From 69ed4de98c71c9a1b99df53f88254704f0efb8b6 Mon Sep 17 00:00:00 2001 From: RecordedFutureOskbo Date: Wed, 28 Aug 2024 11:17:32 +0200 Subject: [PATCH] Bugfixes and solution pack fixes --- .../Data/Solution_RecordedFutureIdentity.json | 14 +-- .../Package/3.0.1.zip | Bin 0 -> 24200 bytes .../Package/mainTemplate.json | 82 ++++++++++++------ .../RFI-search-external-user/azuredeploy.json | 22 +++-- .../azuredeploy.json | 30 +++++-- .../Recorded Future Identity/ReleaseNotes.md | 1 + .../SolutionMetadata.json | 2 +- 7 files changed, 102 insertions(+), 49 deletions(-) create mode 100644 Solutions/Recorded Future Identity/Package/3.0.1.zip diff --git a/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json b/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json index c34c39cbed..dc167bebe6 100644 --- a/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json +++ b/Solutions/Recorded Future Identity/Data/Solution_RecordedFutureIdentity.json @@ -5,15 +5,15 @@ "Description": "[Recorded Future](https://www.recordedfuture.com/) Identity Intelligence enables security and IT teams to detect identity compromises, for both employees and customers. To do this, Recorded Future automates the collection, analysis, and production of identity intelligence from a vast range of sources. Organizations can incorporate identity intelligence into automated workflows that regularly monitor for compromised credentials and take immediate action with applications such as Azure Active Directory and Microsoft Sentinel.\nThere are many ways organizations can utilize Recorded Future Identity Intelligence; the playbooks in this Solution are just a quick introduction to some of those ways. In particular, these playbooks include several actions that can be coordinated, or used separately. They include:\n1. searches for compromised workforce or external customer users\n2. looking up existing users and saving the compromised user data to a Log file\n3. confirming high risk Azure Active Directory (AAD) users\n4. adding a compromised user to an AAD security group\n\nFor more information, see the [Documentation for this Solution](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Recorded%20Future%20Identity/Playbooks).\n\nThe playbooks have internal dependencies where you have to install: \n- RecordedFutureIdentity-add-EntraID-security-group-user \n- RecordedFutureIdentity-confirm-EntraID-risky-user \n- RecordedFutureIdentity-lookup-and-save-user \n\nBefore: \n- RecordedFutureIdentity-search-workforce-user \n- RecordedFutureIdentity-search-external-user.\n\nThis solution depends on underlying Microsoft technologies. Some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:\n* [Log Analytics](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/workspace-design)\n* [Logic apps](https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-pricing)\n", "PlaybooksBladeDescription": "This solution will install playbooks that import users with leaked credentials from Recorded Future and set them as RiskyUsers in Azure Active Directory.", "Playbooks": [ - "/Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json", - "/Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json", - "/Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json", - "/Playbooks/RFI-lookup-and-save-user/azuredeploy.json", - "/Playbooks/RFI-search-workforce-user/azuredeploy.json", - "/Playbooks/RFI-search-external-user/azuredeploy.json" + "Playbooks/RFI-CustomConnector-0-1-0/azuredeploy.json", + "Playbooks/RFI-add-EntraID-security-group-user/azuredeploy.json", + "Playbooks/RFI-confirm-EntraID-risky-user/azuredeploy.json", + "Playbooks/RFI-lookup-and-save-user/azuredeploy.json", + "Playbooks/RFI-search-workforce-user/azuredeploy.json", + "Playbooks/RFI-search-external-user/azuredeploy.json" ], "BasePath": "D:\\Azure-Sentinel\\Solutions\\Recorded Future Identity\\", - "Version": "3.0.0", + "Version": "3.0.1", "Metadata": "SolutionMetadata.json", "TemplateSpec": true, "Is1PConnector": false diff --git a/Solutions/Recorded Future Identity/Package/3.0.1.zip b/Solutions/Recorded Future Identity/Package/3.0.1.zip new file mode 100644 index 0000000000000000000000000000000000000000..64823a9bf75c34a6c69e164d61a42a46de88e91e GIT binary patch literal 24200 zcmV)9K*hgMO9KQH000080JK&dSqT82@t6nz0B{!o02crN0Aq4xVRU6xX+&jaX>MtB zX>V>WYIARHwOH+L9D3?}? z%1Q%^jx)r$@sZU3gEx4n3YpE2EI2v4)`_;WTN!B+%lMnhanSZLnU83#Vwb|eU%x1S z#@AG;Bz4{QFXzR)I6nTDcJl1_m~JvDtRy3s(vZ{SQb|jlWqPfOgcfqCjU-iAC$fy6 z@O!JXiUT?$*7d*t{FiQhCI>I+{#Mqy*_3@4xAE4oJ{_PlQnpdPX_Rdv{nP159V|Xv z#eBwXW{o9pD9qytyG88RT`J*zE;fjS?pK9g7o@DM`u>O&plN5evETY{y>u-+p;8(r z07cFKCrMdqeVbCbpTm4Vbs>9o-^M|86k9je>vd?Fm&>}GoT3S}QPLHV0ZoZ4B1y6k zi%eRwGO7%}MJv$N9XTm-%TC0=a^y(0r=hGgI#*WODJpDep$~v8+ z1wy)mhC0wG?f6Whf)u*T`hrJ53oQ9epu@9`ZKOsY(nY(u%m zWI-M{7u)0@2}XLoXl@^c6Dugqa~Uf(D(ZmNKrxB3%v98PXR8QLEO|K7Im8|%T`JTR zR_gk6LyB6o0~9qzg~w^Jp|#jp(tB|OYMFX3_iAwv9e?+QDKoKIXuYyX$q=&M+K(tU zGXGPhq7^4?TP) zk%sfC;KEE1Bw^ykIKZLXY=Akh_}LEN7%hO`NC@8gcZr3F)jeU4#KS3 z*m-dpQU>?9ajOzy$~ym<-};(Z@z~C_zIGO%SUADi5QK3{OO?ra@#m2IRxmjqOEFu? zD7$*9?BnzE%Sr3ZUqTWw;!mJ)&luY&2;$qGPK>Tf9vj~v#JnCS2pPck-Daiqe&1i} zsN%iqpZi1&%Ke+p-kTNx6F=Zkz#b-2fn;!Z`r5>@lm*U33gujT*l%=I3nBVuRPt5{ zI-J)ATWbN*7rX*i#noldrYZ1g3VafuIoedMJI+eh#=0FQ(FW+Pp!1b_ zaDYe6e#DfxsVNbm5Eyj~I_3@-nilMf1sJ~U1F8v|($>S>kj8@a=;IdD)>$;~G2L_9 zobyh=)ab2T>`POGc}Lk8kFr3xGfxcb|3NdLX9&d3IEl6tNFo@ON{UIVUqw8Ie}Qt& zOBC>#-bau@6(J%|9he_o_&L&ab#3Mxa&)1K!nd|%_Vi*($H!d<@RKk6mcM2n>W&o) zUAY63e~*B8?^+fzp?}l9maZkAKipB6SVxnZ-ZpI1R*OCz?GaVHgaW^JZ;XD#YV}0; zzAr(2n*Ci{ar?UC^|Q`$-|ABbMRrx7l&R}g*Urk;`b>b@yW0vZ=NWAS6}}432>UwD zIz}++3qEYWeC($z)AfSiOBXH+f)~W@3%-}A7%j$p|DVc_`&P-6){+v5R&q7-;qeU= z*2IaMgt}A=yz9HfcNt|B=wEvWdBXL!px^R*-18r!R5=%mQBM9K$-iG`hURrD-6YiG|Eq{4g586(X7H3^B6M z8($yLqbE%7pdg0Dm@jo}m1UH1-E{$O-<|Fu!u~=?SkMGe7kjvIWc-83P;y_uT$JM) zkmI^N#z(^jIGTiyEIy@1ZbC1=WFErBWExO^09jA9Z-I4{k}j-3b;mJa?&! z{!ku7zsN)^@09Zic)~;AjF;rzTHW0qdua$97~$Spd$JAhApJEq&T8+7_OoRV(X~3Z z(e_nGHGN+-#JtDreOIX*_i)!-rTl#u)N8eKgZ5i)?*|0FcVP?qA4+g#zGW)@z1M>t zJ$#c22m7!$!gg!%ISIw@F{|G?q29)U7kwyi8Q!jHFNf<*|94c-IlDt_Yf9S^znR0& z9tL?2Ff~eSwZNsk%|LIP(7$?n7v|AB6~DYe?I73%`_8BRUH^B}U5`FKSAp%9ho_n! z6t=8}19iJ%f*#Qt-Q%Wa-S}6|Rltj<;jf*oQ_MR+w>{y9V{5*1mj~rw2>U_W#xNM7 zeF{0cZ@-KOBHMMxG6$@++uP?9|M2&JP)h>@6aWAK2mrKJ99eaDHzo2^0014P0{{^K z003=aX>L?yZE$R1bY(7Tb8l|#ec5u`O0wYlM9e=R*mpwmwJ5HVrE|N_nA$9Am#EG5 zaj-!GBq4$T1%RUHa~(0?GM_eIGFepsh@}7&KyZ-^w|!b7Yp=|#-1G1M`9C-=_aAz@ zCl2`BA6%|y7(@M!LV5{6Tc}kl_^gr|afoSjoZ=en_>s|5 zHPrM*Y^$0e3f$4ifF*EOnmCX|jjO|$U5z(jM4iiX`e-;*HRH2pHt*opXu)I>yo>=_ zqK-ywsPYJP+ju3@kKjXNG8EBV zx}ix**IEYJucVxbO4sPYx25UFg4p3lvT@JLBi!%1ChF=)Yl~krbu?W6uxZWm!#S4k z?98$Bwk8eDHRUc;gB$6hu)(!P2B(N3+N7a!LtfW8UK`{MqYp=+8{EIo%t`W%o;s3+ zJao<;*J(Vt)B2XfG`3IC96=j%Pl*vIu9AQmQEU%L^z7)Vr(fH$@iTvMHI9*>m`3C4)NmH2uc8v74iMet)DJ>R?}06aXq!%NO&d zd=YOl@JoBX(EiTp0~xC&VGzk*U;F;U*%aDMTB_PNkGEtJf8Y1} zCIq~0#wKhVoeb`tl*m$tn5ZfaSZn>`LQnzR5 zg|&^S-g&v5U)vZd((_0p=(_G$H)U%;DG;sj(S{q72$^7H(WJVtzBaHIcsUfwGs(;L z8f|RX*EYC-bvp6NT9WyaUumi^YTJiy?$_Y^qH7~gSl-wwqMfg8tjX;)`~yc0pg|76 z93!wh?g|u1YS)HC-2)tCz^F4Mvr-_$0#45{BPiqrA%CbC8ec!i>*h`8yXZa6!^=k) z6ozIlL}VD#i;@vtLNKmOFm6iEd?!Xvfk5+$kk|Pa(S<$K?_78j)Z2?Ow00r5QYE-j4#t%#+ZyTpLb0Su$C7GlSW;!e zlIjX#NtG2#sw;~n)o3j7?h-+nF7jHtm&aGE!u`9@g#M)qPXhaU5rx_?P&59-4D~l!D(OBZ!r8S{@UAq!JyhT500(k#6yu`(rF}-Gb;I*L#XJ>J{ zN&~tbDe!6oEH4~c4`(lkgPR0{fOkaGh-CljSx>GZYA;e-JXD0CDk%ojaaeZ`bYatP zY$|le1q=gu%W$*AQ>tCnBag)StNVOt_BQ)F)uI`7A-}JQct&1so?$^8Ez19)_wbvM zV|;hQeQ0YR5(F=?ftfJR63q`;mpC1RWr?J9j3tsiHSe*mmil?TvouFyKThaCTdw~t z%1eq2_FI>^JILbziJQs~+PDercfS6XDJg*UeGprPHXg7xl)Ueni!M63Udrz6cRt`@ z4C(7Jwk5T;IWE$@EZ1X7!D$KuW&QD!K0ia{K0*rR@^VY1?R*jbmMBf_Q~Vxs55A-H z@=8va4untoI6(}C-Jng@0^?kTJgL*2H~Zow=zFJg1>%%UA;w3aDKr{?W!F%KcoS0 zp@pZR*!`~-uZ!E&jl%9zp<1h5H~QaBZo0L-+V$byS?y4-)eZ{f@!mnLcD`Th;(rIV z@%bV8w|Ct=+Pj8^*Xr@!_-p;3roxx{>Hb*1IOx@{53Z{>2VMQ_aPRB&;m!Ho(aqic zL2c*p%ih(>)(+r*je4!t zgK1t5_X<1LwPX0Qc72EU3IE_1>(AkSZG3&S*KODLuhlcu*0_O>yN9svI_w*Uu3f_i zN4vFa*mCXqX78rnJHI>pa#%X*?M+Tzj}A`v`ut(NUOasr-`qEfom&6Ad@|{F`=>{} z_SY{rs(b=ha@tUf7q?$4mk0gr>*CGPO<$-t?uNJbNB0l+rQWxP!A1Yu!#9QhB0sk) zHzh$4s^a4_9PPuGUR64ghNrjk$-{%ZC4Cz_pFRyw9|ps1Y51(2{xr@W%El*YYownY zyq-UPdEI$BnHXocrHjXh((co@^5|Hqe!P{pMjdrq)LwU9u8O;zR^{WBvQ5qh&SZ?w z#{3s{KG3#%xDSmE_G)c%KG!D|-1hbGaIbOry4O3|ySo;8?VEGyTs^EG9iHB(t>eA@ z#`({?m)iYTP)i49Mm?#dTGyIYt2i^H3{Z^w;8`Sh-IbAK-j zUmxy=Pv5@W55ARqLteQk3Xk6^;<3ElRWA>FU-@IHJ~-_UFYn}U{Nvzcz^l)f{UOgQ z&!>ZDUArtAExs~38*GpDtHalJ>v(dmoED9%yOPj)EMF*mb#&F=5?jjlrSj}LpIrn} z=XehcB=DJEz;dssK0oSS)|M zJ~^*{JNWXkHvanct8fXIeJr+-&NpBU&OV-up2V7P!(X0`_0FEGiH)(Y zo=cVbsrq`hwe{uvsaVy1KD}-YKMp>ADM-T3{ns<)cI#8+rgb(xYrS^9$qIiltd~wt zpFg&`{o^h10B=;iGAvD4Y9J#X#k&&KWct5|qxmyD0f#o2AE^-()6HMBkX z;Pm>wKH0y7`VbiQj*fP7dYL*7nD{-rl%vD77tZ>-PB5<%`t0>FixTon5ql?zalP zDK{iHrfmp?BnLce`j>J*QwkClP;c>YD_zYUL!XL-C;=tJLbXiMZRj zDjS`>+trQyp{r7H2qI~Rq6-GcT-uUt+lx>|(SyEon`zYdR{4))Hs z>Xq}o!OK9ps_uV0ZSA-2jO&*jcpe^azG+W)H%F>|@$;+Px`8YFc5+?ZHoiQ|H~Pur zfu?_{-MrodI_>OT9eq(h?iG$6p2|vZP}#ZJ)}9;X^AQk?tLO8x+v}T~n{mDL^3txq z)_07Z!@c{jmyP!E*6p)?(7WPaU+#Cy+uPbm+pc`>w! zD(PamW7JQJ%J^ibb^0t1E(epZwJ*12O{#t=T~%+y)2qFmk*?ebr^Uy+le6d3o&L_{ z_QUSWL4DlaGfIP6O%Y?KXc_?r%L7c51ad{_D>Q-+z9tNNTyT zv;S@DxFyzK4xcsgKh5bFn4!7mZU%J1za(zB+47hLg4;RE&=|h28$YsH~Mf=DS^N9tvQo z?eBBtsUxbFKT|qtm^dIAGLwIC6f1no%GFYMW6MPkGqCmBzo0cgz`U{mtZ3Vqva+Du z0)c5D>7u@YIp3BFN>#+@s}m7%*)RYR4S|CN{#pG?5fH~ML38iw_z^TidUni_w^iA6 zao>PZz*SsFeb9JAV!nWH{!*N5wdC9sc9-WtB-RZMq=~MGIB-+SMSMJHA-X-hkiU>w zgdD&Ir)phZk$#%7A8lTNQDK$fM2>XC^r_$%*p{_=fwRqM+`72g-9#D%U55_^G8 z`Uj$U=7&QWi4J%seT2jXovR@&;a^G(w)Y}(2a<-@MJ~ecAio(13`koH0!c8SIYe#m zJv4~Ze9+j?b3}wjTj5PQP!yjbW3c$>(>v1yPducl!Z*F?D4O5k-npKtV{Zw%0yhAc zkwA6D<6xT{i;fp}!X^Nks%5$sbgtCJPYog7+tx>e86<9^_W-P#aSS+%KwSuYUufGp zMZG`-<4_14l1m9}faoRP4LM4)kt^7W{)c|DW`8)`0k7dugsE1PBU(`|kAL9cr|IrE zBzj|ds475tG;W{*Vj;^uMLiZw!>xhES2zhkP}&4Mr-SiO>PT%AD}$-r2>bqo&*aeb z`ZQ+YdgH+B_XA`2tvCo^0a?6~-i`xu7c`+$?-x2{2;}0CBz(;+RS106ebkz%v2B!$ zSO79$YGMa#*}xFlkrdF}!TlAcx2}_0zY(#EMaYo_=qQ=K3_WgmHHWaKAcd@>Wx0r= zj-n3Tr!xd94^J?#Ht-?=mLU#JgQpx>gHePYFe82h48^XvcVOv&RpPW4F*1Xa+SkF{ zK-0Mark+lg^f3M@1kg1}$CN6;v3gF7$01^DeI&5;Gw(XVtt7k~vs)Xq!dlY+2aRSg z!0OC?z(Cv1#W&@~%~P@&Uy0y1#;nrLitmx>I`d?D!%f-c97m%v3kDd2YUWR(j{z$z;CuRKnx}ihsrum5Q|BfPZ$k=S)1v$ zEOfwcIvx)lI*D*bmj<>zg~zNpvN*Iv5lJO4s{A4fff7JkSd$EQX2PJE@W|}k(nKEU zZ-TB7*JBL~vK-=yai}}GBXn)?HaOdj%yKU&+)fI2WDa2-sE~AkndnRq&6%30Z;Qo0 z@ZWEV$4!MIC8JIuV7)qrefXj(6C`B=PN8EF1$dM6QKusUTj0Supo=FX5UG$pq&Dh; zW{E?0wSiPC;Ex3>LQU+K4$(}&Top6}T&2nlBv9G_ONRt8WB^u2ia|HTzO9P|#gnvJ zcPd(U`sNSUl)F|8UEch$f}eC7RQj4(DEh}@3oRJYY5W~` zcDBD^a=(K3BFZZ8!z~T;>4<0p-5;oMzG5CJUj-1*kt-M11uT6Blw3D>P`t0wb-hbY z2<%azisvPr@=m@|x-D1!*xH4^Z~v6dV_Kb4-osqv3Y}~GPO-bh>=5^=XB8^Evi8CB zS4(9zqhy^Fe4K!D3ua=U@ny_=lFy;6buzqB1705UAb7}X7n_>F=!<`bmkx;|El@Kn zNO54=pgrc-zy2Db;2<5DxrdqrN@+0vT88Tc+ei^=;{%5}R%Dfj&7}ex$OJ#`f%eM+ z3vvh3NtO#G<;kal&+_YtRgjK;s_U~RDMc*IE4B!nCI&+FXK#2v5G!MxqX~$HAqEF`16kuqHu%9|)snyHPwsI+yu^Gj1&R4*5?z+hws@5~>xxxGNURyPrCx-A`h>y8Wrb3*~lE zEW&r~Ost9d8YFcm@j}X#J&yGb%;>?kXosmJQ0j!xGwk&jvwuo7=GPlwJ2YPD&jw;O zFjS(dFQBKk!+WM7OT@Bie*wBD@EJ!;$`ZK3TXk3}7W?~nu~+7j;<2X-za>k4O3L?7 z2bh87H(lNl_n2t7bgr+st%=>|&*SlUv#Y9IIU=rVZnwwQkf|9%qsS(|W(h}*Tu7FN zH5l4R3~P*u5G*^-D*yn#id)n^w(ci7Z=9zmO2TP6mz5G;RU)eSD`v#1D|=JIomoCQX{sldqj2jvm? zZ^kk2PFY+B-r)ff1>!Yu89^sH#TpCeK*f6Y33utpoWQNyN&oTV-Ue6A4~(OV%4iTp zzZ}ien;8Zpi6z0@xo%}+cMQTZMi|kYQ8IAK1SuZ(jKTqnP-ntNzn z7)|qqU7-+D_fDAs)hm3Mo8-U%LM$5-a2RtXGhrS&nbhip&iG>L>>}!~)q(boBqQA$ zGq5L!!b=o)XGYp3RI&yLQ^ciqs&8e~C$Q>*aCB|DD@IOW^II>j6JRu_K8ek)KWTjE z2)0WPO5Z8w4GFj#cFmbhP>#SOHAX)VLHP=Q^5^IIg9C1T1dIXj1**VLm|xNvv|k># z_)plIq;y-_{i9O;qrCI6SO%Yx7{jHY{bIiTQ~`C$;Kc{mw6t(6^iGxr60-}MGrt)M z*i87gpYyNMXfPUZz$~_aUxQ~}i#eXfyKWVW@%RBUWo)Lc#5fHFUU}h#SK6RvN$JMa zPDd9LT-hb*m*~cbtA$QH<;?{whFKOTCqIRUljm;_7sdM1a3nmu>Sy~WdaEo9TT*?y z{&ZJ9Ke!&BKV5H~Ki$37rLpw&@xI7^*`4r@!=CU(erd_OKfgVml=+7Xx&EX|-^#l$ z-^#D@+2G=()i~MBE#z+JsuN%BKb}#$1XzS_~WGGRe;-2Mc{wP=36m^2-HujwgF~fPn}=w&%Y_9E4Ev z=C&vbDESac9UPaezE9C67H>9J*(US%Np>!ozfUxH{XYIai}8qgDZk4s;rHd=E>SqW zUZiXA%q8Ycxy1bTxxyQW)6@0&pQ)8}ohVl`SJgD0u4Q1#slK%_%Ah!4F!+Fw zhdgni4ttha^*PKMoSYanXRLW+&244p15rGdrGQl-?vU!>aOY#k`IQ!rW_!>t_WIkZ z5a~)0>)>67UP*|l%Ld8;yhnVO$;TwNzQL($xKIra1-T$XNSyv7pmZaBY)Z234k|OX z;s`}`^$0^QU%3b5a)yePI2eBi6a^z6qhg;$neSbcql64MK#95~r7e#Dg+sB4!TXmf zy4AF6Ml@X@nBx%4Uu4DD*hnaJzL&VG+a2}UAB!fA(6 zId+fjxIM~MM~{R|89P=}LYo6oFBpd7dtU@1tSj0tqSE@DUPCqmmiLeoK60IBVNp}T z0T^mqjjm4=$0*5ajAY+Ka-ESR;|fWc1V{uZ>Niz$DT>S$h5#Gt!I}wFQ1DB zkCbE!#$VRDC-EJEQ$oZTnSIlmagijACDmzaB#p7w0b}q}Zo-i7kgb*hz*IQKhetG} zbU<+n7Nj*TOSb)`;U7zq`lT(7C1!DH6rE9sngdS;cQA)5OC>lXmJsbp=~>Pf;qT6E zsf2NV+1PRQ^!_gdWqSDm}GhBP`7hZ#?jkzA!1BgoGL6HsQo|!^03%P9}LLSi=>U-t$q!Fb~pl3 z(_Em0FTSFvf8q+&oRbug&PwgP>XN*u!%^8mZPtmJwxj-HW<=Na6Fm18G~I}Aub|LP z9^XZa+R^!BQp0UvF&JHjmW0$j!-!TDSyQ!C6{H&F4d_j=_q3Si#?k|MP`qf9eeg&* z=Z8bs<2n2&FZwB$hdsWG7O|iU!4p;%IAMEw&Wo}^NcvFbC#Zng+cZR^2I7t&@CAdl zQ$%a((bn}?>xi|Mn4zL^*jokw1k^wu@Nv>C#@97 z7$Tw^_ycmvi>NQh3xX!k%g5hSLR3yF*`h$kW@hv8q# z0~b`CfF;hJQqck*E7EB*rLGTxBrErURkjf4J6$e31=!m0`bZM_RlQ8T$Cude@|f4r z!HYA{fu3WC6(t8KjUG*bS*v5M_*JDsr1v=A_vy-wUuf z9Ed23HmWVBkZ zwk4CT6#0tmp3OM@mX9DcG;~JwFQpR2D&;uvROWcMX+xNkalSVjTdX9V@fR3hwK_*7 z*_?D)3<*5vFnx3~&$&#>oY->?v$H1ooWs-%2|p9eIuCNXjA}tEpKL`^IvNi{jM_$= zM3!?%wi1~hbVa~ORzb##14DColZl7m60qHzIg(+X-_+$LOx-5z_QIznsYPSWJim+% z?5SMmoSlI^#p|3G5+n8NoL3SfCG0y-oiQWIfwQ&2%T1O#-g7{BRBw72^ZtA@kMANA z=dWh{IHwk7nU3uXwKSk>f72e^Y2JQTJCNa`-f``~$3|ll+?5b0aIpH)>J|~K;|LsM zvYgt1?4hUcpKe$;VZIedk%=kio;07mi29-uQLZu^gb|zM!61vw7Wr0BH+I0s;!`@# zv#`WlvOBz?)X6b}Hx`^Y20po^4`A!$^>yb}HYen${D zm}34}0^ch4lhPBFdMdx=rb@_4foG+_Em+7(fu}%b66DKUNUpr)l9^S?u#%c0N@+{z zYHmd2xw@r=+|qa{P0HZTomQ~lq7F2M+jd&iirvE~Ek_nc=kS!K zV{iyxIuTxu%Zw?VG==CVAWe=ZiwRB_z;$(`wZ*1I7J;*R1Msd7K_|cHaAeE{EXqgB znIU&|!UTim-Fc{M<5HGY2^UTAm^ISj{bGV=rU#_cs7V#K; zP&q|>HJS^}(qgCtCQ^R))8mR*qaEkL{ts7>PXtR|Ulc6&(2PG^G=Dg6ju11S4B?AG z?5oFvdl3-H5MMhF4e3G^d8~1?=}uQ(l=hbe;FhCko`b{_D=s$epy*h!u=A0(mNa|J znAhLe*Ld+7XQnvTl;--mnrs!=)5SU}356HHc;-*;u7JY5=K}Mc?7TDwlp^R?ds}&spKgnwlubOE)&7OVcW{ zbM8C;joG?@gP7kV))2w0z9gT;d(=LES50IHj-uHwh9HDqb&KRp)yT@zb z@r}wzs~r@Oz~SN1=ypuh!b7GVJAC2g5t~YbQpwob0LSZOTO1m5;oF(5zRxtVjun+A z3S4V~?<&C!Exq^!YnU2td@&ldm>V}HgO(~YHohCesqXXeShKZ1Q^&E|XEl7N$CB0X zS?L-+8n5(|5UCo6dcq2EoqKi6wbj7@Wnw{*);1ZISSr}D6O-JnIxH27{e3)_B^NNv zLAstxvJA`j_KxZteQhhCT^BnY5yx@KlO}%o7UkB9N=?KMlRQ<_v4YD~z$@2LH3By} zX7iR13pqy>!5hr&7$SBrmh~22!Ds{?GEHR3VF(&xqa?Wt@kP`Q(b!@nBbB>T2xW_G zNXSYkoP<-7MTfo31oWu^+bvTp;yjcniw(W}UCa@*kLl~p0l6P(*sI3|zu<-E_@Q(v zPVy*Xnh8=!`w&Pm4=VSVzd5>9`(g-+gANU~?1{V(CY<<~q^mkN^{mRJcVfXrF8EyB z=a>8b!fO)Wl0|)e?N%Is4}&2d4u;00hThe+4?p58mrmGn2H(}$=A!qCnvhKHO@&0RXBb2Mk3wNQ9&c)58)&2`bVkU76W3Ua zNB7uQdZkG(e0#!Osj}3bq_^P0kPMt3;(-fu+rT~{w4qrp{EM&E|LY*wOh<=8|A)SI zo)5gc^XxwRQdxl{a58u(uY+%sxO>nUP&>U$FO9Zj^G*ZjBr$tI&zHTV zhANNn8$u_G79`x5IL#elq~>fze8A&@C#Rg5ZcbMh=wzQp0?f=Mfm;b$Ig}lXHXoK|QZbg0&wLo)@&y-go;9-O#z_c9{?@ACy zk&`8?o3ZJ*ISq}L=Ms=U=dTXZ={!Y1(srNkil-rfX|-|CGb(hM-+NHQ>TNw1)UN2u zfPRtS?CfKbjYhi%SLax7WwW?hq_s>!V648UG3blOi!^t0RL^@!axo7N1Z^U)7YL(v z*jl{}eM`o|Ny5G{NTSut1U(DVY{Z=9u{GCev6l{_;(u%_`C^s&*iIi=%1*4I8$+>; zE~@N031>mB+;@1~partBIUi@MiMyj94n;-KFBLamoBIx?D-rgrDxiEZY4)bVlJkN^JnVVzg z%kB~332oVshZte!@9Q5noxj!vU~i}NWr`*sIu*LTt2~k!F0!ru%c;50jSnGSr_ehH4ewwr)3kad5;VP~);J%kr}h zR(M&m{xMu*sN#7zit@?L!LjyKJlfS|<2KAvm9ydJ?-WB1Ndi$p(y*j5Va#JXk2pl{ zN-PGai5Z+`v=L?wi$Xa@Cpfv9S3Qs%^JDu zgP^+xuL9gwZ}JB28j85uNU3!qicvu`%jdP3Z{AE-Gv@WCq8c#eND-Qn;#*skQ99S? zOW>XsRM{**xgA+U&AMCQIH&L0ti-0J3eh&x&!1JK`Q9Xoh0mzZ`q~%KXx^do$~X6W zV!PjzI!$nDG*RPK(hZ$2gYZiM#DCnmtc3%u9`j4gWM^WP$PItb$3O&vTL z0LbBOUpF7cJ#>BO7NY6v+K&&v!0>^bIQ0VdFi6W$AR+Xmf%Wx{pW2wIlx+ZLN`wX| zBUx_pKnBn+z&M8)Yt7*sqjp;aEAg8^|KALmx?&t$!tV_ol^mi5hFGw^Ds5@V%S}^o z{goP~%nYs}P6W}cIRa=vRo@CIyGGCWlrLJFCc$lfY}O9qro)F>@6AJwatmYtbQfq+ z)*k5(W(6|jKL2fMU5GK&OH;k<;o1+-!F&doFOnZNxJW8Y4hoUpaBK)a6^~LDXf5|0 zt6t69nbxiN$dTLS?AztY5`Lh-3*UEm5c~8vG{k1g)nZu*Ig)F6S^9|>I2H(98toS4 z@TfvoTugwCfQO87N_^Cdfqb)}p9=w_QEuieFafv&Sc7Ls1u+svwuS)ND_FpEQ+*Q( zYFJkhiV2aVRAmcX1H}nRoy!sr@R^x3GQ|jdMz3LXJiy$9@%M0s^F6-#Fv#^FDJ3L> zWBi9CT5C8RHJX~TaqCVC+-&GO11FSD?Wf=ij(K+u9nKMuW>G*7AMe*M9V}X-gn0>F z?*I{+paqG^mb6SwlbsM@F^X>{U6koE90lQ1=@Xab?TF5co z@$$EJ^alvr#0p+OR?NgX1m|EcV${5=}L$;V)^tGaKbd*&w)}#U?Qn&bTy| zW^C(cHzdXxH{uCkgYDQy!@e?hCV$2iMKy_Da=Z(QwrX2%)1uAkY_Y%zCSHgUJ@l=? zJ2UebSIgx&2s|;3)-y{t$&Gg5QVijTG9ku$E}0OsnnKKSrH7lTcmP<>0oHRE>p4mB z2@4rt?>xhduh01Uq?kWN#Eh?xLlrX?+J9Ub3!Q|8E>`EjLZ_sqpP98z$0K&Ro@tr6 zATt+a=7O{s{;A5{Nu!X(089t7ng}ul{`82%`kJ4!oV>sXGv?zGbAMpoFhw0m?b4#&7_3xn0d$P&h0upvbXaRZ` zaUcp3Cc2#7Q%ADEwM4E5Um=H1Fu-K-a ztO5KSwlJ4pkW5>x*K^D-hgFU2HUcD0qv<{ z{vA%FO7t8t(_1v-AgttW)W%@M4vuQ@jo@$OQ(OBV?#OMF!nZ+gNl&nRE6*lC1sVeR z=kf{wlruXN+?UvqUJ)b$)Ne9v(Q~iPUmf3N89--yy}cPgX^%H8<7W)Ql|1)nd4}Ad zzP>RykN1`Pvy$chOfmN-++Ro11~%|xTgC5__R|eab4vRee8%q}NIFRUI@m%deW)f-sYjBI*^$lDcL| zU8j(iC3Ri(q^?>1)D-fk+R<0wooW%t=9EG@JW2JYEa?Vfk_@8 z`4fR7UfB$aEzs{5FdW_mr%_BNfGkT!>^hGu8F7}3m?bDJztMk{X!P!&QeycIwFq)4!E!Ch->r6WxA{Jf=EVpx*TDjeN5&!1Nrz{ zJ+nl{tCz@lHsbjA5);;DDVRM6l4U>h14)(?fgn^AK4n>r-&r<>EUR(YfoEBb>F1Kk zACyDM@(R;VC94;b)eDLDK)JvtV^*06O_rsX3O!kt-qp;~8&jb@yQe0rPiU5X*L!rC z@|>JQrab>mQuUg&!pbY-P?{5p;nJOFNqFN@icIWhdIj3YSsLan4fC7Nxt$2#-$WK} zoTDkdEZi&yRM0g_OK>(jcZM;Jl$C`?JSvgmQ0(*@xgoA?t>6Tc@%X=s$XiF z>jut}>tI(=QeIbv_gS9Yq{+0|s7>-b+LamdX#4uc;1u3h9_?zDM?1wl+A^H*Xqe{} zA+Pf<;_s6|+YLr@%Aid<-PpOay_}9EaPE(ELmimHrmDqSn5S>Pm@nmv(JS*e21J#p8mv8HaI=k*wUh7kfLT5{EyZIP(SMY6vUfpa4(gi6OOh zbkuECmT{-BOy%J{=b65o3s>ZFYXwW!{RP#jz+GIQKp*rTpq4>8-!?uytiAQ@Bm_CA z8*`Osn`dJ4=wo3~aC3|rZqBXZ4u^&;kuBbQ8qQC&i5C(ONA8HRwSD z`rH5)AxsCRNg1hHBCFYJ1h0mKDk24^K#TjZ)8P9IJp#@re;ZY$f+rsxX-8Ja z(`C?}{E(-=gd_@j)u@Q4K4#Tb$18amX44OJK_yIr9hwSg+O+YsNhlru5WAY0k9p{F zd=I|)jFMN>4*AC!56|%AH|E^?XCdkJtX($3+-{vuVJ})$~6&_H1M(| z)U0`52KQg|a}$1PPrpW74-WlT6|o8bH&8X=8O%oB7oUo_Bgv7W17<@_H^7&2tjH=4 zq`uiDFZ}1fktD?%2WIWZbzTq-02kLsM*Bh?uLGwjb=Jk_5ijfO-V7@=BwqWm!6_qI z{@`Z2!>BuAN7;t{fEd>a{K=o6=LOJj1n1mlahM+A=a?yxvv+-7C(!qmnb{VSEb)kx zom}BO%`fG`6p!@+0iWDlGir53!=fiqe&ftRKIu@Z@DQLZBAk9Mev)I7$Tv+PbMZJJ zXBw~+fHC&`ksMg=bL43=4Rw5FP#i$FB``3!ySuv%5L|)`GH7s@Kydfq9^4t+U4sR8 zhcI|>mmonBNRZ{*w^h6KwqAGD?P|L}`q#aE&pCua=uK92Nk7buCc78PkX+VYj^nXZ zFk%)gwznLRzjiM=vf2uUjfK(cjnMv_z>BOi8*B_lrZr*WIU->wS22^Y=$US{vYVQ9 z7i&kdg@CI!6)O*;DF=lTbKUFS#dU)Ls3kd8Rns;|1KV`zYuZ-w5W;mdxw(;db(+?G;FDsVFN6wmZ@v{xZ!r zleooPwlv!h9D(KgANjQ$4hp6Ta$_2~e8%PUboafO245mmtUC2nz$s9r1TgG9*^x}Q z3iw29kl3x@RSlMV_krt+jJQkLqoF&j;58`mrL^ccyqTa%aM6#AprS8rnEKaa0GcUL1@$<-gDn?n8;9(GWoI)}n!ew93=hX* zspIqL`w#YLMz5@TNZ$ZzgR_!6-!WYwFwd$QNYQe>Fk>#&Tapfur>gr_}g# z;te@m8Uab7?}1hUpqrxZZ}gcifX&rhteZglWfitJWx1r zlGWz4{F#!KeUq0FrISJiBV?&f9xEf{nZN@|O;}d|5Eoe?wY&Z{ntY7fKFHm}_4xd2 zR~knU;tdv+A{V?vTjq9?!#+^#CPTq6!X7~ic9uie4ToJ9H9$KP?g<5H&)1Oq zD)5mxYphWBvcs$X3dtMD@?%~dw94nUZygwDQTuHsOSS>82H6_<76EhRnI&P_IrF3h z%-bxc;H*fewXz(>Od#vv+8VQMW>kMpYky%O>U#{H($;!daUQyz=L*IDinyaEZ$ivn zDDJ63#(%q~e5Gg&bhxW8sZH*7V5}<_(hX%|&b^6$3t&qOUXE$q$jh!BlMEN|Ir_|* zc8{Z1J0>nt560D0NkX#|?qbc*S^AHlZF&hEtmr;FxRlj9(bo0C1Njqns2T2=mEB43 z=AY4$)ZBG)jfUpmJE{mRV$rrTjYL~U?Pn!Sg#rH)^*$F9=r&Fg>k%ul_u?d-Z`Ajj z1yMt~1~QnojV7Y(l^LmvNrDeXsH*u1{IBo7(9-raSYR9KH$@S|iJ$cUY4!JY_zsaS zc>1U9?=tiqS}hJq^geRK7GeUHe~PJJ*fGACj-YVZ3kfI}nW~Cyxsaid=*S|I`nPyn z>77rE_>CaZ$sTrNY<0?nJmtr!u|Mr6eW{~mnpU=q?%KdzI*xnJwpPrc*%z3RLK4u$$lJK;S09>GXx~UB?sf)m7iSb=q5fWdmrAJ2Fo4lM#y8_x&*|}K z_$%j;!L4Pd?Ot&E9eaRqZ$teV>pXm-m z<->SFQp`yHgFy4Ta1W-NK#i=(#*>-TIbyFyG(>zZS$AURB8$gACv zk%V(amkx(fwS)5vQa0ofO5DV%*pD%k3sRDahpNbdkJ2Sn^A#^x0@>R@39p zHWL>(5%R+ACIf>EE?mY}vT~${u-xF^a11h6!3E(_WWi)Q0Q`5YoQ%;oI2r*sd|jKh zduQd@Za+sjiy3rOaUf=PFkHv8pv9a$_6{Vto#oa!X>$rQ&0o!Et`hwVqpv^=M4$m1?KiWTYw1(n?pJ$94E5DzGR!4dhaXKBDwjqwI^0AN`a=hiNtx)7HLd3&5fbL)?XwWf8nI zUGWqq>HEuv@E~`X6;a-O9bvic(Wyr zMto_N63wk}8dHRzuw-98V{lmkiz!C$X8F3SG^S|C(&6_+l{6JKy5SElTeLr*bSR?< zOm4EV8|`UG6RiUets3xX5}rVs?{yc8Xs8 zYRDf~#bIA9i)S?FoJABV-E(VLSvY|$VZZZ9Y630vVo6jD9U^D=jRi-o9uVbsumF)JdRek%BnWBQo#P_Q@R4lQfd?$*+z>lN9NASW~C#p-IC-1l`WFCTb+i_+}t6P=@b34B9J z)4WKhP|I6pg(kHp_ISrLDLc&6(uza*9(Ki`>84{)q~l>T?b5ENDUQD9{}9x1#&)CS z8sJZ@4Vu?4-LC=T?-KpN|rEbVXTNX zRQ40!?O?#FgArM2uvHqP1Cfp}3RaM|qMSDfAEQz3ceR!iT-RVW92`K_mU4k>cn zUchU(D9&fZvGYl_{NeyC5;P&c41#{gnFD+;JNO{sG)BBXT2k<5{0$KUVFRZc_9FpU zKGuj>Dc=>GM>Kewhrn}smoYClNKlC4vV#P3HGHd z<=Z3cu;$&8A*QPSNem6u9XnzTh+tqJkxuiTk zXtQ=BE+X!65&1`A&sKF8xSu`_67P%!*a4T|3%)~U6@@ipqzo_dZ-H?G zuL^xsLyD84a%OHQMifA%!;^oTJWCmI{z*Euh$%#VxQ)#XF1}agf`3;oU@RGfS{IAj z!r!NsiYvj&L?bj7}ub%^);Fk2I_Eq zBeOr~Ayzrg(9ANQEmGrK0@;wICgErT-~rnzg}NM*2LY;=S{q}XP(xAbr1p_}LJxFz6HUG1A} z_g&@=;6C$ayYiCgM(CjN?9`NDQA~{Rd&*7O17B)`Q+=9kIFX_y`8vf{w5op}+gntw zR~ch`68^e{mf**`5r6$V-=hC5E<)~IfkBD>^#vUR%#8}Sq=RB;yjaF~s8~0mmiL;( zBQv#@MUY=*gTT(ctg7a8v=`2AGT(GX7VH}Ex9|FME{z19^=;pDw*{$dUcUc(qtojw z+!YbLm9&c)e%O{F*w1_dNh)Iqq)wJeteS3>^|_){kCL?V`R{ryayZomBr;YdKia%z$Hs5FGN z$=$Xg9Mc%t(CF%cKUUtbtoB-MHz93Oz&p=|UIjbVll__HUzj;PNuLGGCs2nha6`7R zjP?nypHeDaJv$P(q?6#7L+qZ(S1gpQ(SLiMmFz;6;#biflY%zt#<7cuKF<>K1i___5?0g|Cemd0MrI1sT$%%rXe@;So4krWD8^1t{PatqyUB9 zhU0*WyNwwWN>P6OjLi8qH%O9z5kgrd&xKOV+cDmZ7&+KBo>w!75+H5<{!N{$3ZN7v zQE%Xx)BBitlew1<#?c5e%F{}he9^q2kfoBW(RZ-`)F5$=p&P(^qkAcSHvuT=MvEC3 z(mj-(0kMBp^*+QvuUZbEo^`lgSIbGR=L zrV5w!AovOKU3TBCLj6QefK-0@iPBUaxvXEbZTeUqF9zK)Sn$> z2wjR=)FN!pjI`(nN$nW}XK6Zke4{wm; zK`Bk%0c`W%2((W9aYb7oJ?nRbgC34REV{sMk6hR-QsK@z_s3{MEid2Q{6{Kse_o$x zue%dvR)!a~09gescl*-lz@$cj>8(HZmDzpUqoKhEw07tFxPYs?KoyBQBL{yBw}yH|8Oq!W(VyY`Ffre zJL?~wG#RG#l?QP;)keJO%q;JkBAqZsgt{snSCl%CRI4d0&~q*mj`#zsI(Q}iP*$u; zPxWS>eLAiFajkW8z~eS9KMoL;<7vLkFU(M&|2fD$cBn=@DMdOyMJLivd7&TXX!fza zN+`yQcN)EsN&suO>iltn7G!ju-@RdUDd`b^!bOGuxmoG16|j2Fv<$OkN)4zWmip8L zhAW5rz*vL7IGbaI&*=Lcl^bgq?K>Av>ckT(z_WfgR7x1MYlQReNm1ysE(IW60me1p ze1c&Td_3@#>vlGqeMZz+*&}tKcWX*x8rTrQ%y4k=8j(~jArcO7;uWOn)U&hBc4oAP z>T|P*a?;;wR^`ErO}jbb7j+^raJ}oeoW{T8&%&8=d-0v^Z@#Z~fw@S~AR8x5a1z&} zm#bXxfJgJ=<&RJDQ*2P;#Oq*bH(s1CTgIInauWCTD**&G(;JOIo1gGYVCkgV?>|%5K8B?qmY{jQ-S{txX2%G1Tp1&7 zQNk7Qf`%9tM+~KP7zyAQ_8uf#Uhi?wACGiToNGQ}#z572^yDk4-18;U5jPTRFH%n& zdQC7(J$Z9Ayd>T8u$+0$r*}R=+_{{+H&O^Pwc_=HLLa+556J9x*IkLSxphi1fkGJ_ z=N5@G(VnFq9uE1t!$n$se(xgi>9A*>TRJH}PqPv7JKtfgHOyX@f{viK+s1A?|2r@1 z3gzEzDQLXaah&L0sNh|#qGZ$>sI=zJ|IHhypo>|?!-h$tq8Sh++dI05LFOg!%h$>V zV~+9~eip;V5;dRlA|i8$FEZ)@D~@FYE_>2R*VS{`QIrVu@5_54JQZe*t?2;~*OpKY zkXi*TnH}SgT-y8Ul1eVtPKt9JS5Ip(8O1EKjmmEA1>M)4w92Pz7ajhA7|P0sY&f3z zT0`ViWoszx}tY{KMoN>MDZ=(-O>ET8ILG0ATXroiZEXd;!bkPL2|UTG?VXsAax zPUK?-H9B+UUhBBuopqSHv;c@Cn|IX>YW0moD`sjmX5AQyZ4-LD@ShN$RDTD0I!jMp zsv+C66@!O6=>7->t^kM$u(-$r#^f1Yscy=|f@*RDEhFC|eKCK$t+YYMvi|hTRGKg* z<%!X0V=6UNLtzZVCe9+?)tyNEtg4%*nwR*VG>f zrHEw@gY9WEC(%|Ge2^5%7165F;EAV-&Ud7&Fvp5`ieg6QIN6)QQQ;sRtIP=!9NxSJ zu)ucF5|B zqaw}NZaHaD+^+I|xm)Xd6$Y+yay(Dn@>$XW%x_Wg6HxY4r4l1BVUjJh z)5q{BjY?|xK}6w-?M^y-ynl~Sbm8()e0{=IyOWvC9-(GYA&3uW=uGXI2bQ6lYV^iJ&`jicS zG{=~0_74Lsn?+4fRczi?K(ViHwl?8|?ihQ`e)`g{$upm~J6l1N4Hum&ziw=O5>0h1 z{NX*j5st_IYs;LnVcs4kj&0wX8DhX}GEw}Smi@%Kmt0?(8)RdR)U)L(-4N`?sBhk& z!}{}Uo|Ab){|d9Oal-}ancw4EF^iNKvNBaIonBk}VQ<|igs_&PV!uI#P9(M&s7m>dy7t9Q;%B1i?O>D=yetZc zsfO$#v8ycQHNVc-_`ss+Dt@4|IVT4H(=9g=@b&ZS@hbv$ME&$q@IU6cd$W_z&(TsoO4q-3v4rIdk@^b;Z4I2eV z%oHyt1xPRID>BZz4)RX@>JWLYSF}foJ`pK>_=(uso|Dxoy@mVa${~UWP{LEJ%??h| zuawX^6iWK*oaMg*=cAt|0k6AG>r;0P_F`19Rp)MfVxygr`Nt2q6;~@E_ly>x`X2qh zLyTaWoiH6WIH)~2#l#lMwtA;gAfTm(bLqsDr65KW*PLc?d(Zb?^^)j4jp6pS>*5oN zLD32!Ao_G7eh!Fye_Dx6=A>9jia_<1-#F%ALjiet_}2!y6lzpp0Ys~XXq@Sd`N&`G z?nvdN6!I0WzL10U4p##%wnwgoha2rFbmWF7YL#-Ln@L@`<>wc5M3>Uk;cq+-5*VT+ z(V^i?jHeEYsA54Vu^6!6fzuM9fMRzN)DE%)remzyk8Wa%tzkPPO|B@?h*vsum^CYXrBA!Tri4ttC8f{sk%*x!Q{_Ly?L=EN>5ouq0(a+-7*l zIdX}h;~>WPKE?yBM=<$Ev=4UX9i+Yta056YWMPQbN6)ll32ksB>$>J|Pt0Wl5Q>pw zhZijb!RboEH=f7fe`1JZsN(zE!0~Js=Q}WxsgXhf4sR*UMsa!N=tr@lIADl!@fQdm zE%%mi3gcEfHs#nmfdW2A$?b87Qc>MTQ7REp4&@B2SGr^8L$HuOAxjVW)p?mIXC&bE zk6_;)J>!>%5Mqg{;!^o*8|0xMBt?EM7LaE7MMFXNi+b3nDvoYzUgl%Rh%fDeUtya< zB>{>FaxaLOh7JK#mge$^iv zR9c%0cPt$d1BW7udNY&A(tev>|M7ZG{Hd_p>~MPl#6vO=pZ46r6GTZxj>bJyoENqa zo)6=xx+ZriII#XM>^a$kaC8!R`A$f3V~D<&vB7Prv3|Ew`^ldu$t>FHMMXup`HTK~PLsS1Yy&VS2t0vK_Ase3t3DF-hgbj_T*(ZvQM4PMsS3aOEJA++qkPGp`hZ@XQEJ z2paW>GA<$BgYJog8Fow%OOWvc*2#JY8^m$VbDsYd#Pj(!4pUo2pq|RK+lQk$V}S|d z1Z>ptI_rbo&il20YnxWyVd%zEV71+I0zZ>AV`)XqbtloBE_A}VPtOH)4#Vgd&ywcX zch>W6ldm0>R!QCa|ZdfCs2{CtK-u4?caQo3QD zHM!x`Mr53SzBTcWG~V!Z literal 0 HcmV?d00001 diff --git a/Solutions/Recorded Future Identity/Package/mainTemplate.json b/Solutions/Recorded Future Identity/Package/mainTemplate.json index 16f564f1f8..4a1bfd6f3a 100644 --- a/Solutions/Recorded Future Identity/Package/mainTemplate.json +++ b/Solutions/Recorded Future Identity/Package/mainTemplate.json @@ -33,8 +33,8 @@ "email": "support@recordedfuture.com", "_email": "[variables('email')]", "_solutionName": "Recorded Future Identity", - "_solutionVersion": "3.0.0", - "solutionId": "recordedfuture1605638642586.recorded_future_identity_sentinel_solution", + "_solutionVersion": "3.0.1", + "solutionId": "recordedfuture1605638642586.recorded_future_identity_solution", "_solutionId": "[variables('solutionId')]", "RFI-CustomConnector-0-1-0": "RFI-CustomConnector-0-1-0", "_RFI-CustomConnector-0-1-0": "[variables('RFI-CustomConnector-0-1-0')]", @@ -73,7 +73,7 @@ "_RFI-search-workforce-user": "[variables('RFI-search-workforce-user')]", "TemplateEmptyObject": "[json('{}')]", "blanks": "[replace('b', 'b', '')]", - "playbookVersion5": "1.1", + "playbookVersion5": "1.2", "playbookContentId5": "RFI-search-workforce-user", "_playbookContentId5": "[variables('playbookContentId5')]", "playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]", @@ -81,7 +81,7 @@ "_playbookcontentProductId5": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId5'),'-', variables('playbookVersion5'))))]", "RFI-search-external-user": "RFI-search-external-user", "_RFI-search-external-user": "[variables('RFI-search-external-user')]", - "playbookVersion6": "1.1", + "playbookVersion6": "1.2", "playbookContentId6": "RFI-search-external-user", "_playbookContentId6": "[variables('playbookContentId6')]", "playbookId6": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId6'))]", @@ -99,7 +99,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RFI-CustomConnector-0-1-0 Playbook with template version 3.0.0", + "description": "RFI-CustomConnector-0-1-0 Playbook with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion1')]", @@ -464,7 +464,7 @@ "title": "From", "description": "YYYY-MM-DD (until today)", "type": "string", - "example": "2017-07-21T23:02:28+05:30", + "example": "2017-07-21T19:32:28+02:00", "x-ms-visibility": "important" }, "properties": { @@ -745,7 +745,7 @@ "format": "date-time", "description": "YYYY-MM-DD (until today)", "type": "string", - "example": "2022-02-08T16:02:37.951+05:30" + "example": "2022-02-08T11:32:37.951+01:00" }, "name": { "type": "string", @@ -1393,7 +1393,7 @@ "format": "date-time", "description": "YYYY-MM-DD (until today)", "type": "string", - "example": "2022-02-08T16:02:37.951+05:30" + "example": "2022-02-08T11:32:37.951+01:00" }, "name": { "type": "string", @@ -1995,7 +1995,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RFI-add-EntraID-security-group-user Playbook with template version 3.0.0", + "description": "RFI-add-EntraID-security-group-user Playbook with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion2')]", @@ -2443,7 +2443,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RFI-confirm-EntraID-risky-user Playbook with template version 3.0.0", + "description": "RFI-confirm-EntraID-risky-user Playbook with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion3')]", @@ -2924,7 +2924,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RFI-lookup-and-save-user Playbook with template version 3.0.0", + "description": "RFI-lookup-and-save-user Playbook with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion4')]", @@ -3398,7 +3398,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RFI-search-workforce-user Playbook with template version 3.0.0", + "description": "RFI-search-workforce-user Playbook with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion5')]", @@ -3407,6 +3407,13 @@ "defaultValue": "RFI-search-workforce-user", "type": "string" }, + "workspace_name": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Microsoft Log Analytic Workspace Name" + } + }, "Playbook-Name-add-EntraID-security-group-user": { "defaultValue": "RFI-add-EntraID-security-group-user", "type": "string" @@ -3441,7 +3448,7 @@ "name": "[[parameters('PlaybookName')]", "location": "[[variables('workspace-location-inline')]", "tags": { - "hidden-SentinelTemplateVersion": "1.1", + "hidden-SentinelTemplateVersion": "1.2", "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" }, "dependsOn": [ @@ -3901,10 +3908,10 @@ "method": "post", "path": "/queryData", "queries": { - "resourcegroups": "RF", - "resourcename": "RF-log-analyitics", + "resourcegroups": "[[resourceGroup().name]", + "resourcename": "[[parameters('workspace_name')]", "resourcetype": "Log Analytics Workspace", - "subscriptions": "@subscription().subscriptionId", + "subscriptions": "[[subscription().subscriptionId]", "timerange": "@{formatDateTime(addDays(utcNow(), parameters('search_lookback_days')), 'yyyy-MM-dd')}" } } @@ -3926,10 +3933,10 @@ "method": "post", "path": "/queryData", "queries": { - "resourcegroups": "RF", - "resourcename": "RF-log-analyitics", + "resourcegroups": "[[resourceGroup().name]", + "resourcename": "[[parameters('workspace_name')]", "resourcetype": "Log Analytics Workspace", - "subscriptions": "@subscription().subscriptionId", + "subscriptions": "[[subscription().subscriptionId]", "timerange": "@{formatDateTime(addDays(utcNow(), parameters('search_lookback_days')), 'yyyy-MM-dd')}" } } @@ -4087,7 +4094,7 @@ "metadata": { "title": "RFI-search-workforce-user", "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised workforce users.\n\nThis playbook depends on:\n- RFI-add-EntraID-security-group-user\n- RFI-confirm-EntraID-risky-user\n- RFI-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2024-06-11T14:25:00Z", + "lastUpdateTime": "2024-08-27T14:25:00Z", "tags": [ "Identity protection" ], @@ -4105,6 +4112,13 @@ "notes": [ "Added subscriptionId as a parameter and updated solution to match V3. Change PlaybookName prefix to RFI." ] + }, + { + "version": "1.2", + "title": "Updates", + "notes": [ + "Added workspace_name as a parameter." + ] } ] } @@ -4131,7 +4145,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RFI-search-external-user Playbook with template version 3.0.0", + "description": "RFI-search-external-user Playbook with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion6')]", @@ -4140,6 +4154,13 @@ "defaultValue": "RFI-search-external-user", "type": "string" }, + "workspace_name": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Microsoft Log Analytic Workspace Name" + } + }, "Playbook-Name-add-EntraID-security-group-user": { "defaultValue": "RFI-add-EntraID-security-group-user", "type": "string" @@ -4174,7 +4195,7 @@ "name": "[[parameters('PlaybookName')]", "location": "[[variables('workspace-location-inline')]", "tags": { - "hidden-SentinelTemplateVersion": "1.1", + "hidden-SentinelTemplateVersion": "1.2", "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" }, "dependsOn": [ @@ -4486,10 +4507,10 @@ "method": "post", "path": "/queryData", "queries": { - "resourcegroups": "RF", - "resourcename": "RF-log-analyitics", + "resourcegroups": "[[resourceGroup().name]", + "resourcename": "[[parameters('workspace_name')]", "resourcetype": "Log Analytics Workspace", - "subscriptions": "@subscription().subscriptionId", + "subscriptions": "[[subscription().subscriptionId]", "timerange": "@{formatDateTime(addDays(utcNow(), parameters('search_lookback_days')), 'yyyy-MM-dd')}" } } @@ -4616,7 +4637,7 @@ "metadata": { "title": "RFI-search-external-user", "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users.\n\nThis playbook depends on:\n- RFI-add-EntraID-security-group-user\n- RFI-confirm-EntraID-risky-user\n- RFI-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2024-06-11T14:25:00Z", + "lastUpdateTime": "2024-08-27T14:25:00Z", "tags": [ "Identity protection" ], @@ -4634,6 +4655,13 @@ "notes": [ "Added subscriptionId as a parameter and updated solution to match V3. Change PlaybookName prefix to RFI." ] + }, + { + "version": "1.2", + "title": "Updates", + "notes": [ + "Added Log Analytic Workspace as a parameter." + ] } ] } @@ -4656,7 +4684,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.0", + "version": "3.0.1", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Recorded Future Identity", diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json index 49417cf916..db84ff760d 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-search-external-user/azuredeploy.json @@ -4,7 +4,7 @@ "metadata": { "title": "RFI-search-external-user", "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users.\n\nThis playbook depends on:\n- RFI-add-EntraID-security-group-user\n- RFI-confirm-EntraID-risky-user\n- RFI-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2024-06-11T14:25:00.000Z", + "lastUpdateTime": "2024-08-27T14:25:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { @@ -23,6 +23,11 @@ "version": "1.1", "title": "Updates", "notes": [ "Added subscriptionId as a parameter and updated solution to match V3. Change PlaybookName prefix to RFI." ] + }, + { + "version": "1.2", + "title": "Updates", + "notes": [ "Added Log Analytic Workspace as a parameter." ] } ] }, @@ -31,6 +36,13 @@ "defaultValue": "RFI-search-external-user", "type": "string" }, + "workspace_name": { + "type": "string", + "defaultValue": "", + "metadata": { + "description" : "Microsoft Log Analytic Workspace Name" + } + }, "Playbook-Name-add-EntraID-security-group-user": { "defaultValue": "RFI-add-EntraID-security-group-user", "type": "string" @@ -56,7 +68,7 @@ "name": "[parameters('PlaybookName')]", "location": "[resourceGroup().location]", "tags": { - "hidden-SentinelTemplateVersion": "1.1" + "hidden-SentinelTemplateVersion": "1.2" }, "dependsOn": [ "[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", @@ -373,10 +385,10 @@ "method": "post", "path": "/queryData", "queries": { - "resourcegroups": "RF", - "resourcename": "RF-log-analyitics", + "resourcegroups": "[resourceGroup().name]", + "resourcename": "[parameters('workspace_name')]", "resourcetype": "Log Analytics Workspace", - "subscriptions": "@subscription().subscriptionId", + "subscriptions": "[subscription().subscriptionId]", "timerange": "@{formatDateTime(addDays(utcNow(), parameters('search_lookback_days')), 'yyyy-MM-dd')}" } } diff --git a/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json b/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json index 4a5177a53e..cbec91d084 100644 --- a/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json +++ b/Solutions/Recorded Future Identity/Playbooks/RFI-search-workforce-user/azuredeploy.json @@ -4,7 +4,7 @@ "metadata": { "title": "RFI-search-workforce-user", "description": "This playbook searches the Recorded Future Identity Intelligence Module for compromised workforce users.\n\nThis playbook depends on:\n- RFI-add-EntraID-security-group-user\n- RFI-confirm-EntraID-risky-user\n- RFI-lookup-and-save-user\n\n Those playbooks need to be installed **manually** before installing current playbook.", - "lastUpdateTime": "2024-06-11T14:25:00.000Z", + "lastUpdateTime": "2024-08-27T14:25:00.000Z", "entities": [], "tags": ["Identity protection"], "support": { @@ -19,10 +19,15 @@ "title": "Initial version", "notes": [ "Initial version" ] }, - { + { "version": "1.1", "title": "Updates", "notes": [ "Added subscriptionId as a parameter and updated solution to match V3. Change PlaybookName prefix to RFI." ] + }, + { + "version": "1.2", + "title": "Updates", + "notes": [ "Added workspace_name as a parameter." ] } ] }, @@ -31,6 +36,13 @@ "defaultValue": "RFI-search-workforce-user", "type": "string" }, + "workspace_name": { + "type": "string", + "defaultValue": "", + "metadata": { + "description" : "Microsoft Log Analytic Workspace Name" + } + }, "Playbook-Name-add-EntraID-security-group-user": { "defaultValue": "RFI-add-EntraID-security-group-user", "type": "string" @@ -56,7 +68,7 @@ "name": "[parameters('PlaybookName')]", "location": "[resourceGroup().location]", "tags": { - "hidden-SentinelTemplateVersion": "1.1" + "hidden-SentinelTemplateVersion": "1.2" }, "dependsOn": [ "[resourceId('Microsoft.Web/connections', variables('LogAnalyticsDataCollectorConnectionName'))]", @@ -525,10 +537,10 @@ "method": "post", "path": "/queryData", "queries": { - "resourcegroups": "RF", - "resourcename": "RF-log-analyitics", + "resourcegroups": "[resourceGroup().name]", + "resourcename": "[parameters('workspace_name')]", "resourcetype": "Log Analytics Workspace", - "subscriptions": "@subscription().subscriptionId", + "subscriptions": "[subscription().subscriptionId]", "timerange": "@{formatDateTime(addDays(utcNow(), parameters('search_lookback_days')), 'yyyy-MM-dd')}" } } @@ -550,10 +562,10 @@ "method": "post", "path": "/queryData", "queries": { - "resourcegroups": "RF", - "resourcename": "RF-log-analyitics", + "resourcegroups": "[resourceGroup().name]", + "resourcename": "[parameters('workspace_name')]", "resourcetype": "Log Analytics Workspace", - "subscriptions": "@subscription().subscriptionId", + "subscriptions": "[subscription().subscriptionId]", "timerange": "@{formatDateTime(addDays(utcNow(), parameters('search_lookback_days')), 'yyyy-MM-dd')}" } } diff --git a/Solutions/Recorded Future Identity/ReleaseNotes.md b/Solutions/Recorded Future Identity/ReleaseNotes.md index a11911dc2c..25fcbd7e0b 100644 --- a/Solutions/Recorded Future Identity/ReleaseNotes.md +++ b/Solutions/Recorded Future Identity/ReleaseNotes.md @@ -1,4 +1,5 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|---------------------------------------------| +| 3.0.1 | 27-08-2024 | Fixedhardcoded Resource Group and Analytics Workspace Name in search **playbooks**. | | 3.0.0 | 15-04-2024 | Fixedhardcoded SubscriptionID.
Entra ID renaming of **Playbooks** and readme.
Using solution format V3
Change prefix on all logic app installation names from RecordedFutureIdentity to RFI due to logic app name size limitation of 64 characters. | | 2.0.0 | 14-09-2022 | Initial Solution Release | diff --git a/Solutions/Recorded Future Identity/SolutionMetadata.json b/Solutions/Recorded Future Identity/SolutionMetadata.json index 1dfc630ad5..60c8277f42 100644 --- a/Solutions/Recorded Future Identity/SolutionMetadata.json +++ b/Solutions/Recorded Future Identity/SolutionMetadata.json @@ -1,6 +1,6 @@ { "publisherId": "recordedfuture1605638642586", - "offerId": "recorded_future_identity_sentinel_solution", + "offerId": "recorded_future_identity_solution", "firstPublishDate": "2022-09-06", "lastPublishDate":"2022-09-06", "providers": ["Recorded Future"],