From f73d8e8f27dc2c78a10bced48fb26a27efe49fd2 Mon Sep 17 00:00:00 2001
From: thbanasi <54327442+thbanasi@users.noreply.github.com>
Date: Sun, 27 Feb 2022 14:42:43 -0500
Subject: [PATCH 1/2] ZeroTrust_Solution Update Version 2
---
.../ZeroTrustDNSFamilyControlsMonitoring.yaml | 48 -
...ataProtectionFamilyControlsMonitoring.yaml | 48 -
...eroTrustEmailFamilyControlsMonitoring.yaml | 48 -
...ustEnterpriseFamilyControlsMonitoring.yaml | 48 -
...eroTrustFilesFamilyControlsMonitoring.yaml | 48 -
...sionDetectionFamilyControlsMonitoring.yaml | 48 -
...ustNetworkingFamilyControlsMonitoring.yaml | 48 -
...ustResiliencyFamilyControlsMonitoring.yaml | 48 -
.../ZeroTrustUCCFamilyControlsMonitoring.yaml | 48 -
...yCapabilitiesFamilyControlsMonitoring.yaml | 48 -
.../ZeroTrustWebFamilyControlsMonitoring.yaml | 48 -
...TIC3.0_ControlAssessmentPostureChange.yaml | 47 +
.../Open_DevOpsTaskRecommendation.json | 170 +
.../Open_JIRATicketRecommendation.json | 158 +
.../Preview/ZeroTrust(TIC3.0)Black1.PNG | Bin 122414 -> 0 bytes
.../Preview/ZeroTrust(TIC3.0)White1.PNG | Bin 122883 -> 0 bytes
.../Images/ZeroTrust(TIC3.0)Black1.PNG | Bin 0 -> 395379 bytes
.../Images/ZeroTrust(TIC3.0)White1.PNG | Bin 0 -> 393087 bytes
.../Workbooks/ZeroTrust(TIC3.0).json | 34552 +++++++++++-----
Solutions/ZeroTrust(TIC3.0)/readme.md | 59 +-
20 files changed, 25279 insertions(+), 10235 deletions(-)
delete mode 100644 Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustDNSFamilyControlsMonitoring.yaml
delete mode 100644 Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustDataProtectionFamilyControlsMonitoring.yaml
delete mode 100644 Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustEmailFamilyControlsMonitoring.yaml
delete mode 100644 Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustEnterpriseFamilyControlsMonitoring.yaml
delete mode 100644 Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustFilesFamilyControlsMonitoring.yaml
delete mode 100644 Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustIntrusionDetectionFamilyControlsMonitoring.yaml
delete mode 100644 Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustNetworkingFamilyControlsMonitoring.yaml
delete mode 100644 Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustResiliencyFamilyControlsMonitoring.yaml
delete mode 100644 Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustUCCFamilyControlsMonitoring.yaml
delete mode 100644 Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustUniversalSecurityCapabilitiesFamilyControlsMonitoring.yaml
delete mode 100644 Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustWebFamilyControlsMonitoring.yaml
create mode 100644 Solutions/ZeroTrust(TIC3.0)/Analytic Rules/Zero_Trust_TIC3.0_ControlAssessmentPostureChange.yaml
create mode 100644 Solutions/ZeroTrust(TIC3.0)/Playbooks/Open_DevOpsTaskRecommendation.json
create mode 100644 Solutions/ZeroTrust(TIC3.0)/Playbooks/Open_JIRATicketRecommendation.json
delete mode 100644 Solutions/ZeroTrust(TIC3.0)/Workbooks/Images/Preview/ZeroTrust(TIC3.0)Black1.PNG
delete mode 100644 Solutions/ZeroTrust(TIC3.0)/Workbooks/Images/Preview/ZeroTrust(TIC3.0)White1.PNG
create mode 100644 Solutions/ZeroTrust(TIC3.0)/Workbooks/Images/ZeroTrust(TIC3.0)Black1.PNG
create mode 100644 Solutions/ZeroTrust(TIC3.0)/Workbooks/Images/ZeroTrust(TIC3.0)White1.PNG
diff --git a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustDNSFamilyControlsMonitoring.yaml b/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustDNSFamilyControlsMonitoring.yaml
deleted file mode 100644
index d45fca231a8..00000000000
--- a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustDNSFamilyControlsMonitoring.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-id: 6d737820-2ae6-4328-b62b-9a43e8f6692e
-name: (Preview) ZeroTrust(TIC3.0) DNS Control Family Monitoring
-description: |
- 'Zero Trust(TIC3.0) Control Assessments have Deviated from Configured Threshold Baselines'
-severity: Medium
-requiredDataConnectors: []
-queryFrequency: 7d
-queryPeriod: 7d
-triggerOperator: gt
-triggerThreshold: 0
-tactics:
- - Discovery
-relevantTechniques:
- - T1082
-query: |
- let ZeroTrustTIC3Mapping = externaldata(RecommendationDisplayName:string,Capability:string,Family:string) [@"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/ZeroTrustTIC3Mapping.csv"] with (format="csv", ignoreFirstRecord=True);
- SecurityRecommendation
- | join kind=rightouter ZeroTrustTIC3Mapping on RecommendationDisplayName
- | where Family == 'DNS'
- | summarize
- Assessments = count(),
- Success = countif(RecommendationState == 'Healthy' or RecommendationState == 'NotApplicable' or RecommendationState == 'Removed'),
- Failed = countif(RecommendationState == 'Unhealthy')
- by Capability, Family, RecommendationDisplayName
- | extend SuccessRatePercentage = (Success * 100 / Assessments)
- | extend FailedRatePercentage = (Failed * 100 / Assessments)
- | extend RemediationLink = strcat('https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22')
- | project
- Capability,
- Family,
- RecommendationDisplayName,
- Assessments,
- SuccessRatePercentage,
- FailedRatePercentage,
- RemediationLink
- | where RecommendationDisplayName <> ''
- // | where RecommendationName <> '' //Filter Out or Suppress Recommendations
- | where FailedRatePercentage > 30 //Adjust Either FailedRatePercentage or PasedRatePercentage Thresholds within Organizational Needs
- | sort by FailedRatePercentage desc
- | limit 250
- | extend URLCustomEntity = RemediationLink
-entityMappings:
- - entityType: URL
- fieldMappings:
- - identifier: Url
- columnName: URLCustomEntity
-version: 1.0.0
-kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustDataProtectionFamilyControlsMonitoring.yaml b/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustDataProtectionFamilyControlsMonitoring.yaml
deleted file mode 100644
index 708e8233423..00000000000
--- a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustDataProtectionFamilyControlsMonitoring.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-id: 6289c9d2-b9c4-4a4c-927e-36a717113b58
-name: (Preview) ZeroTrust(TIC3.0) Data Protection Control Family Monitoring
-description: |
- 'Zero Trust(TIC3.0) Control Assessments have Deviated from Configured Threshold Baselines'
-severity: Medium
-requiredDataConnectors: []
-queryFrequency: 7d
-queryPeriod: 7d
-triggerOperator: gt
-triggerThreshold: 0
-tactics:
- - Discovery
-relevantTechniques:
- - T1082
-query: |
- let ZeroTrustTIC3Mapping = externaldata(RecommendationDisplayName:string,Capability:string,Family:string) [@"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/ZeroTrustTIC3Mapping.csv"] with (format="csv", ignoreFirstRecord=True);
- SecurityRecommendation
- | join kind=rightouter ZeroTrustTIC3Mapping on RecommendationDisplayName
- | where Family == 'Data Protection'
- | summarize
- Assessments = count(),
- Success = countif(RecommendationState == 'Healthy' or RecommendationState == 'NotApplicable' or RecommendationState == 'Removed'),
- Failed = countif(RecommendationState == 'Unhealthy')
- by Capability, Family, RecommendationDisplayName
- | extend SuccessRatePercentage = (Success * 100 / Assessments)
- | extend FailedRatePercentage = (Failed * 100 / Assessments)
- | extend RemediationLink = strcat('https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22')
- | project
- Capability,
- Family,
- RecommendationDisplayName,
- Assessments,
- SuccessRatePercentage,
- FailedRatePercentage,
- RemediationLink
- | where RecommendationDisplayName <> ''
- // | where RecommendationName <> '' //Filter Out or Suppress Recommendations
- | where FailedRatePercentage > 30 //Adjust Either FailedRatePercentage or PasedRatePercentage Thresholds within Organizational Needs
- | sort by FailedRatePercentage desc
- | limit 250
- | extend URLCustomEntity = RemediationLink
-entityMappings:
- - entityType: URL
- fieldMappings:
- - identifier: Url
- columnName: URLCustomEntity
-version: 1.0.0
-kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustEmailFamilyControlsMonitoring.yaml b/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustEmailFamilyControlsMonitoring.yaml
deleted file mode 100644
index a526c9eaa5e..00000000000
--- a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustEmailFamilyControlsMonitoring.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-id: b237d2b9-b8e6-48e0-b3dc-1430b429e8c5
-name: (Preview) ZeroTrust(TIC3.0) Email Control Family Monitoring
-description: |
- 'Zero Trust(TIC3.0) Control Assessments have Deviated from Configured Threshold Baselines'
-severity: Medium
-requiredDataConnectors: []
-queryFrequency: 7d
-queryPeriod: 7d
-triggerOperator: gt
-triggerThreshold: 0
-tactics:
- - Discovery
-relevantTechniques:
- - T1082
-query: |
- let ZeroTrustTIC3Mapping = externaldata(RecommendationDisplayName:string,Capability:string,Family:string) [@"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/ZeroTrustTIC3Mapping.csv"] with (format="csv", ignoreFirstRecord=True);
- SecurityRecommendation
- | join kind=rightouter ZeroTrustTIC3Mapping on RecommendationDisplayName
- | where Family == 'Email'
- | summarize
- Assessments = count(),
- Success = countif(RecommendationState == 'Healthy' or RecommendationState == 'NotApplicable' or RecommendationState == 'Removed'),
- Failed = countif(RecommendationState == 'Unhealthy')
- by Capability, Family, RecommendationDisplayName
- | extend SuccessRatePercentage = (Success * 100 / Assessments)
- | extend FailedRatePercentage = (Failed * 100 / Assessments)
- | extend RemediationLink = strcat('https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22')
- | project
- Capability,
- Family,
- RecommendationDisplayName,
- Assessments,
- SuccessRatePercentage,
- FailedRatePercentage,
- RemediationLink
- | where RecommendationDisplayName <> ''
- // | where RecommendationName <> '' //Filter Out or Suppress Recommendations
- | where FailedRatePercentage > 30 //Adjust Either FailedRatePercentage or PasedRatePercentage Thresholds within Organizational Needs
- | sort by FailedRatePercentage desc
- | limit 250
- | extend URLCustomEntity = RemediationLink
-entityMappings:
- - entityType: URL
- fieldMappings:
- - identifier: Url
- columnName: URLCustomEntity
-version: 1.0.0
-kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustEnterpriseFamilyControlsMonitoring.yaml b/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustEnterpriseFamilyControlsMonitoring.yaml
deleted file mode 100644
index 0b8ad5d93a1..00000000000
--- a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustEnterpriseFamilyControlsMonitoring.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-id: dc618145-bec3-437b-8a70-8b4d4d4e28e3
-name: (Preview) ZeroTrust(TIC3.0) Enterprise Control Family Monitoring
-description: |
- 'Zero Trust(TIC3.0) Control Assessments have Deviated from Configured Threshold Baselines'
-severity: Medium
-requiredDataConnectors: []
-queryFrequency: 7d
-queryPeriod: 7d
-triggerOperator: gt
-triggerThreshold: 0
-tactics:
- - Discovery
-relevantTechniques:
- - T1082
-query: |
- let ZeroTrustTIC3Mapping = externaldata(RecommendationDisplayName:string,Capability:string,Family:string) [@"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/ZeroTrustTIC3Mapping.csv"] with (format="csv", ignoreFirstRecord=True);
- SecurityRecommendation
- | join kind=rightouter ZeroTrustTIC3Mapping on RecommendationDisplayName
- | where Family == 'Enterprise'
- | summarize
- Assessments = count(),
- Success = countif(RecommendationState == 'Healthy' or RecommendationState == 'NotApplicable' or RecommendationState == 'Removed'),
- Failed = countif(RecommendationState == 'Unhealthy')
- by Capability, Family, RecommendationDisplayName
- | extend SuccessRatePercentage = (Success * 100 / Assessments)
- | extend FailedRatePercentage = (Failed * 100 / Assessments)
- | extend RemediationLink = strcat('https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22')
- | project
- Capability,
- Family,
- RecommendationDisplayName,
- Assessments,
- SuccessRatePercentage,
- FailedRatePercentage,
- RemediationLink
- | where RecommendationDisplayName <> ''
- // | where RecommendationName <> '' //Filter Out or Suppress Recommendations
- | where FailedRatePercentage > 30 //Adjust Either FailedRatePercentage or PasedRatePercentage Thresholds within Organizational Needs
- | sort by FailedRatePercentage desc
- | limit 250
- | extend URLCustomEntity = RemediationLink
-entityMappings:
- - entityType: URL
- fieldMappings:
- - identifier: Url
- columnName: URLCustomEntity
-version: 1.0.0
-kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustFilesFamilyControlsMonitoring.yaml b/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustFilesFamilyControlsMonitoring.yaml
deleted file mode 100644
index 9f3297db60e..00000000000
--- a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustFilesFamilyControlsMonitoring.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-id: 618ab10b-fe9a-454f-9a80-1b0a6a9f8cb1
-name: (Preview) ZeroTrust(TIC3.0) Files Control Family Monitoring
-description: |
- 'Zero Trust(TIC3.0) Control Assessments have Deviated from Configured Threshold Baselines'
-severity: Medium
-requiredDataConnectors: []
-queryFrequency: 7d
-queryPeriod: 7d
-triggerOperator: gt
-triggerThreshold: 0
-tactics:
- - Discovery
-relevantTechniques:
- - T1082
-query: |
- let ZeroTrustTIC3Mapping = externaldata(RecommendationDisplayName:string,Capability:string,Family:string) [@"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/ZeroTrustTIC3Mapping.csv"] with (format="csv", ignoreFirstRecord=True);
- SecurityRecommendation
- | join kind=rightouter ZeroTrustTIC3Mapping on RecommendationDisplayName
- | where Family == 'Files'
- | summarize
- Assessments = count(),
- Success = countif(RecommendationState == 'Healthy' or RecommendationState == 'NotApplicable' or RecommendationState == 'Removed'),
- Failed = countif(RecommendationState == 'Unhealthy')
- by Capability, Family, RecommendationDisplayName
- | extend SuccessRatePercentage = (Success * 100 / Assessments)
- | extend FailedRatePercentage = (Failed * 100 / Assessments)
- | extend RemediationLink = strcat('https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22')
- | project
- Capability,
- Family,
- RecommendationDisplayName,
- Assessments,
- SuccessRatePercentage,
- FailedRatePercentage,
- RemediationLink
- | where RecommendationDisplayName <> ''
- // | where RecommendationName <> '' //Filter Out or Suppress Recommendations
- | where FailedRatePercentage > 30 //Adjust Either FailedRatePercentage or PasedRatePercentage Thresholds within Organizational Needs
- | sort by FailedRatePercentage desc
- | limit 250
- | extend URLCustomEntity = RemediationLink
-entityMappings:
- - entityType: URL
- fieldMappings:
- - identifier: Url
- columnName: URLCustomEntity
-version: 1.0.0
-kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustIntrusionDetectionFamilyControlsMonitoring.yaml b/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustIntrusionDetectionFamilyControlsMonitoring.yaml
deleted file mode 100644
index 3a751d88bf9..00000000000
--- a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustIntrusionDetectionFamilyControlsMonitoring.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-id: 555c9a75-71f0-406b-943c-42e007211916
-name: (Preview) ZeroTrust(TIC3.0) Intrusion Detection Control Family Monitoring
-description: |
- 'Zero Trust(TIC3.0) Control Assessments have Deviated from Configured Threshold Baselines'
-severity: Medium
-requiredDataConnectors: []
-queryFrequency: 7d
-queryPeriod: 7d
-triggerOperator: gt
-triggerThreshold: 0
-tactics:
- - Discovery
-relevantTechniques:
- - T1082
-query: |
- let ZeroTrustTIC3Mapping = externaldata(RecommendationDisplayName:string,Capability:string,Family:string) [@"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/ZeroTrustTIC3Mapping.csv"] with (format="csv", ignoreFirstRecord=True);
- SecurityRecommendation
- | join kind=rightouter ZeroTrustTIC3Mapping on RecommendationDisplayName
- | where Family == 'Intrusion Detection'
- | summarize
- Assessments = count(),
- Success = countif(RecommendationState == 'Healthy' or RecommendationState == 'NotApplicable' or RecommendationState == 'Removed'),
- Failed = countif(RecommendationState == 'Unhealthy')
- by Capability, Family, RecommendationDisplayName
- | extend SuccessRatePercentage = (Success * 100 / Assessments)
- | extend FailedRatePercentage = (Failed * 100 / Assessments)
- | extend RemediationLink = strcat('https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22')
- | project
- Capability,
- Family,
- RecommendationDisplayName,
- Assessments,
- SuccessRatePercentage,
- FailedRatePercentage,
- RemediationLink
- | where RecommendationDisplayName <> ''
- // | where RecommendationName <> '' //Filter Out or Suppress Recommendations
- | where FailedRatePercentage > 30 //Adjust Either FailedRatePercentage or PasedRatePercentage Thresholds within Organizational Needs
- | sort by FailedRatePercentage desc
- | limit 250
- | extend URLCustomEntity = RemediationLink
-entityMappings:
- - entityType: URL
- fieldMappings:
- - identifier: Url
- columnName: URLCustomEntity
-version: 1.0.0
-kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustNetworkingFamilyControlsMonitoring.yaml b/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustNetworkingFamilyControlsMonitoring.yaml
deleted file mode 100644
index 4b26082b2b6..00000000000
--- a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustNetworkingFamilyControlsMonitoring.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-id: f0f614c5-a660-4994-8f80-f6a5b6e85021
-name: (Preview) ZeroTrust(TIC3.0) Networking Control Family Monitoring
-description: |
- 'Zero Trust(TIC3.0) Control Assessments have Deviated from Configured Threshold Baselines'
-severity: Medium
-requiredDataConnectors: []
-queryFrequency: 7d
-queryPeriod: 7d
-triggerOperator: gt
-triggerThreshold: 0
-tactics:
- - Discovery
-relevantTechniques:
- - T1082
-query: |
- let ZeroTrustTIC3Mapping = externaldata(RecommendationDisplayName:string,Capability:string,Family:string) [@"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/ZeroTrustTIC3Mapping.csv"] with (format="csv", ignoreFirstRecord=True);
- SecurityRecommendation
- | join kind=rightouter ZeroTrustTIC3Mapping on RecommendationDisplayName
- | where Family == 'Networking'
- | summarize
- Assessments = count(),
- Success = countif(RecommendationState == 'Healthy' or RecommendationState == 'NotApplicable' or RecommendationState == 'Removed'),
- Failed = countif(RecommendationState == 'Unhealthy')
- by Capability, Family, RecommendationDisplayName
- | extend SuccessRatePercentage = (Success * 100 / Assessments)
- | extend FailedRatePercentage = (Failed * 100 / Assessments)
- | extend RemediationLink = strcat('https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22')
- | project
- Capability,
- Family,
- RecommendationDisplayName,
- Assessments,
- SuccessRatePercentage,
- FailedRatePercentage,
- RemediationLink
- | where RecommendationDisplayName <> ''
- // | where RecommendationName <> '' //Filter Out or Suppress Recommendations
- | where FailedRatePercentage > 30 //Adjust Either FailedRatePercentage or PasedRatePercentage Thresholds within Organizational Needs
- | sort by FailedRatePercentage desc
- | limit 250
- | extend URLCustomEntity = RemediationLink
-entityMappings:
- - entityType: URL
- fieldMappings:
- - identifier: Url
- columnName: URLCustomEntity
-version: 1.0.0
-kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustResiliencyFamilyControlsMonitoring.yaml b/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustResiliencyFamilyControlsMonitoring.yaml
deleted file mode 100644
index 4fdd86ec3b3..00000000000
--- a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustResiliencyFamilyControlsMonitoring.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-id: c67c454d-043d-4eaa-ac50-712973d767a1
-name: (Preview) ZeroTrust(TIC3.0) Resiliency Control Family Monitoring
-description: |
- 'Zero Trust(TIC3.0) Control Assessments have Deviated from Configured Threshold Baselines'
-severity: Medium
-requiredDataConnectors: []
-queryFrequency: 7d
-queryPeriod: 7d
-triggerOperator: gt
-triggerThreshold: 0
-tactics:
- - Discovery
-relevantTechniques:
- - T1082
-query: |
- let ZeroTrustTIC3Mapping = externaldata(RecommendationDisplayName:string,Capability:string,Family:string) [@"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/ZeroTrustTIC3Mapping.csv"] with (format="csv", ignoreFirstRecord=True);
- SecurityRecommendation
- | join kind=rightouter ZeroTrustTIC3Mapping on RecommendationDisplayName
- | where Family == 'Resiliency'
- | summarize
- Assessments = count(),
- Success = countif(RecommendationState == 'Healthy' or RecommendationState == 'NotApplicable' or RecommendationState == 'Removed'),
- Failed = countif(RecommendationState == 'Unhealthy')
- by Capability, Family, RecommendationDisplayName
- | extend SuccessRatePercentage = (Success * 100 / Assessments)
- | extend FailedRatePercentage = (Failed * 100 / Assessments)
- | extend RemediationLink = strcat('https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22')
- | project
- Capability,
- Family,
- RecommendationDisplayName,
- Assessments,
- SuccessRatePercentage,
- FailedRatePercentage,
- RemediationLink
- | where RecommendationDisplayName <> ''
- // | where RecommendationName <> '' //Filter Out or Suppress Recommendations
- | where FailedRatePercentage > 30 //Adjust Either FailedRatePercentage or PasedRatePercentage Thresholds within Organizational Needs
- | sort by FailedRatePercentage desc
- | limit 250
- | extend URLCustomEntity = RemediationLink
-entityMappings:
- - entityType: URL
- fieldMappings:
- - identifier: Url
- columnName: URLCustomEntity
-version: 1.0.0
-kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustUCCFamilyControlsMonitoring.yaml b/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustUCCFamilyControlsMonitoring.yaml
deleted file mode 100644
index 3c8ff1a2033..00000000000
--- a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustUCCFamilyControlsMonitoring.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-id: e3d75cd2-37e5-457f-a7d2-781de9bfa3cf
-name: (Preview) ZeroTrust(TIC3.0) UCC Control Family Monitoring
-description: |
- 'Zero Trust(TIC3.0) Control Assessments have Deviated from Configured Threshold Baselines'
-severity: Medium
-requiredDataConnectors: []
-queryFrequency: 7d
-queryPeriod: 7d
-triggerOperator: gt
-triggerThreshold: 0
-tactics:
- - Discovery
-relevantTechniques:
- - T1082
-query: |
- let ZeroTrustTIC3Mapping = externaldata(RecommendationDisplayName:string,Capability:string,Family:string) [@"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/ZeroTrustTIC3Mapping.csv"] with (format="csv", ignoreFirstRecord=True);
- SecurityRecommendation
- | join kind=rightouter ZeroTrustTIC3Mapping on RecommendationDisplayName
- | where Family == 'Unified Communications & Collaboration'
- | summarize
- Assessments = count(),
- Success = countif(RecommendationState == 'Healthy' or RecommendationState == 'NotApplicable' or RecommendationState == 'Removed'),
- Failed = countif(RecommendationState == 'Unhealthy')
- by Capability, Family, RecommendationDisplayName
- | extend SuccessRatePercentage = (Success * 100 / Assessments)
- | extend FailedRatePercentage = (Failed * 100 / Assessments)
- | extend RemediationLink = strcat('https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22')
- | project
- Capability,
- Family,
- RecommendationDisplayName,
- Assessments,
- SuccessRatePercentage,
- FailedRatePercentage,
- RemediationLink
- | where RecommendationDisplayName <> ''
- // | where RecommendationName <> '' //Filter Out or Suppress Recommendations
- | where FailedRatePercentage > 30 //Adjust Either FailedRatePercentage or PasedRatePercentage Thresholds within Organizational Needs
- | sort by FailedRatePercentage desc
- | limit 250
- | extend URLCustomEntity = RemediationLink
-entityMappings:
- - entityType: URL
- fieldMappings:
- - identifier: Url
- columnName: URLCustomEntity
-version: 1.0.0
-kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustUniversalSecurityCapabilitiesFamilyControlsMonitoring.yaml b/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustUniversalSecurityCapabilitiesFamilyControlsMonitoring.yaml
deleted file mode 100644
index db320f4713b..00000000000
--- a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustUniversalSecurityCapabilitiesFamilyControlsMonitoring.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-id: 377553c4-8a99-4171-ac6a-be12c4d0d1b8
-name: (Preview) ZeroTrust(TIC3.0) Universal Security Capabilities Control Family Monitoring
-description: |
- 'Zero Trust(TIC3.0) Control Assessments have Deviated from Configured Threshold Baselines'
-severity: Medium
-requiredDataConnectors: []
-queryFrequency: 7d
-queryPeriod: 7d
-triggerOperator: gt
-triggerThreshold: 0
-tactics:
- - Discovery
-relevantTechniques:
- - T1082
-query: |
- let ZeroTrustTIC3Mapping = externaldata(RecommendationDisplayName:string,Capability:string,Family:string) [@"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/ZeroTrustTIC3Mapping.csv"] with (format="csv", ignoreFirstRecord=True);
- SecurityRecommendation
- | join kind=rightouter ZeroTrustTIC3Mapping on RecommendationDisplayName
- | where Family == 'Universal Security Capabilities'
- | summarize
- Assessments = count(),
- Success = countif(RecommendationState == 'Healthy' or RecommendationState == 'NotApplicable' or RecommendationState == 'Removed'),
- Failed = countif(RecommendationState == 'Unhealthy')
- by Capability, Family, RecommendationDisplayName
- | extend SuccessRatePercentage = (Success * 100 / Assessments)
- | extend FailedRatePercentage = (Failed * 100 / Assessments)
- | extend RemediationLink = strcat('https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22')
- | project
- Capability,
- Family,
- RecommendationDisplayName,
- Assessments,
- SuccessRatePercentage,
- FailedRatePercentage,
- RemediationLink
- | where RecommendationDisplayName <> ''
- // | where RecommendationName <> '' //Filter Out or Suppress Recommendations
- | where FailedRatePercentage > 30 //Adjust Either FailedRatePercentage or PasedRatePercentage Thresholds within Organizational Needs
- | sort by FailedRatePercentage desc
- | limit 250
- | extend URLCustomEntity = RemediationLink
-entityMappings:
- - entityType: URL
- fieldMappings:
- - identifier: Url
- columnName: URLCustomEntity
-version: 1.0.0
-kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustWebFamilyControlsMonitoring.yaml b/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustWebFamilyControlsMonitoring.yaml
deleted file mode 100644
index ff3de09d581..00000000000
--- a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/ZeroTrustWebFamilyControlsMonitoring.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-id: fd759ce2-e108-48ef-83c4-a1bb9886a6de
-name: (Preview) ZeroTrust(TIC3.0) Web Control Family Monitoring
-description: |
- 'Zero Trust(TIC3.0) Control Assessments have Deviated from Configured Threshold Baselines'
-severity: Medium
-requiredDataConnectors: []
-queryFrequency: 7d
-queryPeriod: 7d
-triggerOperator: gt
-triggerThreshold: 0
-tactics:
- - Discovery
-relevantTechniques:
- - T1082
-query: |
- let ZeroTrustTIC3Mapping = externaldata(RecommendationDisplayName:string,Capability:string,Family:string) [@"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/ZeroTrustTIC3Mapping.csv"] with (format="csv", ignoreFirstRecord=True);
- SecurityRecommendation
- | join kind=rightouter ZeroTrustTIC3Mapping on RecommendationDisplayName
- | where Family == 'Web'
- | summarize
- Assessments = count(),
- Success = countif(RecommendationState == 'Healthy' or RecommendationState == 'NotApplicable' or RecommendationState == 'Removed'),
- Failed = countif(RecommendationState == 'Unhealthy')
- by Capability, Family, RecommendationDisplayName
- | extend SuccessRatePercentage = (Success * 100 / Assessments)
- | extend FailedRatePercentage = (Failed * 100 / Assessments)
- | extend RemediationLink = strcat('https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22')
- | project
- Capability,
- Family,
- RecommendationDisplayName,
- Assessments,
- SuccessRatePercentage,
- FailedRatePercentage,
- RemediationLink
- | where RecommendationDisplayName <> ''
- // | where RecommendationName <> '' //Filter Out or Suppress Recommendations
- | where FailedRatePercentage > 30 //Adjust Either FailedRatePercentage or PasedRatePercentage Thresholds within Organizational Needs
- | sort by FailedRatePercentage desc
- | limit 250
- | extend URLCustomEntity = RemediationLink
-entityMappings:
- - entityType: URL
- fieldMappings:
- - identifier: Url
- columnName: URLCustomEntity
-version: 1.0.0
-kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/Zero_Trust_TIC3.0_ControlAssessmentPostureChange.yaml b/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/Zero_Trust_TIC3.0_ControlAssessmentPostureChange.yaml
new file mode 100644
index 00000000000..50746bb0b34
--- /dev/null
+++ b/Solutions/ZeroTrust(TIC3.0)/Analytic Rules/Zero_Trust_TIC3.0_ControlAssessmentPostureChange.yaml
@@ -0,0 +1,47 @@
+id: 4942992d-a4d3-44b0-9cf4-b5a23811d82d
+name: ZeroTrust(TIC3.0) Control Assessment Posture Change
+description: |
+ 'Zero Trust(TIC3.0) Control Assessments have Deviated from Configured Threshold Baselines'
+severity: Medium
+requiredDataConnectors: []
+queryFrequency: 7d
+queryPeriod: 7d
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+ - Discovery
+relevantTechniques:
+ - T1082
+query: |
+ SecurityRecommendation
+ | where RecommendationDisplayName <> ""
+ | extend ControlFamily=iff(RecommendationDisplayName has_any("email"), "Email",
+ iff(RecommendationDisplayName has_any("apps", "teams", "meeting", "call"), "Unified Communications & Collaboration",
+ iff(RecommendationDisplayName has_any("dns", "domain"), "DNS",
+ iff(RecommendationDisplayName has_any("endpoint protection", "malware", "file", "files", "IaaSAntimalware"), "Files",
+ iff(RecommendationDisplayName has_any("Security Center", "defender", "adaptive", "HoneyTokens", "honey", "deception", "intrusion", "incident", "incidents"), "Intrusion Detection",
+ iff(RecommendationDisplayName has_any("firewall", "watcher", "proxy", "certificate", "url", "web"), "Web",
+ iff(RecommendationDisplayName has_any("network", "segment", "network security groups", "subnet", "application gateway", "security groups", "IP forwarding", "port", "ports", "networks"), "Networking",
+ iff(RecommendationDisplayName has_any("backup", "denial", "DDoS", "load", "scale", "front", "traffic manager", "pool", "disaster", "region", "redundant", "geo"), "Resiliency",
+ iff(RecommendationDisplayName has_any("encrypt", "rest", "transit", "data", "http", "https", "TLS", "transfer", "transit", "Secure Socket", "SSH", "just", "FTP", "server-side", "storage", "database", "databases", "SQL", "disk", "disks"), "Data Protection",
+ iff(RecommendationDisplayName has_any("private", "vpn", "automation", "playbook", "logic", "notification", "authorized", "safe", "network gateway", "express", "VPC"), "Enterprise",
+ iff(RecommendationDisplayName has_any("recover", "log", "configured", "configuration", "identity", "privilege", "admin", "authentication", "JIT", "just", "password", "time", "sync", "vulnerability", "Vulnerabilities", "updates", "update", "upgrade", "audit", "account", "guest", "shared", "access", "machines", "rights", "VM", "key", "keys", "IAM", "EC2", "GuardDuty", "logs", "CloudTrail", "MFA", "External accounts", "accounts", "config", "credentials", "privileged", "owner", "owners", "login", "logon", "virtual machine", "container", "containers", "Kubernetes"), "Universal Security Capabilities", "Other")))))))))))
+ | summarize arg_max(TimeGenerated, *) by AssessedResourceId, RecommendationDisplayName
+ | summarize
+ Failed=countif(RecommendationState == "Unhealthy"),
+ Passed=countif(RecommendationState == "Healthy"),
+ Total=countif(RecommendationState == "Unhealthy" or RecommendationState == "Healthy")
+ by ControlFamily
+ | extend PassedControlsPercentage = (Passed / todouble(Total)) * 100
+ | extend RemediationLink = strcat('https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5')
+ | extend URLCustomEntity = RemediationLink
+ | project ControlFamily, Total, PassedControlsPercentage, Passed, Failed, RemediationLink, URLCustomEntity
+ | where PassedControlsPercentage < 70 //Adjust PassedRatePercentage Thresholds within Organizational Needs
+ | sort by PassedControlsPercentage asc
+entityMappings:
+ - entityType: URL
+ fieldMappings:
+ - identifier: Url
+ columnName: URLCustomEntity
+version: 1.0.0
+kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/ZeroTrust(TIC3.0)/Playbooks/Open_DevOpsTaskRecommendation.json b/Solutions/ZeroTrust(TIC3.0)/Playbooks/Open_DevOpsTaskRecommendation.json
new file mode 100644
index 00000000000..89d0153a3dc
--- /dev/null
+++ b/Solutions/ZeroTrust(TIC3.0)/Playbooks/Open_DevOpsTaskRecommendation.json
@@ -0,0 +1,170 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "title": "Create-AzureDevOpsTask",
+ "description": "This playbook will create the Azure DevOps task filled with the Azure Sentinel incident details.",
+ "prerequisites": "",
+ "lastUpdateTime": "2021-07-14T00:00:00.000Z",
+ "entities": [],
+ "tags": ["Sync"],
+ "support": {
+ "tier": "Community"
+ },
+ "author": {
+ "name": "Nicholas DiCola"
+ }
+ },
+ "parameters": {
+ "PlaybookName": {
+ "defaultValue": "Create-AzureDevOpsTask",
+ "type": "string"
+ }
+ },
+ "variables": {
+ "AzureSentinelConnectionName": "[concat('azuresentinel-', parameters('PlaybookName'))]",
+ "AzureDevOpsConnectionName": "[concat('azuredevops-', parameters('PlaybookName'))]"
+ },
+ "resources": [
+ {
+ "type": "Microsoft.Web/connections",
+ "apiVersion": "2016-06-01",
+ "name": "[variables('AzureSentinelConnectionName')]",
+ "location": "[resourceGroup().location]",
+ "kind": "V1",
+ "properties": {
+ "displayName": "[variables('AzureSentinelConnectionName')]",
+ "customParameterValues": {},
+ "parameterValueType": "Alternative",
+ "api": {
+ "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]"
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Web/connections",
+ "apiVersion": "2016-06-01",
+ "name": "[variables('AzureDevOpsConnectionName')]",
+ "location": "[resourceGroup().location]",
+ "properties": {
+ "displayName": "[variables('AzureDevOpsConnectionName')]",
+ "customParameterValues": {
+ },
+ "api": {
+ "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/visualstudioteamservices')]"
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Logic/workflows",
+ "apiVersion": "2017-07-01",
+ "name": "[parameters('PlaybookName')]",
+ "location": "[resourceGroup().location]",
+ "tags": {
+ "hidden-SentinelTemplateName": "Create-AzureDevOpsTask",
+ "hidden-SentinelTemplateVersion": "1.0"
+ },
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "dependsOn": [
+ "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+ "[resourceId('Microsoft.Web/connections', variables('AzureDevOpsConnectionName'))]"
+ ],
+ "properties": {
+ "state": "Enabled",
+ "definition": {
+ "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+ "actions": {
+ "Add_comment_to_incident_(V3)": {
+ "inputs": {
+ "body": {
+ "incidentArmId": "@triggerBody()?['object']?['id']",
+ "message": "Azure DevOps Task created: @{body('Create_a_work_item')?['url']}
"
+ },
+ "host": {
+ "connection": {
+ "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+ }
+ },
+ "method": "post",
+ "path": "/Incidents/Comment"
+ },
+ "runAfter": {
+ "Create_a_work_item": [
+ "Succeeded"
+ ]
+ },
+ "type": "ApiConnection"
+ },
+ "Create_a_work_item": {
+ "inputs": {
+ "body": {
+ "description": "Incident Description: @{triggerBody()?['object']?['properties']?['description']}\nIncident Severity: @{triggerBody()?['object']?['properties']?['severity']}\nIncident URL: @{triggerBody()?['object']?['properties']?['incidentUrl']}\n",
+ "title": "New Azure Sentinel Incident: @{triggerBody()?['object']?['properties']?['title']}"
+ },
+ "host": {
+ "connection": {
+ "name": "@parameters('$connections')['visualstudioteamservices']['connectionId']"
+ }
+ },
+ "method": "patch",
+ "path": "/@{encodeURIComponent('test')}/_apis/wit/workitems/$@{encodeURIComponent('Task')}",
+ "queries": {
+ "account": "test"
+ }
+ },
+ "runAfter": {},
+ "type": "ApiConnection"
+ }
+ },
+ "contentVersion": "1.0.0.0",
+ "outputs": {},
+ "parameters": {
+ "$connections": {
+ "defaultValue": {},
+ "type": "Object"
+ }
+ },
+ "triggers": {
+ "When_Azure_Sentinel_incident_creation_rule_was_triggered": {
+ "inputs": {
+ "body": {
+ "callback_url": "@{listCallbackUrl()}"
+ },
+ "host": {
+ "connection": {
+ "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+ }
+ },
+ "path": "/incident-creation"
+ },
+ "type": "ApiConnectionWebhook"
+ }
+ }
+ },
+ "parameters": {
+ "$connections": {
+ "value": {
+ "azuresentinel": {
+ "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+ "connectionName": "[variables('AzureSentinelConnectionName')]",
+ "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]",
+ "connectionProperties": {
+ "authentication": {
+ "type": "ManagedServiceIdentity"
+ }
+ }
+ },
+ "visualstudioteamservices": {
+ "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureDevOpsConnectionName'))]",
+ "connectionName": "[variables('AzureDevOpsConnectionName')]",
+ "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/visualstudioteamservices')]"
+ }
+ }
+ }
+ }
+ }
+ }
+ ]
+}
\ No newline at end of file
diff --git a/Solutions/ZeroTrust(TIC3.0)/Playbooks/Open_JIRATicketRecommendation.json b/Solutions/ZeroTrust(TIC3.0)/Playbooks/Open_JIRATicketRecommendation.json
new file mode 100644
index 00000000000..8eb05e8cae2
--- /dev/null
+++ b/Solutions/ZeroTrust(TIC3.0)/Playbooks/Open_JIRATicketRecommendation.json
@@ -0,0 +1,158 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "title": "Create Jira Issue",
+ "description": "This playbook will open a Jira Issue when a new incident is opened in Azure Sentinel.",
+ "prerequisites": ["1. Jira instance (ex. xyz.atlassian.net)",
+ "2. Jira API",
+ "3. Username."],
+ "lastUpdateTime": "2021-07-14T00:00:00.000Z",
+ "entities": [],
+ "tags": [ "Sync" ],
+ "support": {
+ "tier": "community"
+ },
+ "author": {
+ "name": "Yaniv Shasha and Benjamin Kovacevic"
+ }
+ },
+ "parameters": {
+ "PlaybookName": {
+ "defaultValue": "CreateJiraIssue",
+ "type": "string",
+ "metadata": {
+ "description": "Incident trigger"
+ }
+ }
+ },
+ "variables": {
+ "AzureSentinelConnectionName": "[concat('azuresentinel-', parameters('PlaybookName'))]",
+ "JiraConnectionName": "[concat('jira-', parameters('PlaybookName'))]"
+ },
+ "resources": [
+ {
+ "type": "Microsoft.Web/connections",
+ "apiVersion": "2016-06-01",
+ "name": "[variables('AzureSentinelConnectionName')]",
+ "location": "[resourceGroup().location]",
+ "properties": {
+ "displayName": "[variables('AzureSentinelConnectionName')]",
+ "customParameterValues": {},
+ "parameterValueType": "Alternative",
+ "api": {
+ "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]"
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Web/connections",
+ "apiVersion": "2016-06-01",
+ "name": "[variables('jiraConnectionName')]",
+ "location": "[resourceGroup().location]",
+ "properties": {
+ "displayName": "[variables('jiraConnectionName')]",
+ "customParameterValues": {
+ },
+ "api": {
+ "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/jira')]"
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Logic/workflows",
+ "apiVersion": "2017-07-01",
+ "name": "[parameters('PlaybookName')]",
+ "location": "[resourceGroup().location]",
+ "tags": {
+ "hidden-SentinelTemplateName": "CreateJiraIssue-Incident",
+ "hidden-SentinelTemplateVersion": "1.0"
+ },
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "dependsOn": [
+ "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+ "[resourceId('Microsoft.Web/connections', variables('JiraConnectionName'))]"
+ ],
+ "properties": {
+ "state": "Enabled",
+ "definition": {
+ "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "$connections": {
+ "defaultValue": {},
+ "type": "Object"
+ }
+ },
+ "triggers": {
+ "When_Azure_Sentinel_incident_creation_rule_was_triggered": {
+ "type": "ApiConnectionWebhook",
+ "inputs": {
+ "body": {
+ "callback_url": "@{listCallbackUrl()}"
+ },
+ "host": {
+ "connection": {
+ "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+ }
+ },
+ "path": "/incident-creation"
+ }
+ }
+ },
+ "actions": {
+ "Create_a_new_issue": {
+ "runAfter": {},
+ "type": "ApiConnection",
+ "inputs": {
+ "body": {
+ "fields": {
+ "description": "Incident description: @{triggerBody()?['object']?['properties']?['description']};\nSeverity: @{triggerBody()?['object']?['properties']?['severity']};\nIncident URL: @{triggerBody()?['object']?['properties']?['incidentUrl']}",
+ "issuetype": {
+ "id": "10007"
+ },
+ "summary": "@triggerBody()?['object']?['properties']?['title']"
+ }
+ },
+ "host": {
+ "connection": {
+ "name": "@parameters('$connections')['Jira']['connectionId']"
+ }
+ },
+ "method": "post",
+ "path": "/issue",
+ "queries": {
+ "projectKey": "SOC"
+ }
+ }
+ }
+ },
+ "outputs": {}
+ },
+ "parameters": {
+ "$connections": {
+ "value": {
+ "azuresentinel": {
+ "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+ "connectionName": "[variables('AzureSentinelConnectionName')]",
+ "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]",
+ "connectionProperties": {
+ "authentication": {
+ "type": "ManagedServiceIdentity"
+ }
+ }
+ },
+ "Jira": {
+ "connectionId": "[resourceId('Microsoft.Web/connections', variables('jiraConnectionName'))]",
+ "connectionName": "[variables('jiraConnectionName')]",
+ "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/jira')]"
+ }
+ }
+ }
+ }
+ }
+ }
+ ]
+}
\ No newline at end of file
diff --git a/Solutions/ZeroTrust(TIC3.0)/Workbooks/Images/Preview/ZeroTrust(TIC3.0)Black1.PNG b/Solutions/ZeroTrust(TIC3.0)/Workbooks/Images/Preview/ZeroTrust(TIC3.0)Black1.PNG
deleted file mode 100644
index e47ebfd0128ebe37e6b9ad0b163ce11a4784d9c6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 122414
zcmeFYcT`i`w>BI=K}5tODk9Bu6c7moHocfdmXdAYQ^Qe&Eg)>-!Jj4^PlFqrX9Ay^{05haH}V=7u29$0Q-<
z&7Ht!!8@1jfILy`0RLK@7>OuVxgVJ?{*$at9rWc@4sXBJuUBsHa5hPJDPJbP{f9-
ziaiY41Z72FuwmD+84GG*1sS>XNKRduOi#8|!IkSd3;rSFRw3KblqiA_4n)wyh$6piR;i0=n%cTTLN4xIq`GZki)v&+|7~c#DNmoiMZ-R)NRYap
z9d0Hcz0W-BYGx00G>JXLoa^`IF@V(+I4s+khCP5|sTd}Xxdg{cC20oCJEE4Z$)mDg
z!R*CfIq069hj;kvw3T8d|B#|}Zw8(!^*N7nVm&{q_ODo=NPO*%P1TvMwxZK{`Y6o|
z<&9)~=tCXU;w~tz^jM3y2s6}I%1gUz_?(Ju7%%d_9(F=QFnCyRD{zEli?Y~O-sT`;
zn6xQpvf5D4lTu({*DP<4eQZBLe!f5MzRAAI5gtp}Lyzdt0u;u{RuN)vpnCA~kO!(g
z{tLU=*PTkMYpja=znj_QKKaz)vp$|}Lu+(|sU&DFN6Dw{@B)?wz!gaBMMz%~Trp|7FjBDV<$r
zuh?>4GC!|FblS?n;TqAzueP7Hv^a9i$Z28k?OgSDtfCbxY)>19iGFxzO}Zf~Myr`)
zF-761v2?s%?_CIr+L}iJc23|hVDhN*?DJc=D%M-q?_ur!{00s7y>r_r{7oEt2n!bB
zP~0TGbY~<5*2B5mtGy0micKM6wrDpI&pB#L>hn#`8Y2eAaN44y*hcG&-034j)Tep2
zd`Rf&YeM!O+xurRpM&q|aT6*asR)D}BD`4N_M+yQp+e!U%MLJ8wNECTW{d
z>rv8SYTkUl1C@Mep-_f>GNXg?S)@Gt7!!ZP=`H2i_@3C%>TKKwnKqs?HLNINVVY%H
zM=%Ax?_xVd8V~q9k6@|L;jj@>PC1$qGeMVYq-DVb!3;1*n$_I##`GW2Dlj5rbt-z|
zo^~hiS@{J)8rPhz)w}@RuF)N@vp=m$h{;GB+30>50J2sr(fN7q8|s@5HA%1uYZvDs
zH4kew_RI%ICyig(r2?J8PKCkLAqAgTl62Zo%+9*+tK*nYC!*(J;ihG527KxmW9g5W
zaw-Z&H~gE%B8xy+s?3x09P>@o(oVi1N)CbfAfr>9?eF?2)I#TcFaZqtqnQCKpiqtJ
zGOVXFw3V4vB1`O&7d#Je2;Zi$&4<~u2=|ljfsAtSLmkeK&O0{Vmx@cAP@z@bFkp)}pPYZ=b9Qwx>2|}hv2~2pM#f4%A$@?e_Hp1%
z&~c;$K|XNY^v@8+Qx38DoV->*ol}?v6D*w=_pvCo;Kv5MDr&F3Qd81#yl+RFQPz5h
z+On4ET0OY|Hgecm%e(vp?B_Q0kv34f3;gLi)PNuQ0nDV8)c}sg$jTJqK8?8@Hs#4-
zax^;JInthCzR}H~V?xSAz+Scbq!Jss`cj|K>$r
zu@(zZyaZBjCip?mtqI3^N6JdwMEPU#<+-0x0kk_Z`w!_1_^T4|xoW-Ozd7)jgU3Cur0jeD=
z7i7v}HdX9VK(s5Le}D>PzjAI+T0~kwLv!}@8vPO0^CEVYjBRf1*=CNnKSfhWC{~ge
zse|uDlzDCU%0o`Yv1sO+?36jU(vOOvK->}=D6Jei*=MT%Wt97=0!O17SU98Rj&a4f
zGgAfz-`qM2?GHkt54I^Z6!&-V1^4(+?fUn-YO;F0M=$BvxXAQ`xHs
z&OSCXKW|DFyxlXyLBKX{e@Cox!%)i8w|KD!o)gT(kZzr+dmV`Vo1-i4XWgd*(5NgT
z$$~?Z>7j&ih~P|wJ7Q#d>#BFIQ%KAAf(KD#{OY6hRZyX1vidU3H;~^T%DxOK%iR*t
z-2$hz;4M1G3?0eD5FW@l!U8`L5TzDb&ri&cooWO7HlJLgB6AY9Fq9rj3S@$(4;87d
zEiH1X9rKb92JtAT@Mf+_ZCP+osND$3rm)~dOfPb2*JK^l>4gdu9U{SzRWi^%{;{R^
z2n$|1MT{cnp0rro>RKPoUJcyl=@Z{zq)*NW9@BvtC6!TfdFrQFRmgYQ@@hAnq(t;_
z`C%K_+q7$&rsKy?*H0(DeN$DY$EJ2OsC#3#H^84TF;nGkX^Y?{QS_^jZQYxUSg_Rw
zv`A?BAh5K;TOEifzY+Ei@FP#uI;@8yB0lhnS-UDfl>ufvy@LnGh;2r!C9iaFre)9+
zpPFb_XxenVa=j6{T&LY>>uPwrJLHm~B^Y#)F_Zpo71Mbibb_lgf#i^#9%Q@
zqV0Ou(uG>%7d`xg+HtPU(SRfUpo9R;IrH`Ig=_;5g+9!Q@Xi<;T)G^VD7sUnT1g{b
z6>46WTc2m+`UKvQKp`;hZ+LjQ)OM=Y`?tTdC<)TN%phsSczcAH99>;;YuM(&`7)yv
zOxgM@+nnxY2$%!9Z6qD9vJjm(-7fzlYZwa1WKez9qj%`$bPz|!_wp-_jC%dKC2E^U
zvZlRAH)jAQ;vaE_IROLV
zzNK~~=KE56fd1)9#T*)p!8uNo!!$4$Ic4H#P?NWpeT*37bmtB`s&K4!h-cXz8P*uo
z0*g~XfNrm651=Aj`C**pjXQz9HF99z7{%m>=5BrgXL4jt7b`3U(eTEU;B6RM!{SlAN10$4
zAq=Kbe(MFOV26%TFHC!PY@#kFTfj731b
zdLuQ4;cG&3(jb5ed+bv{V-Woyi>)rINLGyh=n$BFCgW|bZot?YjiV6ZPXZM+)SN;|
zpz?J#5u8uQqL=gYX6ZQ?Up9W_Dd}OxbOvwEYM?WlU7idkc=JNnB(IKE@EdTJ$!@r(
zZ4J355MFGan&|=?D`PIPZQ8XBLj=Ny2$%_p(>P2jz>h&dY1>gV^c?Wx_N^;V+%`Ks?-_0pMM{YKsB4iwWH_qNtfjj~?ZQltxWd%}q?%k=v#Q9X_Oc4TD
zR|`Ddo)q@7Yp9eqB@wi_X)T2D(DHNPXl_{MqVtmhl?VkU8eEVok~wBJUUvI&q6K5B
zT)T_aAT@<)?$PJ7Ub_3^^U8M%cF}YrczI9l*xh&MLYX+Rfif{Dt>I3`F|{{A03wd{
z4q8d+Zo4VMb~?NCnj1Jd++mO|1GaVdjCI83x)sD4DcKf
zsF#K{H17&q8u?>+Yvuc$Z2;!8Vw7R6%ck2~
zQ==XPX)EbHT6vo>^sXT<`cJtdZQy*!{aZ_wSX!HYb-ZBQ&vdyscZar9Y*0T-CKDlh
zV!Nds{<&lmr#FVe$W8@8nth?oGhfZ8-m1~GI%LMSUeeFy%5Y~xdIl?i7UB>Isfha;
zRA&Y6ed|R8X4qk9gQ1>{nO;mz+qSMaJLHqvSS0$7g}dCZ7`P`07(nW`@2Cw>-@a+a%h3AWY^yP9O*69dKi<-UL0JqZ0OXNIK7mv!l512rdy
zP1DJ6)8Z@sC_&u3QA=`aZ>e{?(r
z*Rf>59X96#FfI+`8i$br3&aY>Q@4m;SA%2Qjh;fVMiCD}LPETAKkuCXaj$QAhd~V6
ztkajrlANxi%&0OzKrSI*XaM(uKO9zxhnev{fxsHi71z@BY;2|=Iuri(cFdzbjrz;m
zT03&^?UIbp^X;Ke1W_e)3rITcJ5vrS
zR878`*xel7{Fl|8K~#Qdu4|H)gHdE1yA}hMV9#bHhQ1_lw3W6BAr3;Z^{#7C*@W4@
zlt7s`AC{_EIhh|#A>QFG?Z9_C&zzrZn1MVytfP?+`Io~!b;4x94oR&T)?HkWfnW7)ZS
z+wzknL2SR#*{>QpjX*#Sc8K%pr!meo183}Sp}0fZ)PWuCOtetX
z*Z8|~ci>~p79^hifk>|sf5QH_vPj5BM?Ndd*!}Hm`7~lt;C$sygJ}{S+j9VfK5**5
z>d{$B6V(qYo|c)4Zm2l~3c->`wAXrpe>zyDt{%P}`PGjIiCm?|_Wol03|0?Hf(}Bt
zx|QeN2YvYWeux6-q~pGne{MUS|8<(5lmqnLpN5ukh@Yc_g?~Ba6V3iRe{qHe*gt*(
zkJumo#1(^tUm@lHzws;Z{eP_w-1)MtImr1+^4Jk)6js{%$W;HoG_3a#?j{+8{PpX}
zU*Ts!^)Q6uXAu}jUNpPAk-VqYIq1UK$$pVGLcwMOh}bT-GGd`~B`g%V%ClIiqs#4-=H-u*$A3L-B;;Q+Tl@$rM3ujAzpZigs7AN1N$DP_
zWiUWe>*R=9BxB63mP%=RG4TBa^S%*MZ@YnpNu;YYXKT(1K`+@KDx>*^{Wb`2I)H7STR#R&Q~{UeZkEmFcCv!L*_#?$<$I
z|LYug0AXt1$A(sQCC*u;mUN7oL3KuQVki`#AEgY@OFWjSac%U>siVO5Oj`3Iy*7q5
ziCmBiGPwKSRDV1A;Z0o-eJ}uqIJ9eBkG>HwQ1<-~-NCh5o{LJ8aD}-!Qz6N&*`4f)
zodzu3YVqO>&)CozB8h_2=mK9)tXey`4}`W>HkLP?^d|pw!E;Xkt}yZx=m>!j(Jh&>
zv}^2ZjWx)!|2EG>uw`Zqao0-TPChl?NL&I*QK%B1MDA{n_vvyC0bIOfe?@huF58sSJH)Og0ZQOn(?1(rrNV<}zFClCsb}qYMa2;5~j^EZ$EjX(ez?UmZ`M}dR
zTSBHNY8KD)faV1MNj6UW0gR3{RqEOLC&nTE_JDP<@15@`Ch>qQeSe$OyFYBHP7@T_>NC&Nw=*D}#kz#H
z#_)lVBfszdyBgLZ(K)l8aCJS9Hc6opRWo&KLl*>k^87aqn#WNg)jWNh4g-8hD@rY+
zKo6NK05bUa>sW%27k(OiyL8lp)@{gx){Bq_)f&(0WFmU>jH>k>^Q)hN7_NLMTkV+j8{pG(wCR_p!X}{ws%%3Y6pcuMJ=5$PllFk1z
z8`2-a=erWbD*udIUDVzQzIdzst(^HAmYjwNu#|+~mLkkAjdh93(&&a2@dE>YNNHZy
zCVBmD1GjTO_VXKH@JL|X8~RBJkQ4oNrU2k02Yq<@3ZPWN%`Gzj#tmEHPwQ2_n71FlW!92>~Y7v?dC0eU?hwj_kibxpwTG
z&MOh2R8giMd1l2#nMIr)OTp2IinayBDX#ey^0!tA_}vM@@p-Qd6xjg!xHCrUWvlRNu71F2PPOa;OCT)_(VS!u!Cb;wfjOk}m
zbMz=Py7Ot)XCu$$fJE@8)nn931e_aSEQRBUGU+WIw?2n>PYwv$_^QwI@71$I3xHy8
zbxMI)%MEu(VUa5>d!j`_=*#@gtjNnzAqAyek;HlW_UmZd3nO}q}qk?p1!l(BWz+@OL!f+Nvc;FLKdjp
zSgAM0!v@VXQ~*nnEeFkYWWfd$jvkNS<{V?njqMj&$jJL^d=@RaA#iUzHp0kWLh{2s
z-T>1amH35F1-phigNNXe<+wc#xvautrM9!tWt9GWCl$Mgo~|M5dGOKMX;40@!8jk8RX~%%_69b=U5Uw?cl{^?2+DUka&1B`tE%$d
z#^P-4^9h6w?l0$dvx@4x%MGxi$S;(pB`V%P6O0IFe9~t4{edc*h7iEmCg&MXY$!Ws
z(~B&}7+9FCPW92j!rhY@Q>1B>=5$Oi#?;M6!Zs;f|!uHAI75d=Ds*2s%QIEI82Ox~9`
zmBwi>bQ2$8p|wJfjtR5tU7?^>;n0SAKGZ1hm5CgZh&QB$uJygzeG)HxoDom{jto30
z187~Iu-L#87N(~)NABJD+Pwfbg2H{aH&*Z`@pY>e-5=2s4~u}^JE&62T#oaQyYZqJ
z0ZZ&|d&%UcgZA2W9kcZlEI4B|ht^QynNKBp;%B9Z-8L}nEY$KVY`COTF{B40?~K{H
zTdM*O=d6@d)~I+)0A_1rtSOlIgx~XHG27GVSx*IcD8)%1I{Y&%Xz(aL>$k{MafBifkdtPzCO>8t;QAb9`cN@V{|7
zT}U;E*q&^Lp`*)Xz_a~6A?pII#4wc8Ojun$L(WRo5KN
zh_}InN79`dwZC>B-~f=!`jFP*0B01oTo5Ha
zH`I^^rVZ$c3}U)}V!PnhCBz7FHia<=_^jIvo%v2%4>QGpSoA6kG$^z3T;xdDkyx5$
zSdYv)S~LB<@MFB;av~Z%wcFJ>;SI4
z9NwV9jtL?K<5YL(YNsj=T~QA3qEc>gl2nqiYVvxMY9ng4JNR~gu6A!!x!`az0A3DO
z>SP$#O`H(^kr$;qSn14gut*`48;K|b7!9AGrPdIN@YbAj|)LajcNjK
z9h>DqM}+1wqE&a$18I*EeQ*TwEY7Gwes%MJGR6#>T<@mnnP2l5ekR$M5TsyV!!
z1_M`b-X&$Aqm(*`R9x>MM77!>pH(KkTGPD|)u=b7U*uC(v%2^vGc*Y&?^lUM4}-@s
z><|`1QU!?qg?lRYlr+}x`$7{H}V6*XvV
zp&>?nLoB08V-aOdHSO12-U3G(JRHZQsHY
zO$jCPX`QVRv~h2X4vndbn)_7*uXC<$J3cfQ1x7^ufa?uxyi;Cn?C-_&
z9U5Jj4c=geOZddtMwPmEsSQL~GzM%(Y?Is;ROmHX$@A>lZM_L;sLrf+*4EuleADtw
zI-*>~ffEe&A$b(*fIuS~+_cxaqE$f3)ibz^^|wg)NynDp6~m6=2wsroo}D`l%t38e
z91{3Hv+mu5A+f^C-W?Uf>Ky_PrsKO+UB;8u4E&^Y*6xOclD3yL20X9PnTB_!;PUvo
z7-fbvle@++U`7vc
zu6e0dzkLkp$R@FJl?dSxKm3*lx{gMeva0KMqtL2N{>;TJP4qQSl=3wj*u#&y-D|{C
zelLrjHAmz6RmuTg^NQcnhH&Zf=q7_aNztOoCt+)bLlcMn*Mg!^2%|=)K$bFbjjHNS
zUG}M|Nx)uR>s_y#99TF-yhCrNyu?U#5Bmcg!ZsI&TUS7j<&S{oe$)=R6y$Rea5hhe
zg(Yhj}l|m@!$RN;!qZzVAR1hob=^GuQdp*9Je^lhm~u>Hv=j|
z2It=k49oF%g4DQ)=WeVe1jR3WpWP`^QGLBEXdo$MP;o*N+N7NrCS3>*X3xUA@AB}}
z8Xp}BkRR}O7AM+6Km3WOuWE{AEKmrx@Zo^&tq{kUfn^78NI_MRYPwHU$ZAFfwDPNt
zN|W9IqwauCQ@|E&u3eI)s+?O}5@bLADr5zJY(k(48)r%i$N;>>a~%uCAp5#dfceLX
zydY(i`>tjXn|)cWIMkR;ToDpVz$C#13I(4Q=
zalUq3RYx@VnAkZlAn2?U4h=k@*x>!AftE4iO->M{y7C;n@rblKX|r*U{ia$_@6Ag8
zpDHf_YD#u|$Pdg`UuywDk1u>i1{P{OIw~uVe)RKx2B0ocnJp^?K*#+(F}Pk(PBdH_
zZ>H!T&a(_xy&tcv(e%A
zsDx)*4iZDi2RYe!-y`;882}=V}RacHBoP1FS;9
zF;IPAWhOuI_blw?=7^$wdri&ievNM#=BG(TbB-D?&T`u%brgu-|$V&s#!&%Q#aD
z2?}B(u`O}fA&{rCA>MqG`2cK16$q8x6yXV_RLSIVv!uH(UmNElg#F}N2WAW(
zTYpTWRhwsf=W$4~6q2F?P$02gqjl(_B$9MM*z8^UtXCH7`
z=vJuFt$Ls&!8)|DZ7_t7NjiOl>a~7k5$v6xyI1zi$|wFH$o_8dRI1P!RqEAzR;t_2z?m67+2RP|(%?nDF@B&C*a8*zB>Kp8`&X1T{h5
zdKM9RiieP|U6*|P&;_&AFVdrHSuyNx@5uGCX3sKJ+IilAoQYbTe+A8Z6~9pTpW6J9
z%gIO&_bf2v%HonA5dX!gXqr>$zXvcPz0o
zA|VB|Qh?f7Qk@Dc-_*OHCqw+5G`te$jyfH`osi~}YRLJKJQ*jbY8GXwBw|?_Cl0QP
zfo->aUwjQjSq~YtH>SQcJ?&i1Xs|mj$|krxt=ThCqi9SE`7=}64X_RQ&ftbHZIPz8o9lU-`aLjNGJ9)(GSp?DC*~5G??2Q5I9{KR
zt>0uRg?wy1*^k~Ob<30SNmkw0P57?p>MQ}L`|MWBv7zY^jSY#~Z|kG%V{*kELGu91
zDxupjS^cd1(LJN*R+x*JWcLI#D`V58fFbJjX)xce!RdcKYdbfvS-h`2gY!y%l5l=3
zNJIeeJ4&_+gXAVidU|+)@SU@Ynh#qC1$ve~+%rP_F-)#Yic~Jn8l$;U&Vp`7KUa=9T9w@ybTnH1+Fegg*3ME=?r
zwi_h~k*p}l%+J=_$l_=cweYnPgX$+rxy=zc=R*$xTB|T$;XZ=E?PCDAbbt!~$i=ZK
zPjRz~ewH4?t_vvZKE|hlQ~VlGB522WzW>zE^Ssb`592LVG;x
zY@N}o8h{e@c0SRR&C^$P)a6&thTXtcYi}ZJJA!zsX`-{V1vJNP!hj*PHJT3|vlJ)+
zn)b!2;LjP{UUy^xH%6xjWuQIy*#%>7_ioZszPxK7huHd_qQCFLZEw_^y4Bfm^UeH|
z#K0P78GbeBVSW6GD97zA$KT`BWDT~ma}S*2v^Y9=V7=TI
zz2Zf*<@Q`tyZT($qgC#RidO3nmkFVpA7-thCZ0T>0vyYr4{~ioFDSJRli&t3H#23m
z8r)OUcniYQ%ZphiJDw6Wy|$Awi)QcTikdZHCuH0setf#nU9IU?0lppadL78uptSL@
zSHu8&i
zcKjsn2NZ)!;#qnMXGx(Fmv2b5)zNx+l=O2~$3;tO9wyXe4XJv##=Ty9W?6Lp
z8fq$e(C2mF5V^X19+8hQYgBvh*Lb|15WiRNs-97D`fM(T{sITT0C3Zr+E&ZgsRo$4
zYSHdqKIDlnb;OSXGN-N4<@<-o4qFwy#FHFxBq0W?fFudLtODK6ce#n%(>*BHstDuA
z)ac3($z=sOVj|8&ljK8NfmveD*5L*lwE@nb%BT?)?z`N)0b}#&=hr&(cdN0Ps@hIEE=F|Ri!hV;#DSMvHU3q!JRwjKTq4-zxRs&(jUeHj*67-0$@S^&
zw@M@ekxu9c;~$NNLKt>?;<8fCj5LrD0*iDmH0+RE>{8ny8
zeZoT@l@L#*-80I;opB8!i`jWjA3O8r5z%#JMm3^>74-M?nO!!AC=8z_bgUSeFE*XDgJ<@L^7AGa1g;dhMjgZ?GH{MD6i6(wXk
zj)cWjKNwEK>D^^iQLC6vNNXPfRPJgN@!gO@D!j(xOEEqOPj>
zxy;642MyU1`%i_p@r&Zt?>65OoYnVRY`En*oDuGH(5y~t&oKEzYYJUuBiukt&ou3U
zCd<9EA!j)R?JZF#dHTJb9u`ZRq5A4aH1@_tY-UucR^I3q`U+29=Np(!m`^ICT@Y0w
z#5fy0`x9>XNK%Hs61HDXjvysxUoPUah<(6nS5l?4@g*Ym?bThgR+Ff%g}*7qN5MpU
zL~Q(Rl5F1qZ8p%O?_Dpw6JDADY7d8Q9PqlQsd6H9zHy5kZh-MU$Low^`x2KzL4!hX
z1mTF9P7UXUayY)T*3S(RtkR@9Q)$tyNQi+VKTtgwS9Ir2kiJq(^BM3Ww$#0jku+^B
zE9h#4TNeahUhQtg5(I1pC<1efZAi&)phod82x=8@mK=^B_Ud}6zBM^LSP=@}aco@U
z_@{TNZx8o88yu`&Np*bc&YX-#dNut7)rC4m#tc%(^0RlvNP8+^RplYCvW=
z#Ufj%eJ2%SL;ZWTb5FPz^}?d?g5FhG!ug&UldiCuun&_PbJ>nF8Sml~50}nb`CdhW
zjdh&4CX~-wPNSRcj9L?n-ENfyr_Z?U)^yiaAxy#@IqoW@GAj$uLAP~Zr1ew@{66z!VQo$&1V}&vP3*MynDFI%!NyYt%)o@3ICILO=p|vr;R{rhb
z&y`$R>|>92H*#XTrS?)$N!RkRGTci1!2`vHrDK(<9L>mKsiZ3THt_
z5Z}c_wB3bbw+-dNIXjYnm`-lD=2y9-9&udQl}-QADsL;s!P&lq2!0D-P+~J?*Qcz>zlN3!O)*Jl=w9n@^i;9GH>Dxj}9UlNMgyEZ4_2Bc@)LgCj2{u*ORQ7wYyZQ=2R1M*lRw6!w*o=*2y-7Am)0!?R;1fTQThH3N
zxNCPc;XQ%y4oKz9GNG=dBKoe%rJ|YS4k|b&^DDTPo|v0AoABdqcP#c)q*asH=nks$
zY0_}+M@KaNCDG4Z<_6>94Se+TOk2lWQ(2qY@7VHJtf@*5ahncr79V?Oe0078yiJxq
zvoi#+gf4yXotc3B@B4XgU&*KTr0qUSZ!M`(!miHD!apJd!&{XRhXzHjM&;v_0jfwV
z%(*?#bC*ehpEJD*6JKD^r{+iT%ieEwYB*s
z`acDVi031W)ggYA(a%eUXYBfi*GnQWCG^LC=W^zcd+2&&I$a~2f-T6SwHY;K8FbeT
zXE#x^I?P0Ymq>AhPz2>A(U;6>v_Q*?YAHIeOGM>n!ov1wuYWng$xM~W}}~RJUuX}iKYfEB)xu|hIL{Yt0s->5EFj9
zlubl8`FHCMXo;%%I03vU+Iu395?5E0K_a2v%)T^L57H|NSPNrmI~|MZpNUznym_b9
z0*zrAVQdC$GPD25@cY!b-rmHoZ|WF%66nqyyhpnx=%MG|C0mK83Jkk=;Qm}GF~D^{
z+V-MhwQqOcoAv#rS|iOBE5aMj?L()+(eL1sO=*x9nRals^dnZ43$8)VXE^&n^KUYy
zD%8naAvw#2`o}LT0c^?Erz`aC{!en8)GYH4jyhl&O-p)er)k=IrAwC4lUJwBpc+24
z^4+0chqHY=2{b*|2bsF%H`t_g~ZP
zaC3fB3rB72^p~5&k*5IgQRIHnOIUxhu&{ha;)9u4V_R+|GrpHDOQ}3()51M(RL%4t
z**k|YwXX)rQMYe6pq%w=yjezO)ih5a7uNgsD5|$y*K`mQ)z|k?GvIq@a-{#C0G$y!
zV|zdE<@j2?|2%|_Vmjla^ZtjVrIh*ZC710+F>T=*c;=~tKKvvxj-yi4pW8Ws_c|4^
zRLQ9LQ}JFnCewDP;!TxXXwH0?&>GCS0C~F7ybs~@jkU5-LaOIe
zk5^|&o2LOjF)d2@vex;#(sA&6}1V-3{KgxH)E2dS3baTJ2)x1%Z@)zrY3pv-InY<;P!BCQfP0M87)L;kaska;kxhr)VjaSfyJ0B~=3)vl=c
z{>=w>?s?bISeMK`(#u8<0ZEkYKp1?zAaiI_L?Mo@QjC#7zatb0Ek$%TXQUNGZI+6C
zD|P#g)Vfw;x0Wcr(o3^@lxJDFcHZieVDascZ+VnX(x@SeON*);v}^9)`R9yyg8gWe
zJweTORMqXT%APb<|0!%%`o@hL_`qtx+{=A7xv51&JF^gmByyP|xPLulCs&O+~p5yA#C0
z74G(H{so~b)*oi{lHqo1XR9RxPp|IP@cVcf-zD=X-KUg&oC^a>3(EZ|tYk`&Oh%Af
zyQeNV8T-V1q3%C-(Bp$nr_2r&tpww+(Lm)Gu%Cxh^UNr8mZ?B1qQhSe8h6RvJ6yV?
zr*x-Pl#WV~HRkP27%Bo?(Ff9IxqLZ1Kzoh^4EEfqW$m>szkZ_f{@nVbAy>WEoW}_@
z`cI){6D85#%#4ydPBq*w?7^v{RKm}jBa#5lLNjRy5qvVJ?#1Y6^>g@W;1dl*W~^sH
z{kv@k&P%ny=t!%-G#VN&c@)+V#){rQ*gdO1a258F>12u(oe?=O7Q)D_wl6JrO`E)u
zpA3dxrJ4}m<~Vr$#`xvUcofLm_+1zH+--c|gm2xYQd7B#FD2rAa9L#uWgDt;-UaIQ
zn*gzBbt$8$c<6P(w^z0Kel~tryFI?WYDHu31LEHl&{$aq0d>&`@MX0VIc2no%_T0QG4I*_*A`4-)-ZsN#7%>ZKD*W
zAbhsw^>oCmA52>_o!c9a+37b|@!rl&vXRP*^-?$AG%aG->lZ^rJF$<_^5u6{NCsCADjnU94g=O*naPwp_)P;C0WRV>eqS4@m`@kZskUdYkL>S!_0mze-&Xt=ndkR+<**xMB}5Zf^$`a?dhsg3Q>D4Rs(py2+LH4Gg0_#Ms~b
zj)`hz@17I{=ZW?{XaBee0QL07*q0`??;JS(t&nJ^JR_Z6uN3Z7YV;9E5W}OILLiwf
z&u#LRy*{0IZ?~S0)+r)9R#@232syuZcRXDM7lic{5-r6((g0fNU|`PmjqF>+b{ik-
zY~IY9H2FsaRth;mRo`AQwS7FPiwBUK=~>YTO&{E|wjcy1>S6T`V{`-nmZ{6e0K2Nw
zm2LE)#?m9d?36&M7!{}M5aNn4M%@XzB
zT~D!Ji7reY9+SzULB_V5_`xEn_?)6N+BN57kVx|1Xm<~wca6$U<
zPq%UTkKza#B)<=I)0is`#c8eb7~#~(@^|o-*Ft^A-zDWQNBB`w7wWzqRU?{3Jl*&H
zKv~ZvEdca=t7v>>8?gS|@%RflOi~rOT50-P@#rVn(kPz@*Q<+47TM{+wf1GpuSWZD
z>}z+*<-gOazIupzScM7ND9%e|oI5$cjZioD>oEDP)AmH3%K~3$Y_y4&=c$8#ouoc_
zeskRU{9xoce>y(%L3v3;YSw*+Otm6HCv`~s;CaB+U+i`pu9+xI%RB7mD=lVUs|<~5Csk_i
zKbl&_?VH3`{MSo?KRZB8jMENk@J&0Vw_Z1CtpJc@_cO~<=ftRX_tSZe0P-=u)1Gop
z0by6>^qrC-w50KhT$uVg{T(8Q9;R
zw7Z*D3mZbR80NEuaWo0`q!41(WUB-V0LofoL&j+{LtS>ew4PQ0QEF)M;L{%Hvo5_2
zp6XLWJ-TmcpUE}sh@QJ*DK!y3w2MjW5qST)sPKa=6$+rDk%;q0NO%+RO~fRmCKw1nxPaT{C?y
z<0+vx0`bORe*KZoP*FqNsOF8_^k8@-xolS&%(787Wc*pD8^eo8F`kV;sOfCGod()f
z#f4IDTWkt-27Jx`0F=B2eZt^bJDqz1ZU3^nX3yJ8ZxrJnkWnS4o@HoOn=1szCh+eKhPAT>ubx)Ti-yWFj$E)Lv%@gPs$TBfLdGc)XP_D_w023_3eEc{68W
zz^V1P*tKDG{6%RV`gnR;B>xhQe9#Kdz}DwuX7^>IJMNCy
zh5o(JxtTtMsW|)J$IUFfKUAy3`HjliYj?7oOE27732+$Ggw(+-?sb#f_CALNP^;#J
ze@t)^Z6MfD7Wyc~|Gh(MfJ(W_C>O!}Yt4Af*yre!`jxt}2ks5sVH*gnp+ev(cT8x_=jsgB
z-_a)SX;SzP3b{*(x6S#c=Xku08b8Blj-Rnb-e7x^m
zD8Ti{5bV%;B&!&ZB%KA{@%Q8(T?KcgP7==vQr@t-Yt@N&-suJrB?MXFD&z7LtF)4#
zxz|ceB07_vEN(xHk#m=-PbtB`avi4qc*Jz8?%KX9UecR8#|vl~6USkG4Rilh!{6@V
zf5iyrQYS`d{N7CfLUY%Wp(S8E9n(vgSu@9m%eR#e3`0eRhtYNecBiZ5J?5fbwDw3m
zA(Nm2bR48Va7{jD0W_?eau(;=e2zt_65+m(@;!J-iKsqQcy92Y@=$V0$i(|e@FwLh
zP%k)=7kWM_C}&n=-r7#hq&V!TE3jGyIG!G3#+2{apl8?$9WbaqTjyS|gD6OeZF=lp;mtveJ&AuV%&@S)
zN&V4|KxFK7(L+E&eCt_Ban3W%7@s9ILWl+~z21JcKIUpjq
z(7e6%V;Ap$P>k2)i+uo8-)5myQSaAyzX-^}giB~C<0Cbb~Sl5bjfuGHOA{$zq6
zc+Gu>S-DhGcn*sB4!C|8)3&niuCu&mbW&+szamDFW0nQMyRMQhAFCRK)aH9+Ly~3_ua?!-v}8V<>Jook7p8Y!da$wEpf^X_#Gc|=p~zCEn^3F*jPJuYuG~IPy*J=$a?%uX
zMv7cE6-Mg{kdLa9g}h5IaC5o$fL55M%GK5L5Av^{6Kgk!yOJNYbMh3PpLnPys()(}
zqq*)}BIvK49i2%zpE@~o_EcQMpmOTR9-grfq$#sLfP6)(zs9Lx+GZBmH7?MpG1H}{
zbi8E7YK?!kfu8xQqVzxgkbi?gg^_MJ;OR&b!?C3<1@o#-Df8`iPcE~2H|`yN6oaeO
zzF|+j@y}~w=L5Ag5auw%1Rw2K0nRf=`G0`c~%^Q}K
zh(9Rdy?P60(8P0cH0ft8t*)3;Z222lIc&^6`1IpHgymmA+z$!T0=As6rG}(bQV4&{
zm3$gc_0?iNKZCFNlsPZ8Vr|iZd1P#Qbbt-u{YzuUUd3zCnZ`U~!HqhBbXy&=ve1XZ
z7c;sA!_pGm3BDJjtV8rqjHQE`jpjQbVac{A{QW_l%V3BF+r4j3;r%4g9IMgjgB}AJ
zRf_OaqwnuNSzi8BU2rkml8uX{%+;(y|5>I(J+Yq;2H1s|`w6F9Vn)Tde));awtu-2
za>vGF&wBlp-O-kWEol=gb|Y%LLj(goiYuA64;YnD-1B_glA4?dBt}H-KDZ5d34*k`
z?=a=Xy|ofHztbS@Kkz1>ia3(q_(5j#*Qa!2uF%D;)pU4^J*
zZVJcT9!9Pm%ZF$ds
zdxvPdtB+OTCK&)yv?QKf9K@ggSarW^;zISFzQItNv)_U%DyXFuK1jlz8C_p|W@J&8
zr$#W-y39=1J<44JZuiHt0?{NSKMGwjR>>&%&!KI8o~Gqqn=FD5{GM~6`0lXuE^{}6
zjbn44{FzcQ?yivu?!=nQ$RW~NT%h$!P;*20jA*x1ceXzY7W_v_W6AMM+B
zh}TzF)nnYh`O}alB?<6BqTdY}{0i`v68na+wbc5i$HmYR!T+&M?P;4H{(yx5g_qdQ
z?eMRR&b*RG+%b^*BRbS0~=}amiUa&@e9%TEGDI)ia
z|5EfC2%L`sKkC8id@wc@bJ(vpO4JzJP_xk@9y3DNy5=gm>OhbQY_U_>E^Kr$qWt!&
z{f{3aSS?=7JpmxoG%Hd;46k{evVXeSj~&QXn9EZ)?|d*Tkhvvh48KL&
zHhmY~02RCFR61={IjW-V3t$v#>dT&Is{YlG>@4+({nOeW8%E@1;Zn|jZKZ!sJXx!t
zAD-cdqPlb#+j4r=12*-5?<<7)rZpCb-|*OH3%|1mS;99ERb`&$a{^>U%NU68EeVb~{NKE~f(EvQo
zXE5R=w2!i!Y+H9ApVR6Ytn
ztZFbH={@>_H~RIDf3NvAnSvJcmr1_c-O
zSk)|mhc)V^ce7c0-G%72K)v_>df|!Mc6|r_Fom`pJcM!bhr2fDl#^og=sAWLf4vg&
zYs%3uE1Na9-w;6hEzW#Y*W?f99y;ySJi=I&Tr5GyPc-sRM*{ob9E&0kjxU**-k->_
zux`|%2ry3Xsi|q)g{1mk7T$2c{*O!MpKH}RV~h!oe6@IFkE$>f`3B6r*id^R6VA!Noe*>-Azl>oh6Z
zg{3Hb3o3z{xo`}kn^smY1B)c2oMDold^1~|c
z_LZ$L2*hj$*@&hA)kVufF$g&u6S>+x0Wp
z?QpRzll8ebyd~{oAukU^SwA!8$XUVVA6Krm8&}Z>sF+Qc%CECq!pSwsW6=yvoH3{F
z7J9_8)*C~R=i(YN{C&I2cISP%L2PYNCH3?034uMz#KSCg(1Lqc5p`ie`FKn|im*8f
zpE{tbAbaCy4v7ZMUH(*~d%!w-;sG)XH_ogn^hU>BzVQNsjHSOUa+#ou{lnHkS7nRx^L0K4>)pE}NZ~%y;kq!y+4JN)v+jOq#j3t7tV^2s_4R8LuPEm?cfh5U!4vJ_4D1z|@H
z>bez22S}EXnC4c(C072QzCbXq2DL6w#8q`;%!-siL-bnfbTitYem5}wf?*yGgD
z{2)CpP4DAt&BGf}LOr$U?VScCHtxgc(uxvXcnYzo%lXS5eU81IVuzr_F9zI9z$vV!
z!H;?;YD~
z2VC}R5If%X9`frNOneAWe5>#?OqGSIRG@clWzo*Xptd4oDpCs1P0`E#UHHS_iXT{y`bfMoauQExBR*o6bGK=xK8$ojp
zk1!?Y)@pOY6Pq}v#}h-IGL<66B3a>5)O1*&CQ-?1JL#?iJY{ohiH1o45(7J<#maB@
z-k#YuX7A!^I7rhvyAK3w70W;M7Wm$J*Ms5oZpm}{7T_~VW^9vyoRt)<2qPW5ujcFx
zPxn{~CtuOwO+9sMD-N5!GEa<@;3+knl)T-0t$CmCFkEDqrg}D-|12?386B6UkvKbJ
zbAN{y)&yvh6pfzyT)W$%uPisHDNE_ljIIg~zgQWgB-rl4E^|IyA^+S~uUsxqHYbGQ
zslG%L$nS=!chGneIIWN$ygZ}#8#d=>7I_LOGqJo)=#hX~IyKd~-wahh3h{
zhy~Azms6fEWx&qwYN()i3OU_Ol|eLon%ikzZSAy+C4UA4qfoiI<@q=
zL;}lL8EB&(H$%>D@RGfbPNtFO0+K)okqASI&24{
zMeEF{WiXvlPN=t&eJ`w#Ht&mBl@NC~l-M3g_txWbBfNn=x%y+LNGXI2wW~#5{84Wj
z|L|!iGvjV+5_2#_&fq-flw*2k;#GQ?{rk>&(Z~afjz^3T(2T|>f`?bwia`EbxR|X=
z4qSixE9_7Yd}O|C%KodW(fEb1V<3oO!&jS^b>^rQ^Rdy+*XZ_|KTF^e?7`0Gn8>R?
z=2qs%I*{VS-5YRU-M?FK&)+;~j)LmDG78$|3f~{=GhO&uN5+VfB`UF*^*QA-@$=q|
z6WA>RIefnR;*!#A&BPUqTG#az`T(T6J@C0PB^faP`Yi&-*V{vCy-_hmPt(ml;|aU>
z>naHNH+xr4E!NR8UF@0>(pD0;L
z2svzjC7#3S4ftMAgl*SSv0E85ad$y_6s5_c+sya*x^8no(v9}vdoTYYUPKJ9k){?$
zT)L%9=1L)}#Pe40LH9Y=es#U3<+dQBm2L7_(#^Tqx$>s8$*^E$db_cImP`}UZWG}_
z6yW+E=0!eb0sPkblw+YC%aB9oZ?UnOHvuWGYwYx4?5)V9HFwp-XYXdlJELO*cssKz
zU(5;Tu**m6NU^Cf@h$}QlVFD#wLw31A4CU2uES%;a0h{BWJe#i=mC(68SCBlkDcef
z0(#CAz53$qLjTdK8f=nu9^Z8H9X9dTNOZGoh>kcHo!5^O_tUs0ZrPZ-@gx6qmZYLp
zeEkT|8x{U3BaJZ_{GFEnt1;1weJN&AsGJf%_viS8XhwEmKMa5IW^Rc>Rjq}tu}*SW
zUs|GE{ANx`EG+uX*#2fHXA(=Sd8L-Pvxe!x?%g0KwWdTxgTeZ8Mo
zg1j0Ab5)gKl&T7AdO>+k>rR&m^s)6v!BR?0fd^KjYK&>j^5$6d8?td~=Q)Y|$`_a;
zqY4dQT&o@6{X}pU{!xL{blC0~ylzSM>R#RY(p~0^*4kx$V}+hBanu3k;P{z|Wy`Y1
zd{xF3AJuqkSIGFTF#XUTGVyXTjr=O~8!xfpb7`H^8|gK@WL)E^(JGpx(8;k^o6d87
zm8r62u8EPkIgukd|16(bmz3jXZ7TTq@-{#Z`|kq&QV&On>?yZjuh+bJ&Ijai^miPv
zP)IZcP=~G7P28Qk4r33h18do3ZjY&zhLEKU-Nvchnwb68Wmlfl#ZkMDGuzEl>l@+Mdbm{MyGmM~HIrXY{4f%Q
zWrvSSyk&T^_N)If4@--4)8jg1wkUADJ<)rret88;mPAL6ZC>^dsjy~y9G~wSx{m$O
zy6DGR_ec=P_w=z-I5{Cu!~W-+^Yy9;Us=T$H92Lit4apy<(;8CBPw3``Z>L%Vv?RX
zGxNOe5m;q;X6Ih3P2~s49R@~<0IQjxAatdXWP
zl_7O2_!`L+7D4Du(N(l^{bee#i_2Q^KiAxe)~SY`lWupS+pFH)d&+S1%d&Co^%GS<
z2B(9%ckm5l!Rq}6=;Ze6skHNmX&dVZQ!0QuoiW}AmkAGyn@hdb)Vsz886}T7Z3s`;
z!K00DP!)$;%iB$KK>Ul9D>Vz4obL1)$ZzZS3Vq#EEndq(QI6NTrZ!Z?@^}%`jxW{5
zkBVjMeVr5FX@G{ikw}&-_v3F>`St<9PN6@th)T%rx%(AZ)}*Hy}^jaI*FqQKN*DN$iv8NaQ_GqxLdg
zI@7{s7muEjT|l!j>%g$*+zkh4^V`jUW^oZe7@kS|=)~4)m|t!7kCB-R^rmcw
zJ38pC;g?AlIm8hX5k8ioVB`9yQkn1K8Z~@0JE3vw5Uh$$t-%Z|*r3#s?h-lo*sFXi
zH$_yMASz?r1_iaw7()5ijgn@(Undnpb#;hNhf8g-Ofg#-cx3zc+qj943RACH3Bex@wAVw~NP4FZ`i-6I>oL2R<+GV<2h
zNz{ARIm_#LuBgBL+wX%x&WnO8jYcAXwYuEMw&`*R>E;Gku_}$1`d>Bg#0Xqp8kZH94Po(?a$ta{;~S
zxg&xdWqX$I+ipexoDq@#?**NIoURpx6Y~?VGuLr>3Mjc6u}ghxn`UO`*#_C+bKE{I
z6l2KE%qsK{^V+>;_nj|a>_+e7j`yxU
zWtE-%jTdAmCD$yzI(K51xpnrgPY(0?nZO{Jg%YGos16)dQ;M|`JGmyAg-#&m^+Q?#
zEuc>6`*77~Qc^68^aTIFP)I)Z(`bWJbw-?zP&w((riiCRP$h(>p8kf2mRgNcDn^Hy
zkgJEkhfHf%O!Ik7Wlp2W@{!IoI|@KJc0kzwgG7{ef@bMD{_jwLYd*-r^baDS*(GMZ
zJrZTy5AU`1Gfg&d(#WD|yGnoqt5VWLtQ?xI_9jIDJ?9xzaa3L`mf#7RjJc-0r8d3!
zb;e|M0C^8s3r2|-lyn1hk5Di5ExJj^6EZz>i~HWw$3`a2CBT{X|N2F~OmIKGj_XVrX7qi)$=P5nmT*LLh`rCc`fA7=)Tk%c*u=_v
z)U$`l_-+L4ZQp4}>3TEas(L4dq7*-@<&H75oM?{!7gkhy`MjL!nV?=Zm5$L1Zj6!<
zy@?M}^hU#P@Xywc&0hkG`2Uy|lz)eJEC;sCX~%#EBZ=87QYf9b!|l>WKMaU~0DLq3
zXk{R9{cH?;H8MfL{AG{CoP3nh0b+nU3(#uR%)r_S;$F`y#14|%OAJmO8uf8sKv?>58B*AS6xiTyR9Ocw(NXd
z^wnBf=&Y@Qz(M0$c&f_oyr{^nx@|ESd+sLvR)pBt%*YY}j6Fb$N56`0JeE-0pg7tX
z;`xC#eRpUQ_g8=T4Wuwk=rMftS#X%%+NCi}4m@lK}YonwqLf1Pw}?UTXMG{g6>fT49UJff$6;>;J+Z*9zzK
z?&OOZ9~qFanEaV43LlD`9)*DUSQChL6Ic<>ZK$7vaR6P4Lc3F
zGA^&!iTdx{BNngZj-2aMU%zF#>+4QyuW-zB_dX3`u>*IWRHF6RSd&7yTmE4X-g@&a
z2^oD!--Ul=)~xBs*;MB9$dgTnf5z1>FerC$0@I>bYc3P@u6p#%Xzu{kYvR8Ph*U42
zOoiAM9e6wh90FqUA%ZHFc-~z03xGI_p5Hv-xFxw*O7FggQ1$FHJ0A3NWKOl~@|{#@
zno~YKx>o$S`kA+j-p_}$EnFV#hxxGYq-t*;`aXp9nD$WRp@HX%9K6Kdz=x#iO_Txk
zHHiSWDceq?EQ8A{+PwI#{wNtKXMT3q{lsvXC~UP?T`E^1Hgwm;hLO!)x>ZcRf<1!7
zs9~)Wl4`W9T8{{E8Tbd}jShKG35*Q6GFKkEbia7&^2vvAXOWDE>~1p8p*z{adsez-
zS@kD7rGe#$M)UHmcsUxjgQ_I3lO;P+5Kl;&E1=32!Y)L>*VXFnB%~M1wAusr+ld>j
zJ_)P~bJ82C>+hOM)o~i1$@3M>rBw#Ads(fP{$dg6BcZQm~M$$*rHgH
zD`x9gWpbIqqp9sDQ`C)YYlm&^3i6l5biaO-6!JTLR7ZBLc0TSh
zK3%i$;?nnJ3s%jFrzN0hNdgePH`C8o1ovWBBirQeuSlyfD5|;m>I^p0%g+C%e5_UP
z{tl^(jr%k`p+)n5*ST2Y#1box2Y%k=4ELbmhgk1VfxTRq1N{y9$p_pUHYX`xD`}O~
zz7Xztn26t@lR6n7LpQ2kc{5Z(D^k4K)M+z13BCV*+W_`*wBGqY&4dEcUWfE*$@q3>
zM;L>2lhJVUJ{hHG_A(r;T$_t*^Xyvfv=usm)nvgzs(lr9<0h69lUMuHR!YG+7D-N!
z;!3W^xE_oM(EaIOT>A*_`g3!YqsgLNU|U6P%&OEnHyUr%Zi;kdx)eQHq0ZEmxJryH
z_IoiE6|IiLo5{mlTd|9UIcMnU+rG?pv2^5Q)P{e0iNui&nDAl|EVBlu;H})0RvSZ2
zzuax+1(kN(rWE@1k1j=ItRFVFm#<6hACb4>bp(uY&(`!xiNO_7C^K4Ztd0Pg_<;o~nlD
zGtj}qle^4Sg5(EoCppG0X)Edm(Y6D4vXis*TKwXVyjQrP-@+f=z3nRM#XIf1biseM
z>ka>=(aE0!qJanM&TcF1x+Johc5%5T0Nxmo;QGXgcE$;&WE+S0ut!E7ZxbYXizJ7nzpbQfw&ZbW*KKNxW$nF+({tss6B
z_0H7Fdz{Y><{yBEjDpoGeflqm{LHXFV)Tv{7bdux59S^3p0#7$ZK3uv2V=W!4qr4Z
z_5X0Q!V%{#<^A)o2ETVTx#3NgB|x2BG4ok#u*&m{5qCG1^Tf<{HG!%Z9sYfBiZyp(
zE$8x+m*<%!kS|hn-QC67->S1cb@Oox&?J}sa8Fh4`TBoM6>8fa;PR{%7r4I>KY`_W
zJjqQU>SIJ>)8b|$^Uev2v4fA*asF8k3|}lbQA`9TF#@
zt}JLq51A#SxHvWjJWW-N&G;ZCvXdkr!v$P{IQ_F%Df}^!hM;4>QfAA$ah=`tFD%=Ox)E5sCd|&w#324`+n}Tp{uN>
zI|an%E_?f4fP~;(zUuR2)m{!zj}#ZknmRq}%w=6kr}yQ4JBc|E?s@#(Fb}o2WmBE}
z&@q{SgHQ=SOqK3WbIQSif77{xOR;XQb?MEOJba(6lZv@eZ1bEcUc
z_t@C~ZLOK2LyWtRR)lt+>p|wk!Q<_}IgXj
z4Rd$YCM9zDCnugIe%xsnngRk#b?#yn@SxvWnNGT?fOG_|B-L#oC^*YD^_jRBu<>d7
zL%8^}=M<$l*}>SCP$lOL+(tcf?|?*=H}LDv?46p>ZK&O{>Fb&k$@_TVM3EZ&>*$`i
z(P@6o>|N`F0V7rXr45&Z(u=?q=zI0@;ku}Jf;Zu&GiiZ(Y#wiItA2lhcb^mPqeOXx
zM~5vhNtaQt*wpY?q*0wD@zD&Zw2cBiv9DalA
zFW&}Z;2@7a-xg5mw;VIE`$XgcAguYVDpPtPo(QVGeHQ?9MP*-$ys&wen18#_v0
zHJ;_Lk2lXakiK+J5n9a_S0dU+=^Q!{O8D@66z(aR>Cde*JgfAN@06byRqtWkeGbj-cJ!Zl)0#Y*p4x{RHxAjWy18v(;7IhHE8!%^A;
zmAQsUhNdY)i;%dFmPn*O9IcL&2yOPHMi4m{*-6mPsUwtvq3%M$LLB+}O7(U-Pr!5D
zSg@S7|5?sf(9=F{trvq#7^Phv;AsoyBhJq!yY&|Bh!4S?sJ>!sY&G*VqBKmi5_T^V
zGRc~I|6-2th>xlLH3Vtm;>k26&`c^5S_j$mmFde5uu1K}!i`9a*#1-K6JU1zw+vLf
z#|4Byg0Q`jFDb&~Y-$+lONQ$lHybIWMh;tR*xlWo+l00M|{l
zi~hj?$;5i7fCc*&R<;4?9x9wBuI(>fONl%rZDn3m^gYjpancSe8%6@z;wf7HDZ)=)
zSU#xo%LbS-!p!AeSLV$-i+}`aF0AY69&aGRkm_dJw9UX3y|Vt?$}6!9w^uk#rkp=$iC>I$p-HoMU9Wy
zs=6A`7<&$}BfD@ki#bWt1(~iO6F8HA(XMugp=l`_S@(Cwpwk3iJ=ebCuwh;Zbpc}?
zqvNun8Q$T}W}Rx(_eEHdd#T4S%6sfQg!S&7he!|P3jKPj-L9t`i?CLoI;nNP&d2vy
zhkX6Dz)VT8_z|}eAYfd
zN%y4f-&vV@n5f>Zr_mL`%1as5e)h>6+GE+@r&67sL{OWxg$o|k#<(a**DKvr
zxSV?vr&r3{t$(f5-XGbk0FTUXVu-0zbq6HYxUe7azAWbJ;r6aLmO8u26-E0U^Sq<2
z5q#7Qte~w)mU|7lI)O=l#LWPghLbqBqisRQ9?*<+KUV(z7=-}J0HAf*Z+Y1$>T!`8
zc&vv^`J48(b`37rS1Van2)0vE^d%$)d3@^{yYt6do5tL-Q~pex;&#g(W^M4{?9Ee;
z8q?Qw{7dX%!%pzw0w31CA8BpR<=NN9yCrW>ZYJfG+XjT1y<535fKz7QYT)IPO=jJF
zH{}}xVuXs(Pz#_?W$1*{gnh*Ibsy|^QQ;JCFLnCp$?WBwOl1IAg1#V*~O
z?vAC+8VyZ0B*E@Z6E8P@34GG3QRjKq2y-28?^LaDBFHH@%T-Nzvf9dATIO4LK^88D
zUwh*~7+g{L41N&!V5A~T`2Rj4duuHu*^?&HJ>;AA+>IfGSx8>Aq+USXj^l$pD{=r6
zV_C2C-(dTCZVU#85dCs3bCNKMt=+bUx?TzHyRHdJ-wbQi!142)xLnk1X_mM2Jt
zctDD6g+rYOF@_}WVy9{Hl}-W!NYsbG97hndlZ*nS;Xe->h0lZyE)G80dDxXeHJO6u
z#Q%xWDI!5CveVh-9%+PP-B^w2f(zzVWSMnz{VO4W$G
zU&tgq%eNk?ELR0gXhR|0z4wLirm3vg?*h=Le6o!5Goz}JgQO4peNf}Rt4`}G^ejsL
zU93K5B%>@Fb$yrlyV^?
z(h5Ej`lQF)K45GuFb$ow&j(hvC*Zh4y{O8e2e8wb@;?lJZ2c{DtM;0I1XpSq(9E<;
zk3jGO+8f4f@po%bRe_Tdsv+WFwLw^TEiyIU?aK|+i!I&%p-{8<;I!+j*Mvj)_hQsY
z>diy=nlAv7Z54Sb@d4zCl}}TXJ+unc^cKIYHBKpY6JWO!6(WJ)d*Zc^IOQ)0?t0jt
zs|W$=;}gZGmsEKF#hAVa^6
z*d(aHEs&PV`$~YN{*>)BykTF$e_XRI#SEg!X8)T*@Edvy-m5RUew(MlGMp}A0VwAA
ziSCEg!PZP;!DKB+nt_|a{@qFcc;%py8!2Mo~5!$?=urfizLEM<5*;my+z)R
z#USIudHU)D!l#`ALZ@9?#Z?lzQ{ILDO2`6+tVTz)9opGYIa&GET3S=H2qMNo9Ts+Y
zy%DV05(BR{guGUSlKY6c^o*#0p!aDC3;qz>`H#p#LLejg$Ne8O
z#moaE*NmPZw@ZoRT(aqox=ywoUtPBIfwjgs>yCD}XoDgv;t@+ebL$-uZ)mdhN6Xsk
zRPzN6=YOcl@`FH}PrQIO@!-Y3Q?q-w*@+p&sIeo1G_2X6II+c8QSgItxoNMw<0d9b
zDy`cQ5^U&Zo{*{k1GFgGC-~%t0J|If~)1zD+)>{NY?opTg
zT9hm2E@Nv|C+?uE@-4i&S8oJeOHF^a=Ou{IAyz4DpS;WU{>?ocUo?&sWcguX{mjP-
zq3hY?8|w1b12ZO&Xf@Zn5Fda(itt!13J48I@cB+_i}0+feV5ElhSpu*T_botb>x^Q
z*#|$cQWmu0XIX8H&JN3+Yv|XL^Wd8cKI!jG4D7SYB_7lF2!m28f$Y7ACJhwS;Lq6Lo^G=O-JdlBuaI3Ih-M0mH8H}^t&doAy+~7X^%tUR`Mk1RlB|JcyPHm*zXjaC%
z40er?jG>lsrhI7z8U@PI)HJmi8+(Tu5Mpnvm9bhhp6)WUyWBVH4#d!>{VH}Zox<`4
zfwUJrlrK+i(0#C9D80$XEvqH>+OxTSSrz5F!J6MtPN?eCgFM3X7bd?Yz+{r3PLM+a
zy1$OmVfpcVD5LD&$XkJ~Tu0md9O*9{!lASD54
z=qHfkcl!=>g*^G*Gv&Y3ejfYoAJm;Vr`2&X-l2jJalj1^y>8Mh_e<|isej^LJu6N>TXhyHymGqNFA#xDD%!-|x9taPnI|l1fP(DJ!{;=G!fy
zs;H1iL>bZE11NuW^}?Hb2);l1{BkP9fhnX6+qd?lztVMI)!QnW=Nar82N$w$g=gl*
znC6_95LXlA^XqA*KMnXB+RzsG%lFPojrqHjed8D=c{=$pkEBJR{Hk)N?5iEJcNaT-
zD{o{em7(E(>gYjNoWae2GuAWQYOtqz7G9iK=L3IL^LfgE-t~XeEqAoZpq2sSXT0jT
z9e~(b-E~Sx@tn=$_=8Q?AXAxY8Od7usflh7SuSY+xu81J_Z$@*SI+&%w)jT6GYJRA
zarDrAk5XIB+SiIanrkSjlCg*aBxvw2YcY1INqAE^66bu-8wFBz|A#?
zvz1+8L0ovN#nmZmiT`!~d+(%`SyTDH<;BZ$WP$kkLg|1;!|qIHZ=xg%PLLW)%~*@i
zSJk>)TK-33zW_H#$2p`75f8PtM<$Yh^)j_(}Z
zc8-PYJ5zK(g$@7SpO1KgIHmHjSI3ya2Cn!rX0)AfQ(Fpy+x$lolDVK-*|hbD9WTxL
zbOzjgW(xweDYChPt6b_YatKYWV^QM2YPW&ic@RkQ0qf3?KRB14SidU<9{4a#PrE~a
z{yP{@GnO)}NRi5jHOm0hc$&?^WO@6?R$c)ss`UYIU@B+*ki1N2e1JrF9nD2Q_urg&
zm{v1U^vW~N$6L%kc-UF}0$sN@;fopwU^ov__?i~FdZi*OQcXfaj2cP^W~O3kN4c8(
z*1s;zYj-~?_sMG#$Y9<-
zOLNLQv_Q^YZkJ9;V&@n+ebA9Dg6I5KRRgpyp76GK^Bo(B>k=NTL(6e~bUBt?JW!>H#
z?~2JiF@9-<{Ui5of@<@26>aSuI%!VDru9QRoLK-_W!!PfA0GFc@O(Q
zHV7Fj-``nE>(Akc@V?3xZL+d`1YhuHQelpyL!}zCe^mYb9josVJtt}tod0xM
z%Ib|6QK~<&8S2zx+f^=xpMLxJ+K+S^1B(>MiOu2TsWc-FYqrg675vyu*LDqJR6t}L
zWa4|=Q)4QJuyXF^mq6t!!j-V_g@rDrbWH!fQHat-nj9ODS(jN5@r}m?*5no<5)pSH
zeQ46{1^=Cr8um^usj$KX&g6N#%UU>UtEjQB);?;-rgb8@{hZg#?ni%2`=95O%`q-G@Xz$G$n4GR{naI>Vpn_di}J+h>fSJ)
zquWmY>A{`|)vT;Hw|io*R(PKB$wt@sSItcZ@apAW&4z|so_aipegV0Li=2Myy{omz
zOsjQ%`?674bbxd(;VM2o$&J}kfVZY1&~fdm4}n-cyr$t+wE~z$W8Dlp7?KUi+-OvT
zMLOu@J~zE|dURZK_^n1I?0pt*v?3x7(f_s3n_%X^ldlIX6<}H$yCr52
zO)3)~+G=7AFYi8pYP3WMfkc|aMj+9V=-XR1e>qk?=&TRWz=rjeNnOGZr
zWqVopF}_wU<371<`n43-FWx<9@p~y67|>C^3)u8gO*91*_0AUV1+!zbs?)ehBe?RPj_(a7ZYkhjCz9
zTTCiT3$iyfRl7aZh<(W_UGDm?up@OZG>LCV24N20mC|^lpJ?A09^Lk6zKN?7FU2K<
zA9-q@ID*NDO()uN$+`wDR8NN~s^BIUcLA5WTKklWjh67ahp}lH_>>ZX&^h12uMwM%
zFxs7XXmbuMt9;j24wLN4`Pb?8J*+e0+Ri-)
z^V=SdM=!9YeX>B-T(cM2>f=blm$P^oWoFD!`(7o9oQzDzomW;xse0Z+^JlnIdmH3D43z?Q+eVI|e5w(=2>+ppMcn)V!&p
z(`8X_X0Vc{C`~&_$b*FbN_~Wg0_`L`@=dMK{VqF|)pkbMc(6$k^FFbydp_m|z>PxU
z{@O!RCvAl;ROfCu$b6V+*7o_RRD_iBF)hu@8mzMT{f
zii0Y7e2D`}4o_N9#!2$s$;Ty^^=EzxJ$|f3G*$B!5NkH>Rm%SSSt}Wxs3bqj+lhlf
zTDpS2g3!(GjZC-3o{i*PPU@0li1W06xVm$uE
zLJB^tUs7>I#3$Gegs1nsx=3(XEg^~@Df@9}wdZt+qks31&lq&)y56^kcfhFb@Dj5P
z%}4gp8rZWAv(@{HpR27YcsM8-=DcdHiZ@)EP#*Uyi5+Qi^UUD(EMG~ZF&?fz~*eFgmZMA|$*
z2m{#KH=5$P?yl+|(HWxLTbni|e6sTFQ$9kNwm|5*h7Tv#ZDBylxi?>Zs4=>mqab7)
z6d1Bvyp$wF=W@%5QJhwCz?-j@@3Dm4i+b#t+t!4PX3W0Wjf6h?xevrMFG~2UU+yI`sI49KbQ5BU(kgI$na>1KlvsPR{G3!NBqaDS7y_8>DGCt@y*e^#6(?U`Yn7W
zl!T(fQ8_UHxb+#Q%%`;NMa@fGd}&QZvA)SLMvCw?YNb*6%(F)~dm3RIFCE|FaHXl6
z7SEy~v!00Y^;6vc&22W+{r`!(0$4bHVn$#Y26L~z=4PU;Qgx&#qo9!O3
zVSo(VSs$*Hzrn}mYH8M3Fp$nPp3-3tVnI0wt$sZv-%0E=1ZIT0IMuxB!9}je)Q<(VY9c0
z=TUY>JH&${NqZ=TGcsUiPDNqYKEL^aPMYb6a*kriJd?hu!>x2K-ZPDk0ty~gdL_{C
z?L5>IcEn$s&=wk@Z&&^4Ta5h!MZk7VDru&tfq;d(?C{6!ch|jtS4ZZj!NB0Q?jfZ`
z5$w$3+0;9%k{vx9J$=N!>?umlGX4;0aBb{JPgK{GYuAKpVscD9FjISiR2z#i$`**E
zR%RQCd_Hy&X0i?`gD%V@PbS!L!>~@On;lDKn66mG>HQV_sD+4xPR^zoS(JXJC#o!4
zmN`;1bov%{q%i>)Dv^vW%U&>qkH}2O)Uze+(We&!S7zfl0F6#G@eYEt#u4eV8(uS9
z&aZE+qh{^6O}$LmJ+mfIGYv8frx0nPP=NeBZTg=bM|&QlsCY|liCt92Vw|;~8$M9n
z3zd>JyF*v24*c5sX)vU|KnfE}8f?RU3ybL6ET76d>Y}}3eL5S=xYzDc^)xS%=M$;pN`TcHh)FQ@aq1vqM(Vkts
zzTU+6-0{1mHXscI)d$jtY<8Y!C)Eti+=(1*;{9;s>=fC8sG)E7!Nv&0u4OYa2eN_9
zun2(3=H0)FB>%+~^q+>Ra>-WjqCAI_2hxgJjJGGl{NdLj?>e?rBe#=LWiz2RK=VoC
zY9}i7gyGa-FZs?H=vR{0_ZLu^Zy&d@eiYG)9uqE_9pIHhqYGuy+`4p1HUiAXNnaQ<
zZ;8XALu*ZM3YWD9rdLMsW!F!X@NBGvxyqhgkM)fQQ2Jm>>2?FZbV*njgtL6*6Rk5m
zd9__l-hB1O;?0ZB$9X`Y5xQt6@SGf2Y67zUOrS#k>Sg}B^P)e@oZ5gNQ=jPZ7xjL2<5|MdL-&
zB&&Yp_Q-`Z7Km-{u7TLvXcs$vZJ(T`@fCrdFw5Q+XcH&`tp
z2Bu%1hds)|+;R%iQl?%|bq>5#42xPf0M$nXpNr3B++R?{zCXlOVNaubgF~*Zp0#p`
zdR$_QbW+Q?_dsJClNPQDUqiTU$xW*QtFbAxxkT-$jiU*4zY9c6|4WGh=M)hf*jE>K
zfhmkN+X)}^U8N5HdiME+#0Wku&38aIq~526&mV)7+OAl{yY*dtuqnlP_R@#-5Q+Ft
zj#K{-S8)u+@!h#4!uqn-m?^BD4NpK+ZxAaNw@>nUJu96^3q
z3ZXYvmipuRU6fS!2Rr**pRO)K9>S4BlUOVcM&;w(IpLzzBCUgH*W-Je+%Z2Z3KG@g
z%8g95PsiSEgg!33HG0umr}>z>R7KCY;YHU%aeTUV!{E@h&B(t(BEPOve2ACS*-slTAodZB~mdl=1*NfhQGozJhX6v*6=KvntcOUr74sfk^=hAB?8inWc
zKE0I)Rm7JnOn(PsT*_v`ubp50GuiVzOEKgnuhe(@%!tJI-S6w~Phl8VpYHJshss*L
z>GRXpb65$xyV|j2NXbms(+$heP+Z9VN(|{WHcn}dS
z5;aIjB8VQn1Va*X3xeofh~As;qL&s#2mXtl$;FKy}@4K%ghC5zbr{^
zyev3;{M(qiw!9?~!M)FKyyf>7(tZ%W1?`*7A3I8S5C-Ntv{8VCNWm5;tMN)W^)f(W
zq495k!bPbKW(R1JWRiF)0osf+<%}2nTORqE5#y{*@{X;aFaDI_LhRv6o7p)rd2JUKqh)$*kiy)3a{ustR?$j=gUbwxK>?Pxa+AHobhiAMUk)7(q
znyoH==<%t6do>11H`L_LCE$kNL2CTy7e^MJ{}L#)PGC*oq1Fk+=Ho6kYy|{bm4>0wdj{fj`lx4Hkfbc>sc}~s=&`pl@z6dR}
zh4s(A~N(jms{7*HEm7z9|~;bSvur+O1wSyfUs#-eV7#7M9Z-P19`KN)&__$h{b+!D_|M&02C~e|ZUY
z4F{z=0j@^{tt*bZ?cFIaZF&ge9}*vgOY0{!i(`>zm42B^=KtNZ
z196UIfC^42H!ZgCyU?bcAFJkSA{%I`7wM-6qs;r_j~}2`hX;j50gcHi#TbS(wTtd?
zA>k0Zl;Hx>DPjD&Xq4CMB`4e|Q*UkkE5nPr@0fx*)s8;#
zn#P3b*k1g%eP_peIZ3U>XMsjvtkd{DA-GJN@1@ww*1io%ZQ<_y;*K-(Ucmk<8+QbI
z#ZA(+dhW}sYEInr0cb^>rXD46Cfb71jvDj$t`6cj?5OJewDaW;dzf6q_px_z0iy?F
zxjWprs-Qmw!t;FNfp5`+5E)?nJqVYf5LgZjq58!vnaBTU)0Kkk-c&4dh~9c~rCV{)
zNuPe2-k@h07rLdq673m<``HTj%fbK3{uSsmn
zqm+7~MgaSLDnmofjv{CpxUwc~Y!5n}UDz1Rpl>Ef0)e7Q;w;;%q}S2-lxG1>%fGiq
z1_s-)*e98c^{t;OI!P3G%=dmG`#|ZXzd!9RK;GhT$WwC#9_^otb-VYN?j6`m*tO&a
zm|Pv`>xadk_zTZG9dioH5z5p5oJvxQBpv|
z9}=|Yv+sX+oooKdW8ry1`SNuuJ_4nvR<8e1Z~HkzGz5tBgc1RBQTeOp{35D-
zRPv8{2eeE1A5!!%O5M*cEH$?+m+lt)T2llmB2SX_nkIM9?2W~S24-J7^f#}K78gBz
zCsBB&disN6EBF6X^%y(p+W^
z_gp`u8p*c+Xhui3acVa1BmYcEE|LoXIs$_BY*cmQ?~AK)4f`h=1%bx85&4|G(BOdq
z(bjT;jyk31%c~iaOO_`k4QQ+e7m%pLoY-ZbGm4u>lWz;v!R)&LAC9$;XVBy3anX^o
z|28)dmff7k#_baBJ?*%+`0M4bHRvQ3bI@=`+9b60zg>!#HoQTeT{K$?9aD9M1g8FA
zD^}n_1X3vJ^sC_|Pk_Loi{p6#|G1QJs)pGgP$2hS7Ja(cx9~DdBi-BoxQFLg$7vUv
zV0r#DsCi?iHH*K^(F>$G+kbnr{wkDuGaTCe$cakB8l`)mM>FBbg!XByyS&2v)B?$IBCjh4s9`VNt`*{9cbt@cD1M>$t_dwT!`jC1R3&HqqU`
zqGLx{uWT?+^*xs5?Oq+>=t--aqV-eNLJ6u&jmqT
zKn=N?qI)%QK62y)dmSJ&)Pp--nZI^X^WT}ow{ZDnFulBtM-UG8^At>F-gvV6{=c+^
zTIkJcCbqd0PG*yZ(qKXmw|Eu4ZuZ$@El)EOACjzyTGmaAHUKO*i{doGcw;;qr0+71
zJ_%*rk}M|BKLlLckj01Bm8Vb
zY{~rn{UJCUw;AS&vzqbVVEs-t+6oUQVFK70!OVoRC
ze%_9Wwl^q9;*L*k(3m><&T~|>qnPNh+y2X`8PL7mpw5zM0EQH0mOs7+D4949U}kC*
zuHbXc16BzWb(T!EXu=yVf4BAFI{oo8S(gcZw$E7&rlU?S?EYWP=~(&l>=v>1-cq>jp&%Xs=V_18N9T34;ISY4B+@
zcZy-(Gz2W|^D)1EQR|@NbE46fL2KqpWISD&Z^)=k#ydHz>~3g
z*i5<(+&z{5X5FBfRXocsn`gM&2zYd09;bG+yKC&B{Hg#M2AE&aI@-O;KleD&w){fA~fz5MShHC-vTkHifKOoE*aP)kVTC6;j`2pdYVYs}#Kgh9pdTk@
zIuY;4-Es2%?HXe;z=n_bgg-9<_*HMOw6l*wJYc$L;<>k({n8u5%h&_+ns=3Jh+}d>9T)}>vRQDXYWiZyB_ycqum_ZS-I8kyJ&K6
ziNDZN+mFzRay7@gXJ4ERZc*>|&{jBpnZOUGM_Zx)*~3Oc3U
zmPb$Dsex4&+Up#T+H)s3MOX**E|#E=7dbXf36}|ay6M^&Ega6Vmk3s1jvnxORFFdo=IylRz8P&Z%OInTjI}_YI@^Ai&6MBrJ(NjQvjMrJS&$fBHJMHv
zw!W3q#RuRzRtp#SoV^>uyKb>X`k7oU
z(XeP5P`iyYDR{Y~tkvLicg|_AP`@MpkAE0Xf-@FC+{8L}
zM_n&wOgJF1yC=Z@D!2SqmbZ;kMu;5G4
z;rE8q;_SPb8NM%7jp1Ox;ybe%urxsVUjuU438&W1Wgf*R4ZscZO0ucs`@5tZegaWe)j3=5;=_}CYU+W;-l}2xn|T=5&SiZV<-oqpl*zpN>-y3y9gi3e
z=fmog1+FJt?Y3J+6(+lyVv+;er&%7amOi`(vUaYm(`XLlri}pVjW0p%bYMzOE55U)e4=?@_y5!Dhm9k9ggW`MG>jCUvnj}jL
z^rZHj=ZwqWttWF`y7_HeE_+z3Mk42#cW7$f9l%ir4>>7!PJM4%f0)WKD%Q-&3qXy1
zoWaHT912R_Q^lil$-CuwR}GWkXY_m^7Qi-&%JYz2nnNJSFigUrrt_}ol~BJ?+0D?z
zw5=Vid|Hyc3n1@4<=HRk)wnv2chjm^E*%#|$B+VOCU$H~`~^}n8Q_Mm`Wwot?w=x%
zHyu1}Q&8?4{TYpTT=K2K<*dE_UmDZS?{~uUbuQE<{d?{wr3o0{NRi|1?|Q}RNO&k}
z=&nDlY39K_x^cdruFU$GiPmI%pC>m;;|`091Dkyxx1w9=O*deERe2|NKb(E~^iA%Q
z!*53#xtX9M{Xa>qnK;jbaJL8mkcTUXOS>Qf_`_u>O)l>J3F7jW2Jss6gl4UXk-$xe
zv$UiURY@`+KLZ%|^9h-ZS_;Zw3Vqm{%YQpa!RwkOAUj}+d?uufd?Ll4jQSp(ToiiK
z{6Z1Xy8M3s@AMY_c)3X?u|F0bm$!09Nwa5he9`_mkQqRH>&>CVPP264g%*Cres;-redN_bx
z*lme-0>LIjV!!Uvjo_yVD+-w#>o$fkw3KA&O_u5e-*p-x04guuQBSnk4Vl+y4hk$9
zr&Bn51;<#JUq;Q>UTTbt5RKWmp!tCz{7Z?1Ad+KP6oE{kCdyovg+(egb3@n*{${u!{k%J*c*@93q4uFhhdPX~g210iL8sJM?E6_tvo
z-DtVdTK5-nnBI)4Lq*bt4>TGI%(z53-||9{YUE`!c~3tR9oof_=YLF_c6#z||BKh~
zo?`#zh+{Yk@fs&K=#6hYD{BU?IGUiR)-N(8&NhLp!vpy;W1TFkaVu!MdG&DT
zpm|qR{GO&WTe|F+KL!jtn@vUqT{c-I6KCBcYCXu(o34WQs;6;c$uu}ow%YBFlE-1f
ze{H-^+U1x$M@Aaj5|$6oL|Y}mrz`kSH=8KZijgu7<9**s;;fAQB=ufVOxV2qrBlA2
z!z^S^0+oNZ&aci{kDd1^+(@zoNA{)i+{)wu6{(=+T~bbxXUY#rz@{%xy=Kz}CsbNp
z8%|X6YOnvh!Fz*i@W}(F3p9SrRkO}9xhNnEl-2+)>SUq6OOo9g0Y;MxI4HJFE_G1b
zPI8Lsi)n22_)L@F5h~!n3ATdguWLw-UB(O3-0;tsQ4$+B4aX-0aDI-e(9y6#;X`jj
zAvY$~#_VJh@x`9q>T%(`c{$7o{Y6FYQc5e0-Vp5oDi;GYb1B_9m>vOWg!h`c@vOp1
z0bl!+k{hKuv4D`dasmX?&d5cPI6_ItA{h
zWnWj&?jP(6PHvrb7HkKQWeCvM&Gj&ydPgvtGOy0Y;lOn@Qz^RpU%F1a*=$1}0?h?C
z!^nx{hQFoolT{8tIzn1fc6U5kBnnzR=!9OMh+kQzbsE_`UCy_jp1@CK+*g4CTtu(5kJ_0i%TGjVV3Q?h0$zd3oY(#vqSmD9qzd*{1%QeQ
z_v(930LNfp@&Vutz{QPJ4^2)AC+kEjsVQ^HMvYyQ!^09?s?eI?%>F<&g
zi(gcwmm^|oYhbiMk#ev3rL}IWJQd(c)Iyed>0nTYm0v$i1SUT!o)|dH?+~X1c;QPW
zz5=$RzZ+28M?uzKIp=4tl;>Bq_yuq9sS>=4v?F@39WGb%Lm+zn1G7h~@;O%vDvqQ>
z+MZeU20d>=1zdVm{^5Lo&K$94=+0c{D*2A;HU0%ijP3V9e~I%O8hw-{nZmid4PZ3-
zDt}Bnp67mY=~)W#r#(mDchX0=+lf34y^xd>W#9-1Y!ETc$GHXIaDAhgtI*T@Ttyzt
z1yB-ihStDl6srxtDwEjlVLx9yK0HI6zTP&Vz-@)a546;Fc|6@0CAkc`J)YU3Q`*!u
zkR7*C2H2EMwg!Ic)z4J=Tc*2(DPe!RzA3vv{TK8%6+j6m#=dk-4MTMV_cyI1qeO+b
zhz{i(+ak8!R@kHk%*U;Cr+ct9Ho@!MiCzp_Y=G|P%Jd7>bpSa73
z^)hBaivqf3-6{s@c~cR$1C8cZnke#4PL~p!9hDs!Z?c~#lpKl&+65&L_1?JYZ8=`{
zh$P2fsWmgm)3|}Z2lM48Twj}}G5{k8HMUj*
z7_(Xc54QIi9+fgzC&}^!)YIP0TfNwyH#cI*GTM|6tReWvViQkcS9`aeNOLNmG)`nN
zQ#B)*(Mel^X}K@4jE`u@3DW3+{@_2IckR|a@O#GjN8ggh%_@;Xjp`Wc;~rspX)
z$-)1uxo$TamamOTFP*D91D6VO9aa12ang>Q`2M-Ds)bOaRYa4L&KE(CAz`!3$>sudU`VU>%ikg*(5~q
zxGCE8zzO<#y+QX1WAQgXNSc{rFp*m5NYO3|5y^HUZLt0)EcOAAfHGB3CxFT
zYywjPrVsrAC-#<9X^kSR{X3hyYv8$t{SvFK<_f-b{L|6pl=`8;teu!2y{LQ6K@XIF
z$_u5JIxlsQbd_tOi67sDupyv9v0w-E2xx4vq>HeMTRHEFwTB&D*k0u`9W+i2f4;G(
z;RZM8+fHh&>`lP8?r0n#DJQ(H{dBOiAvrk5v>&I9ZwF>EjbVdr=n+z)69B=U+
z`WhDIcafeidZFkI4$$^QMq5Vq5YCyU#(ohpmJGFabAijjc3^bS0gans4s`ECXH0V&
zgLHnE$7`e!R*<9P|8D03f8s1jc)C@~Z0m@GnH+`=uy0CfuTCvI%G)v@5kn@dbc&9U
z#3j?PJK%$W4z!V9-A@;wO*(ec4XACuEq}Vfz3P8t!VbCqBdFQ5os)b0l*kiVoj;SZ
z4x~G;ps>D|0P94e;C{6tQ(n?{lR6GHwU(FaFx4j;!f7wx%*Ug&=V>U#?fx2^UNr1K
zKTIV|JDwH2H=Ze6s5ntt-}Co(Jxkrqs1;R*_EQkK{!GGO?0vKmmkVC}XW&@t02BB9
zeFm_%86DpgQ}tk*E+IQX6020fc({pTzi9@$2~uLFg1(yeDRIQfNb4AHQ5|jDeiu8Rn_Z`=sVo!M7bwr8iwZ26n3_w}pW
zdxXmrseJ2lAg}w`VsGYc#liViOUe(SS@ohGfjxZc6>^ek@cGIb5b;Q}*p$!QWsGP~
z@pNtB!BTSZnn=o!l#tA&kt_4g%*%WCw!nEUOElIX`mg-O0y`x8vKCuXn(FedPdokd
zdf2CqVTTvC97IDRaV-ePlcb%JK|8|uL)7a5#K2A&-Hqib*i|q`3K#>v1t*Ea7JC4P
zgaYh(&oNNGdcj{jK!bIzV#p*&+d)}l7MNkM>7RD@_Ke}DvA@2UCs!~&uMgbB_MzTo
z7v}J2-E!dl8iO|7Rs&Xeb|9Uk_J|kr^GcoRq^WidU8~|a;X@;WU+WeXS~-T_x(Rih
z=rCP>Mb{90xq@KN7=f(0*HP`Ej8If$-ftNNgEt3o6Ul(b66L(+SCX*~Iop$*Rjmwp
z$1`BeD9icfvqnSq?bjyxd5u#r~;vJllKH;Af_u
z9k&lj3f)l;n0M8($b_ydSfp9;LT^Ju7
zSuL;2WZo7IO!SLEOZEyFUjSvZ!)duj95_2xEZJwlumlA9OsXzAVB4!|>wRIi7$lJ-
z`(Lny)J
zxv9jvl>pAvFr@txEJcw3SOx3Ow5rIt}M>4b42nNa@D_-f5|3AsDBL;y$U_e
zt8W8(^$2(`FNfNdr_pQGcA0m45L1`GKLWyQnIl1GpBC_V?T+%eiE)7X;N-++-G?Q!
zyY$~Pw$Ti1BQJGem8v=1P-_IPl2qI~?{CY8$A#U+6U4z~^@0q+Gqc`CQuhg%RZQ`#
zUO7tmj=k#W)yp{6&4BFC4C~_iZb4D^G%pr-0GEjoGZ79Qd_Tpt(1iPcD-TsWgx&