4",
-                "parentId": "[variables('analyticRuleId4')]",
-                "contentId": "[variables('_analyticRulecontentId4')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion4')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAlto-PAN-OS",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId4')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Palo Alto - possible internal to external port scanning",
-        "contentProductId": "[variables('_analyticRulecontentProductId4')]",
-        "id": "[variables('_analyticRulecontentProductId4')]",
-        "version": "[variables('analyticRuleVersion4')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAlto-HighRiskPorts_HuntingQueries Hunting Query with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2022-10-01",
-              "name": "PaloAlto-PAN-OS_Hunting_Query_1",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "eTag": "*",
-                "displayName": "Palo Alto - high-risk ports",
-                "category": "Hunting Queries",
-                "query": "\nlet HighRiskPorts = datatable (Port:int, Protocol:string, RiskType:string, RiskDescription:string)[\n13,\"udp\",\"3rd Party Attacks\",\"Daytime protocol used in reflection/amplification attacks\",\n17,\"udp\",\"3rd Party Attacks\",\"QOTD protocol, reflection/amplification attacks\",\n19,\"udp\",\"3rd Party Attacks\",\"Chargen protocol, reflection/amplification attacks\",\n20,\"tcp\",\"Unencrypted\",\"Unencrypted FTP Traffic\",\n21,\"tcp\",\"Unencrypted\",\"Unencrypted FTP Traffic\",\n22,\"tcp\",\"Management\",\"SSH, brute force attacks common\",\n23,\"tcp\",\"Management\",\"Telnet, allows unauthenticated and/or unencrypted\",\n53,\"udp\",\"3rd Party Attacks\",\"DNS, reflection/amplification attacks\",\n69,\"udp\",\"Management\",\"TFTP, allows unauthenticated and/or unencrypted\",\n111,\"udp\",\"Management\",\"RPC, unencrypted authentication allowed\",\n111,\"tcp\",\"Management\",\"RPC, unencrypted authentication allowed\",\n119,\"tcp\",\"Unsecure\",\"NNTP, unencrypted authentication\",\n123,\"udp\",\"3rd Party Attacks\",\"Network Time Protocol, reflection/amplification attacks\",\n135,\"tcp\",\"Management\",\"End Point Mapper, multiple remote management srvcs\",\n135,\"udp\",\"Management\",\"End Point Mapper, multiple remote management srvcs\",\n137,\"tcp\",\"Hacker Recon\",\"Netbios Name Service\",\n137,\"udp\",\"Hacker Recon\",\"Netbios Name Service\",\n138,\"tcp\",\"Hacker Recon\",\"Netbios Datagram Service\",\n138,\"udp\",\"Hacker Recon\",\"Netbios Datagram Service\",\n139,\"tcp\",\"Hacker Recon\",\"Netbios Session Service\",\n161,\"tcp\",\"Unsecure/3rd Party Attacks\",\"SNMP, unsecure / no authentication UDP Reflection attacks\",\n161,\"udp\",\"Unsecure/3rd Party Attacks\",\"SNMP, unsecure / no authentication UDP Reflection attacks\",\n162,\"tcp\",\"Unsecure\",\"SNMP Trap, unsecure / no authentication\",\n162,\"udp\",\"Unsecure\",\"SNMP Trap, unsecure / no authentication\",\n389,\"tcp\",\"Hacker Recon/3rd Party Attacks\",\"LDAP/CLDAP\",\n389,\"udp\",\"Hacker Recon/3rd Party Attacks\",\"LDAP/CLDAP\",\n443,\"udp\",\"3rd Party Attacks\",\"UDP Reflection / Amplification attacks\",\n445,\"tcp\",\"Unsecure\",\"SMB - well known attack vector\",\n512,\"tcp\",\"Management\",\"Rexec on Linux, remote commands w/o encrypt auth\",\n514,\"tcp\",\"Management\",\"Remote Shell, remote commands w/o auth or encrypt\",\n593,\"tcp\",\"Management\",\"HTTP RPC EPMAP, unencrypted remote procedure call\",\n593,\"udp\",\"Management\",\"HTTP RPC EPMAP, unencrypted remote procedure call\",\n636,\"tcp\",\"Hacker Recon\",\"Lightweight Directory Access Protocol\",\n873,\"tcp\",\"Management\",\"Rsync, unencrypted file transfer\",\n1433,\"tcp\",\"Data Access/Mgmt\",\"MS SQL Management & Data Access\",\n1434,\"udp\",\"Data Access/Mgmt\",\"MS SQL Monitor Port\",\n1900,\"udp\",\"Hacker Recon/3rd Party Attacks\",\"Simple Service Discovery Protocol, unencrypted\",\n2049,\"tcp\",\"Unsecure\",\"Network File System\",\n2049,\"udp\",\"Unsecure\",\"Network File System\",\n2301,\"tcp\",\"Hacker Recon\",\"Compaq Management Service, no recent incidents\",\n2381,\"tcp\",\"Management\",\"Compaq Management Service, no recent incidents\",\n3268,\"tcp\",\"Hacker Recon\",\"Microsoft Global Catalog LDAP\",\n3306,\"tcp\",\"Data Access/Mgmt\",\"MySQL Database Management Port\",\n3389,\"tcp\",\"Management/3rd Party Attacks\",\"RDP, Common brute force attack port\",\n3389,\"udp\",\"Management/3rd Party Attacks\",\"RDP, Common brute force attack port\",\n4333,\"tcp\",\"Data Access/Mgmt\",\"MSql\",\n5353,\"udp\",\"3rd Party Attacks\",\"mDNS\",\n5432,\"tcp\",\"Data Access/Mgmt\",\"PostgresSQL Database Management\",\n5800,\"tcp\",\"Management\",\"VNC Remote Frame Buffer over HTTP\",\n5900,\"tcp\",\"Management\",\"VNC Remote Frame Buffer over HTTP\",\n5985,\"tcp\",\"Management\",\"Windows Powershell\",\n5986,\"tcp\",\"Management\",\"Windows Powershell\",\n6379,\"tcp\",\"Data Access/Mgmt\",\"Redis\",\n7000,\"tcp\",\"Data Access/Mgmt\",\"Cassandra\",\n7001,\"tcp\",\"Data Access/Mgmt\",\"Cassandra\",\n7199,\"tcp\",\"Data Access/Mgmt\",\"Cassandra\",\n9042,\"tcp\",\"Data Access/Mgmt\",\"Cassandra\",\n9160,\"tcp\",\"Data Access/Mgmt\",\"Cassandra\",\n9200,\"tcp\",\"Data Access/Mgmt\",\"Elastic Search\",\n9300,\"tcp\",\"Data Access/Mgmt\",\"Elastic Search\",\n9987,\"udp\",\"3rd Party Attack\",\"DSM/SCM Target Interface\",\n11211,\"udp\",\"Unencrypted\",\"Memcached\",\n16379,\"tcp\",\"Data Access/Mgmt\",\"Redis\",\n26379,\"tcp\",\"Data Access/Mgmt\",\"Redis\",\n27017,\"tcp\",\"Data Access/Mgmt\",\"MongoDB\",\n];\nHighRiskPorts\n| join kind=inner (\n  CommonSecurityLog\n  | where DeviceVendor == \"Palo Alto Networks\" and Activity == \"TRAFFIC\" and DeviceAction != \"deny\"\n  | where SentBytes > 0 and ReceivedBytes > 0\n  //Remove private IP communation from DestinationIP\n  | extend result = ipv4_is_private(DestinationIP) \n  | where result == 0\n  | summarize\n      Count = count(),\n      StartTime = min(TimeGenerated),\n      EndTime = max(TimeGenerated)\n      by \n      DeviceName,\n      SourceIP,\n      DestinationIP,\n      DestinationPort,\n      Protocol\n) on $left.Port == $right.DestinationPort and $left.Protocol == $right.Protocol\n| project-away Protocol1, Port\n| order by DeviceName asc, SourceIP asc, DestinationIP asc, DestinationPort asc\n| extend timestamp = StartTime, IPCustomEntity = SourceIP\n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Identifies network connections whose ports are frequent targets of attacks and should not cross network boundaries or reach untrusted public networks.\nConsider updating the firewall policies to block the connections."
-                  },
-                  {
-                    "name": "tactics",
-                    "value": "InitialAccess,Discovery"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId1'),'/'))))]",
-              "properties": {
-                "description": "PaloAlto-PAN-OS Hunting Query 1",
-                "parentId": "[variables('huntingQueryId1')]",
-                "contentId": "[variables('_huntingQuerycontentId1')]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAlto-PAN-OS",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId1')]",
-        "contentKind": "HuntingQuery",
-        "displayName": "Palo Alto - high-risk ports",
-        "contentProductId": "[variables('_huntingQuerycontentProductId1')]",
-        "id": "[variables('_huntingQuerycontentProductId1')]",
-        "version": "[variables('huntingQueryVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Palo Alto - potential beaconing detected_HuntingQueries Hunting Query with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion2')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2022-10-01",
-              "name": "PaloAlto-PAN-OS_Hunting_Query_2",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "eTag": "*",
-                "displayName": "Palo Alto - potential beaconing detected",
-                "category": "Hunting Queries",
-                "query": "let starttime = 2d;\nlet endtime = 1d;\nlet TimeDeltaThreshold = 25;\nlet TotalEventsThreshold = 30;\nlet MostFrequentTimeDeltaThreshold = 25;\nlet PercentBeaconThreshold = 80;\nCommonSecurityLog\n| where DeviceVendor == \"Palo Alto Networks\" and Activity == \"TRAFFIC\"\n| where TimeGenerated between (startofday(ago(starttime))..startofday(ago(endtime)))\n| where ipv4_is_private(DestinationIP)== false\n| project TimeGenerated, DeviceName, SourceUserID, SourceIP, SourcePort, DestinationIP, DestinationPort, ReceivedBytes, SentBytes\n| sort by SourceIP asc,TimeGenerated asc, DestinationIP asc, DestinationPort asc\n| serialize\n| extend nextTimeGenerated = next(TimeGenerated, 1), nextSourceIP = next(SourceIP, 1)\n| extend TimeDeltainSeconds = datetime_diff('second',nextTimeGenerated,TimeGenerated)\n| where SourceIP == nextSourceIP\n//Whitelisting criteria/ threshold criteria\n| where TimeDeltainSeconds > TimeDeltaThreshold\n| summarize count(), sum(ReceivedBytes), sum(SentBytes)\nby TimeDeltainSeconds, bin(TimeGenerated, 1h), DeviceName, SourceUserID, SourceIP, DestinationIP, DestinationPort\n| summarize (MostFrequentTimeDeltaCount, MostFrequentTimeDeltainSeconds) = arg_max(count_, TimeDeltainSeconds), TotalEvents=sum(count_), TotalSentBytes = sum(sum_SentBytes), TotalReceivedBytes = sum(sum_ReceivedBytes)\nby bin(TimeGenerated, 1h), DeviceName, SourceUserID, SourceIP, DestinationIP, DestinationPort\n| where TotalEvents > TotalEventsThreshold and MostFrequentTimeDeltaCount > MostFrequentTimeDeltaThreshold\n| extend BeaconPercent = MostFrequentTimeDeltaCount/toreal(TotalEvents) * 100\n| where BeaconPercent > PercentBeaconThreshold\n| extend timestamp = TimeGenerated, IPCustomEntity = DestinationIP, AccountCustomEntity = SourceUserID, HostCustomEntity = DeviceName\n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Identifies beaconing patterns from Palo Alto Network traffic logs based on recurrent timedelta patterns.\nThe query leverages various KQL functions to calculate time deltas and then compares it with total events observed in a day to find percentage of beaconing.\nThis outbound beaconing pattern to untrusted public networks should be investigated for any malware callbacks or data exfiltration attempts.\nReference Blog:\nhttp://www.austintaylor.io/detect/beaconing/intrusion/detection/system/command/control/flare/elastic/stack/2017/06/10/detect-beaconing-with-flare-elasticsearch-and-intrusion-detection-systems/\nhttps://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/detect-network-beaconing-via-intra-request-time-delta-patterns/ba-p/779586"
-                  },
-                  {
-                    "name": "tactics",
-                    "value": "CommandAndControl"
-                  },
-                  {
-                    "name": "techniques",
-                    "value": "T1071,T1571"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId2'),'/'))))]",
-              "properties": {
-                "description": "PaloAlto-PAN-OS Hunting Query 2",
-                "parentId": "[variables('huntingQueryId2')]",
-                "contentId": "[variables('_huntingQuerycontentId2')]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAlto-PAN-OS",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId2')]",
-        "contentKind": "HuntingQuery",
-        "displayName": "Palo Alto - potential beaconing detected",
-        "contentProductId": "[variables('_huntingQuerycontentProductId2')]",
-        "id": "[variables('_huntingQuerycontentProductId2')]",
-        "version": "[variables('huntingQueryVersion2')]"
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
       "apiVersion": "2023-04-01-preview",
@@ -9894,7 +9491,7 @@
         "contentSchemaVersion": "3.0.0",
         "displayName": "PaloAlto-PAN-OS",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://www.paloaltonetworks.com/network-security/next-generation-firewall\">Palo Alto Networks (Firewall)</a> Solution for Microsoft Sentinel allows you to easily connect your Palo Alto Networks Firewall logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities. This solution also contains playbooks to help in automated remediation.</p>\n<ol>\n<li><p><strong>PaloAlto-PAN-OS via AMA</strong> - This data connector helps in ingesting PaloAlto-PAN-OS logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent <a href=\"https://learn.microsoft.com/azure/sentinel/connect-cef-ama\">here</a>. <strong>Microsoft recommends using this Data Connector</strong>.</p>\n</li>\n<li><p><strong>PaloAlto-PAN-OS via Legacy Agent</strong> - This data connector helps in ingesting PaloAlto-PAN-OS logs into your Log Analytics Workspace using the legacy Log Analytics agent.</p>\n</li>\n</ol>\n<p><strong>NOTE:</strong> Microsoft recommends installation of PaloAlto-PAN-OS via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024,</strong> and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 4, <strong>Hunting Queries:</strong> 2, <strong>Custom Azure Logic Apps Connectors:</strong> 2, <strong>Playbooks:</strong> 7</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://www.paloaltonetworks.com/network-security/next-generation-firewall\">Palo Alto Networks (Firewall)</a> Solution for Microsoft Sentinel allows you to easily connect your Palo Alto Networks Firewall logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities. This solution also contains playbooks to help in automated remediation.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/sentinel/connect-common-event-format\">Agent-based log collection (CEF over Syslog)</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 4, <strong>Hunting Queries:</strong> 2, <strong>Custom Azure Logic Apps Connectors:</strong> 2, <strong>Playbooks:</strong> 7</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -9925,54 +9522,14 @@
               "version": "[variables('dataConnectorVersion1')]"
             },
             {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId2')]",
-              "version": "[variables('dataConnectorVersion2')]"
+              "kind": "HuntingQuery",
+              "contentId": "[variables('_huntingQuerycontentId1')]",
+              "version": "[variables('huntingQueryVersion1')]"
             },
             {
-              "kind": "LogicAppsCustomConnector",
-              "contentId": "[variables('_PaloAlto_PAN-OS_Rest_API_CustomConnector')]",
-              "version": "[variables('playbookVersion1')]"
-            },
-            {
-              "kind": "LogicAppsCustomConnector",
-              "contentId": "[variables('_PaloAlto_PAN-OS_XML_API_CustomConnector')]",
-              "version": "[variables('playbookVersion2')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_PaloAlto-PAN-OS-BlockIP-EntityTrigger')]",
-              "version": "[variables('playbookVersion3')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_PaloAlto-PAN-OS-BlockIP')]",
-              "version": "[variables('playbookVersion4')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_PaloAlto-PAN-OS-BlockURL-EntityTrigger')]",
-              "version": "[variables('playbookVersion5')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_PaloAlto-PAN-OS-BlockURL')]",
-              "version": "[variables('playbookVersion6')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_PaloAlto-PAN-OS-GetSystemInfo')]",
-              "version": "[variables('playbookVersion7')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_PaloAlto-PAN-OS-GetThreatPCAP')]",
-              "version": "[variables('playbookVersion8')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_PaloAlto-PAN-OS-GetURLCategoryInfo')]",
-              "version": "[variables('playbookVersion9')]"
+              "kind": "HuntingQuery",
+              "contentId": "[variables('_huntingQuerycontentId2')]",
+              "version": "[variables('huntingQueryVersion2')]"
             },
             {
               "kind": "Workbook",
@@ -10005,14 +9562,49 @@
               "version": "[variables('analyticRuleVersion4')]"
             },
             {
-              "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId1')]",
-              "version": "[variables('huntingQueryVersion1')]"
+              "kind": "LogicAppsCustomConnector",
+              "contentId": "[variables('_PaloAlto_PAN-OS_Rest_API_CustomConnector')]",
+              "version": "[variables('playbookVersion1')]"
             },
             {
-              "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId2')]",
-              "version": "[variables('huntingQueryVersion2')]"
+              "kind": "LogicAppsCustomConnector",
+              "contentId": "[variables('_PaloAlto_PAN-OS_XML_API_CustomConnector')]",
+              "version": "[variables('playbookVersion2')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_PaloAlto-PAN-OS-GetSystemInfo')]",
+              "version": "[variables('playbookVersion3')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_PaloAlto-PAN-OS-GetThreatPCAP')]",
+              "version": "[variables('playbookVersion4')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_PaloAlto-PAN-OS-GetURLCategoryInfo')]",
+              "version": "[variables('playbookVersion5')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_PaloAlto-PAN-OS-BlockIP')]",
+              "version": "[variables('playbookVersion6')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_PaloAlto-PAN-OS-BlockURL')]",
+              "version": "[variables('playbookVersion7')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_PaloAlto-PAN-OS-BlockURL-EntityTrigger')]",
+              "version": "[variables('playbookVersion8')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_PaloAlto-PAN-OS-BlockIP-EntityTrigger')]",
+              "version": "[variables('playbookVersion9')]"
             }
           ]
         },
diff --git a/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockIP-EntityTrigger/azuredeploy.json b/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockIP-EntityTrigger/azuredeploy.json
index 616e266652..efd5b215a0 100644
--- a/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockIP-EntityTrigger/azuredeploy.json
+++ b/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockIP-EntityTrigger/azuredeploy.json
@@ -792,7 +792,7 @@
                             "inputs": {
                                 "body": {
                                     "body": {
-                                        "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on IP's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_IP_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No :   \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident]()\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Azure Sentinal incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Azure Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n{\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
+                                        "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on IP's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_IP_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No :   \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident]()\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Microsoft Sentinel incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Microsoft Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n{\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
                                         "recipient": {
                                             "channelId": "@parameters('Teams channel Id')"
                                         },
diff --git a/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockIP/azuredeploy.json b/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockIP/azuredeploy.json
index 970255a243..82ce4c7933 100644
--- a/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockIP/azuredeploy.json
+++ b/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockIP/azuredeploy.json
@@ -950,7 +950,7 @@
                             "inputs": {
                                 "body": {
                                     "body": {
-                                        "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on IP's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_IP_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No : @{triggerBody()?['object']?['properties']?['incidentNumber']}  \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident](@{triggerBody()?['object']?['properties']?['incidentUrl']})\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Azure Sentinal incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Microsoft Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"@{triggerBody()?['object']?['properties']?['severity']}\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n{\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
+                                        "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on IP's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_IP_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No : @{triggerBody()?['object']?['properties']?['incidentNumber']}  \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident](@{triggerBody()?['object']?['properties']?['incidentUrl']})\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Microsoft Sentinel incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Microsoft Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"@{triggerBody()?['object']?['properties']?['severity']}\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n{\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
                                         "recipient": {
                                             "channelId": "@parameters('Teams channel Id')"
                                         },
diff --git a/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockURL-EntityTrigger/azuredeploy.json b/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockURL-EntityTrigger/azuredeploy.json
index d0730f3617..957445aca8 100644
--- a/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockURL-EntityTrigger/azuredeploy.json
+++ b/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockURL-EntityTrigger/azuredeploy.json
@@ -5,7 +5,7 @@
         "comments": "This playbook uses the PaloAlto connector to take necessary actions on URL address like Block URL/Unblock URL from predefined address group and also gives an option to close the incident.",
         "title": "PaloAlto-PAN-OS-BlockURL-EntityTrigger",
         "description": "This playbook allows blocking/unblocking URLs in PaloAlto, using **predefined address group**. This allows to make changes on predefined address group, which is attached to security policy rule.",
-        "prerequisites": [ "1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key.[Refer this link on how to generate the API Key](https://paloaltolactest.trafficmanager.net/restapi-doc/#tag/key-generation) \n\n 3. Address group should be created for PAN-OS and this should be used while creating playbooks." ],
+        "prerequisites": [ "1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key.[Refer this link on how to generate the API Key](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key) \n\n 3. Address group should be created for PAN-OS and this should be used while creating playbooks." ],
         "lastUpdateTime": "2023-05-30T00:00:00.000Z",
         "entities": [ "Url" ],
 		"prerequisitesDeployTemplateFile": "../../PaloAltoCustomConnector/PaloAlto_PAN-OS_Rest_API_CustomConnector/azuredeploy.json",
@@ -793,7 +793,7 @@
                             "inputs": {
                                 "body": {
                                     "body": {
-                                        "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on URL's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_URL_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No :   \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident]()\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Azure Sentinal incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Microsoft Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n  {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
+                                        "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on URL's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_URL_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No :   \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident]()\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Microsoft Sentinel incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Microsoft Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n  {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
                                         "recipient": {
                                             "channelId": "@parameters('Teams channel Id')"
                                         },
diff --git a/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockURL/azuredeploy.json b/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockURL/azuredeploy.json
index 0e11b178fa..85de002f05 100644
--- a/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockURL/azuredeploy.json
+++ b/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockURL/azuredeploy.json
@@ -952,7 +952,7 @@
                             "inputs": {
                                 "body": {
                                     "body": {
-                                        "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on URL's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_URL_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No : @{triggerBody()?['object']?['properties']?['incidentNumber']}  \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident](@{triggerBody()?['object']?['properties']?['incidentUrl']})\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Azure Sentinal incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Microsoft Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"@{triggerBody()?['object']?['properties']?['severity']}\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n  {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
+                                        "messageBody": "{\n    \"type\": \"AdaptiveCard\",\n    \"body\": [\n        {\n            \"type\": \"TextBlock\",\n           \n            \"weight\": \"Bolder\",\n            \"text\": \"Below is the summary of actions taken on URL's by SOC\",\n            \"wrap\": true\n        },\n    {\n  \"columns\": [\n    {\n      \"items\":@{body('Set_variable_actions_on_URL_to_be_displayed_on_adaptive_card')} ,\n      \"type\": \"Column\",\n      \"wrap\": true\n    }\n  ],\n  \"separator\": \"true\",\n  \"type\": \"ColumnSet\",\n  \"width\": \"stretch\"\n},\n {\n    \"text\": \" Incident No : @{triggerBody()?['object']?['properties']?['incidentNumber']}  \",\n    \"type\": \"TextBlock\",\n    \"weight\": \"Bolder\",\n    \"wrap\": true\n  },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"[Click here to view the Incident](@{triggerBody()?['object']?['properties']?['incidentUrl']})\",\n            \"wrap\": true\n        },\n\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"TextBlock\",\n                            \"size\": \"Medium\",\n                            \"weight\": \"Bolder\",\n                            \"text\": \"Incident configuration :\",\n                            \"wrap\": true\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ColumnSet\",\n            \"columns\": [\n                {\n                    \"type\": \"Column\",\n                    \"items\": [\n                        {\n                            \"type\": \"Image\",\n                            \"style\": \"Person\",\n                            \"url\": \"https://connectoricons-prod.azureedge.net/releases/v1.0.1391/1.0.1391.2130/azuresentinel/icon.png\",\n                            \"size\": \"Small\"\n                        }\n                    ],\n                    \"width\": \"auto\"\n                }\n            ]\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Close Microsoft Sentinel incident?\"\n        },\n        {\n            \"choices\": [\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Inaccurate Data\",\n                    \"value\": \"False Positive - Inaccurate Data\"\n                },\n                {\n                    \"isSelected\": true,\n                    \"title\": \"False Positive - Incorrect Alert Logic\",\n                    \"value\": \"False Positive - Incorrect Alert Logic\"\n                },\n                {\n                    \"title\": \"True Positive - Suspicious Activity\",\n                    \"value\": \"True Positive - Suspicious Activity\"\n                },\n                {\n                    \"title\": \"Benign Positive - Suspicious But Expected\",\n                    \"value\": \"Benign Positive - Suspicious But Expected\"\n                },\n                {\n                    \"title\": \"Undetermined\",\n                    \"value\": \"Undetermined\"\n                }\n            ],\n            \"id\": \"incidentStatus\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"Benign Positive - Suspicious But Expected\"\n        },\n        {\n            \"type\": \"TextBlock\",\n            \"text\": \"Change Microsoft Sentinel Incident Severity?\"\n        },\n        {\n            \"choices\": [\n                {\n                  \n                    \"title\": \"High\",\n                    \"value\": \"High\"\n                },\n                {\n                    \"title\": \"Medium\",\n                    \"value\": \"Medium\"\n                },\n                {\n                    \"title\": \"Low\",\n                    \"value\": \"Low\"\n                },\n                {\n                    \"title\": \"Don't change\",\n                    \"value\": \"same\"\n                }\n            ],\n            \"id\": \"incidentSeverity\",\n            \"style\": \"compact\",\n            \"type\": \"Input.ChoiceSet\",\n            \"value\": \"@{triggerBody()?['object']?['properties']?['severity']}\"\n        }\n       \n     \n        \n    ],\n\"width\":\"auto\",\n   \"actions\": [\n                    {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Change incident configuration\"\n                    },\n  {\n                        \"type\": \"Action.Submit\",\n                        \"title\": \"Ignore\"\n                    }\n   ],\n    \"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\",\n    \"version\": \"1.2\"\n}",
                                         "recipient": {
                                             "channelId": "@parameters('Teams channel Id')"
                                         },
diff --git a/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-GetSystemInfo/azuredeploy.json b/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-GetSystemInfo/azuredeploy.json
index a137f20546..2378e1d79b 100644
--- a/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-GetSystemInfo/azuredeploy.json
+++ b/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-GetSystemInfo/azuredeploy.json
@@ -4,7 +4,7 @@
   "metadata": {
     "title": "Get System Info - Palo Alto PAN-OS XML API",
     "description": "This playbook allows us to get System Info of a Palo Alto device for a Microsoft Sentinel alert.",
-    "prerequisites": ["1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key.[Refer this link on how to generate the API Key](https://paloaltolactest.trafficmanager.net/restapi-doc/#tag/key-generation) \n\n 3. This playbook only works for Palo Alto incidents."],
+    "prerequisites": ["1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key.[Refer this link on how to generate the API Key](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key) \n\n 3. This playbook only works for Palo Alto incidents."],
     "lastUpdateTime": "2022-07-25T00:00:00.000Z",
     "entities": [ "Ip" ],
 	"prerequisitesDeployTemplateFile": "../../PaloAltoCustomConnector/PaloAlto_PAN-OS_XML_API_CustomConnector/azuredeploy.json",
diff --git a/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-GetThreatPCAP/azuredeploy.json b/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-GetThreatPCAP/azuredeploy.json
index e97a89bd1e..e9a58ddf8e 100644
--- a/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-GetThreatPCAP/azuredeploy.json
+++ b/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-GetThreatPCAP/azuredeploy.json
@@ -4,7 +4,7 @@
     "metadata": {
     "title": "Get Threat PCAP - Palo Alto PAN-OS XML API",
     "description": "This playbook allows us to get a threat PCAP for a given PCAP ID.",
-    "prerequisites": ["1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key.[Refer this link on how to generate the API Key](https://paloaltolactest.trafficmanager.net/restapi-doc/#tag/key-generation) \n\n 3. This playbook only works for Palo Alto incidents with a threat PCAP where the PCAP ID is not null or zero."],
+    "prerequisites": ["1. PaloAlto connector needs to be deployed prior to the deployment of this playbook under the same subscription. Relevant instructions can be found in the connector doc page. \n\n 2. Generate an API key.[Refer this link on how to generate the API Key](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key) \n\n 3. This playbook only works for Palo Alto incidents with a threat PCAP where the PCAP ID is not null or zero."],
     "lastUpdateTime": "2022-07-25T00:00:00.000Z",
     "entities": [ "host" ],
 	"prerequisitesDeployTemplateFile": "../../PaloAltoCustomConnector/PaloAlto_PAN-OS_XML_API_CustomConnector/azuredeploy.json",
diff --git a/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-GetURLCategoryInfo/azuredeploy.json b/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-GetURLCategoryInfo/azuredeploy.json
index f21b572536..39c65b6bd4 100644
--- a/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-GetURLCategoryInfo/azuredeploy.json
+++ b/Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-GetURLCategoryInfo/azuredeploy.json
@@ -5,7 +5,7 @@
     "comments": "This playbook uses the PaloAlto connector to automatically enrich incidents generated by Sentinel for address object details and URL filtering category information from PAN-OS",
     "title": "PaloAlto-PAN-OS-GetURLCategoryInfo",
     "description": " When a new sentinal incident is created, this playbook gets triggered and performs below actions:",
-    "prerequisites": ["1. PAN-OS Custom Connector needs to be deployed prior to the deployment of this playbook under the same subscription. \n\n 2. Generate an API key. [Refer this link on how to generate the API Key](https://paloaltolactest.trafficmanager.net/restapi-doc/#tag/key-generation)"],
+    "prerequisites": ["1. PAN-OS Custom Connector needs to be deployed prior to the deployment of this playbook under the same subscription. \n\n 2. Generate an API key. [Refer this link on how to generate the API Key](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key)"],
     "lastUpdateTime": "2023-05-30T00:00:00.000Z",
 	"prerequisitesDeployTemplateFile": "../../PaloAltoCustomConnector/PaloAlto_PAN-OS_Rest_API_CustomConnector/azuredeploy.json",
     "entities": ["url"],
diff --git a/Solutions/PaloAlto-PAN-OS/Playbooks/readme.md b/Solutions/PaloAlto-PAN-OS/Playbooks/readme.md
index 7125b4fcc2..b1d279351a 100644
--- a/Solutions/PaloAlto-PAN-OS/Playbooks/readme.md
+++ b/Solutions/PaloAlto-PAN-OS/Playbooks/readme.md
@@ -38,13 +38,13 @@ You can choose to deploy the whole package connector + all three playbook templa
 <a name="authentication">
 
 ## Authentication
-This connector supports [API Key authentication](https://paloaltolactest.trafficmanager.net/restapi-doc/#tag/key-generation).
+This connector supports [API Key authentication](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key).
 
 <a name="prerequisites">
 
 ### Prerequisites for using and deploying Custom Connector
 1. PAN-OS service end point should be known. (e.g. https://{paloaltodomain})
-2. Generate an API key. [Refer this link on how to generate the API Key](https://paloaltolactest.trafficmanager.net/restapi-doc/#tag/key-generation)
+2. Generate an API key. [Refer this link on how to generate the API Key](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key)
 3. Address group should be created for PAN-OS for blocking/unblocking address objects and this address group should be used while creating playbooks.
 
 
diff --git a/Solutions/PaloAlto-PAN-OS/ReleaseNotes.md b/Solutions/PaloAlto-PAN-OS/ReleaseNotes.md
index 21f065dd25..9b61ea2a56 100644
--- a/Solutions/PaloAlto-PAN-OS/ReleaseNotes.md
+++ b/Solutions/PaloAlto-PAN-OS/ReleaseNotes.md
@@ -1,5 +1,3 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
 |-------------|--------------------------------|--------------------------------------------------------------------|
-| 3.0.0       | 25-09-2023                     |	Addition of new PaloAlto-PAN-OS AMA **Data Connector**          | 	                                                            |  
-         
-                                                                                                                 
+| 3.0.0       | 06-10-2023                     |	Fixed Playbooks issue                                           |	                                                           
\ No newline at end of file